-
Notifications
You must be signed in to change notification settings - Fork 4.2k
Description
Describe the feature
I'd like the ability to enforce SSL on an SNS topic in a similar fashion as the Bucket construct. The Bucket construct has a property, enforceSSL
, that will automatically update the bucket policy and enforce SSL. I'd like something similar that will automatically update the topic policy.
https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html#enforcessl
Use Case
In the AwsSolutionsChecks
within cdk-nag, there is a rule that requires SSL on SNS Topics, AwsSolutions-SNS3
. Given that is a recommended practice, I believe setting an SNS Topic's policy so that it requires SSL would be a typical scenario. Since it's a typical scenario, I'd like a property to do it for me rather than having to write up a TopicPolicy every time.
https://github.com/cdklabs/cdk-nag/blob/main/RULES.md
Proposed Solution
new Topic(this, 'MyTopic', {
enforceSSL: true,
});
Other Information
No response
Acknowledgements
- I may be able to implement this feature request
- This feature might incur a breaking change
CDK version used
2.126.0
Environment details (OS name and version, etc.)
macOS 14.3