aws-sns: Support setting of delivery status logging with the CDK #21971
Comments
DanielBauman88
added
feature-request
github-actions
bot
added
the
@aws-cdk/aws-sns
kaizencc
added
p2
effort/medium
|
Thanks for opening the feature request, @DanielBauman88! I agree with both proposed solutions. Using a custom resource would work, but I'm wary of introducing more custom resources to the CDK without being sure of their necessity. Lets wait and see if this issue gets more support and/or wait and see if CloudFormation will come through. |
kaizencc
added
the
needs-cfn
|
Here is a CloudFormation issue tracking the same: aws-cloudformation/cloudformation-coverage-roadmap#66 As this is required to comply with security-hub I think it is a pretty strong case for its necessity. |
|
Great! As soon as this is in CloudFormation I'm happy to support this in the CDK. |
Now that this has CloudFormation support, it would be great to get this into CDK. |
|
I'm working on it. Will submit PR later. |
Recently Amazon SNS supports configuring delivery status logging with AWS CloudFormation. https://aws.amazon.com/about-aws/whats-new/2023/12/amazon-sns-configuring-delivery-status-logging-aws-cloudformation/?nc1=h_ls This is also configurable via L1 CfnTopic construct. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sns.CfnTopic.html This PR introduces the feature to add delivery status logging configuration via L2 Topic construct. Closes #21971 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
|
Recently Amazon SNS supports configuring delivery status logging with AWS CloudFormation. https://aws.amazon.com/about-aws/whats-new/2023/12/amazon-sns-configuring-delivery-status-logging-aws-cloudformation/?nc1=h_ls This is also configurable via L1 CfnTopic construct. https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sns.CfnTopic.html This PR introduces the feature to add delivery status logging configuration via L2 Topic construct. Closes aws#21971 ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*
Describe the feature
This does not appear to be supported right now.
This does not currently seem to be supported by cloudformation but the same custom resource workaround used for log retention policy could unblock cdk support.
Use Case
This lack of functionality is particularly frustrating because security hub notifies about this issue but then customers have no way to easily comply in an automated fashion using cdk/cfn (the best practice tools for deploying infra).
https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-standards-fsbp-controls.html#fsbp-sns-2
Proposed Solution
Best option: Get cloudformation support and natively support setting this property on the topic
Second best option: Support this via a custom resource built into the cdk
Other Information
No response
Acknowledgements
CDK version used
any
Environment details (OS name and version, etc.)
any
The text was updated successfully, but these errors were encountered: