New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SNS: Enforce SSL with Prop #29142
Labels
@aws-cdk/aws-sns
Related to Amazon Simple Notification Service
effort/medium
Medium work item – several days of effort
feature-request
A feature should be added or improved.
p2
Comments
jlosito
added
feature-request
A feature should be added or improved.
needs-triage
This issue or PR still needs to be triaged.
labels
Feb 16, 2024
github-actions
bot
added
the
@aws-cdk/aws-sns
Related to Amazon Simple Notification Service
label
Feb 16, 2024
jlosito
changed the title
(module name): (short issue description)
SNS: Enforce SSL with Prop
Feb 16, 2024
I am not sure if we should expose that to the L2 props but feel free to submit a PR to move this forward. Thank you! |
pahud
added
p2
effort/medium
Medium work item – several days of effort
and removed
needs-triage
This issue or PR still needs to be triaged.
labels
Feb 19, 2024
mergify bot
pushed a commit
that referenced
this issue
Feb 20, 2024
Adds a statement to match the document in the [docs](https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit): ``` { "Id": "ExamplePolicy", "Version": "2012-10-17", "Statement": [ { "Sid": "AllowPublishThroughSSLOnly", "Action": "SNS:Publish", "Effect": "Deny", "Resource": [ "arn:aws:sns:us-east-1:1234567890:test-topic" ], "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Principal": "*" } ] } ``` Closes #29142. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
GavinZZ
pushed a commit
that referenced
this issue
Feb 22, 2024
Adds a statement to match the document in the [docs](https://docs.aws.amazon.com/sns/latest/dg/sns-security-best-practices.html#enforce-encryption-data-in-transit): ``` { "Id": "ExamplePolicy", "Version": "2012-10-17", "Statement": [ { "Sid": "AllowPublishThroughSSLOnly", "Action": "SNS:Publish", "Effect": "Deny", "Resource": [ "arn:aws:sns:us-east-1:1234567890:test-topic" ], "Condition": { "Bool": { "aws:SecureTransport": "false" } }, "Principal": "*" } ] } ``` Closes #29142. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Labels
@aws-cdk/aws-sns
Related to Amazon Simple Notification Service
effort/medium
Medium work item – several days of effort
feature-request
A feature should be added or improved.
p2
Describe the feature
I'd like the ability to enforce SSL on an SNS topic in a similar fashion as the Bucket construct. The Bucket construct has a property,
enforceSSL
, that will automatically update the bucket policy and enforce SSL. I'd like something similar that will automatically update the topic policy.https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html#enforcessl
Use Case
In the
AwsSolutionsChecks
within cdk-nag, there is a rule that requires SSL on SNS Topics,AwsSolutions-SNS3
. Given that is a recommended practice, I believe setting an SNS Topic's policy so that it requires SSL would be a typical scenario. Since it's a typical scenario, I'd like a property to do it for me rather than having to write up a TopicPolicy every time.https://github.com/cdklabs/cdk-nag/blob/main/RULES.md
Proposed Solution
Other Information
No response
Acknowledgements
CDK version used
2.126.0
Environment details (OS name and version, etc.)
macOS 14.3
The text was updated successfully, but these errors were encountered: