Reputation: 33
MassTransing SQS/SNS - how to enable encryption at rest on all topics
I know that to enable encryption at rest for SNS Topics I need to add topic attribute like this one
cfg.Publish<SomeEvent>(p =>
{
p.TopicAttributes.Add(QueueAttributeName.KmsMasterKeyId, "<key arn>");
});
But the problem I have is that we are using very simple configuration for aspnetcore with UsingAmazonSQS and cfg.ConfigureEndpoints(context) doing all those configurations automatically so there is no call to cfg.Publish. This is very important as we have many messages to configure. I believe the same thing for queue attributes can be achieved by registering custom implementation of IConfigureReceiveEndpoint but I can't find equivalent for topics.
How can I keep using the automatic method and add this encryption topic attribute for all topics?
Upvotes: 0
Views: 401
Answers (1)
Reputation: 33278
There isn't currently a way to apply topic attributes to all topics, but it isn't an unreasonable request for an addition. Surely someone can build it as a pull request adding to the general publish topology for Amazon SQS.
Update
I added the ability to specify attributes on the root PublishTopology which should be applied to all topics.
Used in code (from the comment below):
configure.UsingAmazonSqs((context, cfg) =>
{
cfg.PublishTopology.TopicAttributes
.Add(QueueAttributeName.KmsMasterKeyId, encryptionKeyArn);
cfg.ConfigureEndpoints(context);
});
Upvotes: 1
Related Questions
- Using AWS CLI to enable encryption for SNS topic
- MassTransit with SQS/SNS. Publish into SNS?
- Enable encryption at rest in SQS for serverless
- MassTransit 8 upgrade: usage of message encryption
- MassTransit fails to connect to existing AWS SNS/SQS
- SQS can receive encrypted message from SNS with no specific KMS permission
- How to force MassTransit to update queue settings for exisitng AWS SQS queues?
- MassTransit Server Side Encryption on Amazon AWS for SQS queues
- Simple example of Masstransit using one Queue with amazon SQS
- MassTransit Send only