AWS Security ChangesHomeSearch

AWS sns documentation change

Service: sns · 2025-02-26 · Documentation low

File: sns/latest/dg/fifo-message-security.md

Summary

Restructured content about enabling encryption for FIFO topics/queues using AWS KMS, clarifying encryption scope (body only) and implementation options.

Security assessment

The change documents encryption capabilities (security feature) but does not address a specific vulnerability or incident.

Diff

diff --git a/sns/latest/dg/fifo-message-security.md
index 70b059f84..ec6cdbc35 100644
--- a/sns/latest/dg/fifo-message-security.md
+++ b/sns/latest/dg/fifo-message-security.md
@@ -7 +7,8 @@
-You can choose to have Amazon SNS and Amazon SQS encrypt messages sent to FIFO topics and queues, using [AWS Key Management Service (AWS KMS)](https://aws.amazon.com/kms/) [customer master keys (CMKs)](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys). You can create encrypted FIFO topics and queues, or choose to encrypt existing FIFO topics and queues. Amazon SNS and Amazon SQS encrypt only the body of the message. They don't encrypt the message attributes, resource metadata, or resource metrics.
+You can enable encryption for Amazon SNS FIFO topics and Amazon SQS FIFO queues using [AWS Key Management Service (AWS KMS)](https://aws.amazon.com/kms/) [customer master keys (CMKs)](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#master_keys).
+
+  * You can create new encrypted FIFO topics and queues or enable encryption for existing ones.
+
+  * Only the message body is encrypted. Message attributes, resource metadata, and resource metrics remain unencrypted. 
+
+
+