Unencrypted SNS topic TF-AWS016
Security
Major
Queues should be encrypted with customer managed KMS keys and not default AWS managed keys, in order to allow granular control over access to specific queues.
Examples
Bad practice
resource "aws_sns_topic" "my-topic" {
# no key id specified
}
Recommended
resource "aws_sns_topic" "my-topic" {
kms_master_key_id = "/blah"
}