add more info

SonarSource · Nov 26, 2024 · 473b60a · 473b60a
1 parent 10bc7c7
commit 473b60a
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/rules/S6327/metadata.json b/rules/S6327/metadata.json
@@ -10,7 +10,7 @@
   "status": "ready",
   "remediation": {
     "func": "Constant\/Issue",
-    "constantCost": "10min"
+    "constantCost": "45min"
   },
   "tags": [
     "aws",

diff --git a/rules/S6327/recommended.adoc b/rules/S6327/recommended.adoc
@@ -5,4 +5,9 @@ It is recommended to encrypt SNS topics that contain sensitive information.
 To do so, create a master key and affect the SNS topic to it. Without a master
 key, the SNS topic is not encrypted by default.
 
+Then, make sure that any publishers have the ``++kms:GenerateDataKey*++`` and
+``++kms:Decrypt++`` permissions for the AWS KMS key.
+
+See https://docs.aws.amazon.com/sns/latest/dg/sns-key-management.html#sns-what-permissions-for-sse[AWS SNS Key Management Documentation]
+for more information.