Allow passing of a new variable aws_sns_topic_arn and not create an SNS topic #36
Conversation
bogdanbarna
requested review from
srhopkins and
nitrocode
and removed request for
a team
![bridgecrew[bot]](https://avatars.githubusercontent.com/in/52968?s=60&v=4){kind=small}
| create_sns_topic = var.aws_sns_topic_arn == "" | ||
| aws_sns_topic_arn = local.create_sns_topic ? aws_sns_topic.default.*.arn : [var.aws_sns_topic_arn] | ||
| } | ||
|
|
||
| resource "aws_sns_topic" "default" { |
There was a problem hiding this comment.
Ensure all data stored in the SNS topic is encrypted
Resource: aws_sns_topic.default | ID: BC_AWS_GENERAL_15
How to Fix
resource "aws_sns_topic" "user_updates" {
name = "user-updates-topic"
+ kms_master_key_id = "alias/aws/sns"
}Description
Amazon SNS is a publishers and subscribers messaging service. When you publish messages to encrypted topics, customer master keys (CMK), powered by AWS KMS, can be used to encrypt your messages.If you operate in a regulated market, such as HIPAA for healthcare, PCI DSS for finance, or FedRAMP for government, you need to ensure sensitive data messages passed in this service are encrypted at rest.
Benchmarks
- PCI-DSS V3.2 3
- FEDRAMP (MODERATE) SC-28
Calculating...
|
Hi @nitrocode it seems that the autoformat error was a transient one? Can we trigger another build and hopefully get this merged in? |
|
Hi. Sorry, totally forgot about this one. I'll take a look at the formatting issue later today and hopefully push a commit for it. Thanks. |
|
Hi. I apologize for the late reply. I'm not able to have this running again and also don't work with ClassEDU (where the fork was created) anymore. |
what
aws_sns_topic_arnlocalsblock in main.tf handles the logic of whether to create aws_sns_topic.default.why
references
Closes #34.