You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This commit was created on GitHub.com and signed with GitHub’s verified signature.
The key has expired.
Fix: Disable non-CMK for SNS, Create CMK with Sufficient Resource-based Policy to Allow Cloudwatch to Publish to SNS @korenyoni (#36)
what
Disable use of amazon-managed KMS key
Use user-supplied CMK if var.kms_master_key_id is not null
If var.kms_master_key_id is null, create a CMK for SNS topic for encryption of CloudTrailTrailBreach SNS topic and allow CloudWatch to encrypt messages published to the SNS topic.
why
The SNS topic must be encrypted with a KMS key that allows the CloudWatch service to use it. Messages will fail to be published when using the amazon-managed default KMS key for SNS.