Skip to content

SNS: Enforce SSL with Prop #29142

@jlosito

Description

@jlosito

Describe the feature

I'd like the ability to enforce SSL on an SNS topic in a similar fashion as the Bucket construct. The Bucket construct has a property, enforceSSL, that will automatically update the bucket policy and enforce SSL. I'd like something similar that will automatically update the topic policy.

https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_s3.Bucket.html#enforcessl

Use Case

In the AwsSolutionsChecks within cdk-nag, there is a rule that requires SSL on SNS Topics, AwsSolutions-SNS3. Given that is a recommended practice, I believe setting an SNS Topic's policy so that it requires SSL would be a typical scenario. Since it's a typical scenario, I'd like a property to do it for me rather than having to write up a TopicPolicy every time.

https://github.com/cdklabs/cdk-nag/blob/main/RULES.md

Proposed Solution

new Topic(this, 'MyTopic', {
    enforceSSL: true,
});

Other Information

No response

Acknowledgements

  • I may be able to implement this feature request
  • This feature might incur a breaking change

CDK version used

2.126.0

Environment details (OS name and version, etc.)

macOS 14.3

Metadata

Metadata

Assignees

No one assigned

    Labels

    @aws-cdk/aws-snsRelated to Amazon Simple Notification Serviceeffort/mediumMedium work item – several days of effortfeature-requestA feature should be added or improved.p2

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions