Encrypting the Clumio SNS topic
To Encrypt the Clumio SNS topic created in your AWS Account, you may follow the steps for either of the below scenarios.
New CloudFormation Install
- While installing the stack in your AWS account, if you have a preexisting key that you wish to use, enter the KMS key ID under the ClumioInventoryTopicEncryptionKey field.

- If you do not have a preexisting key and want Clumio to create one, please leave the above field blank, and select true for the CreateClumioInventoryTopicEncryptionKey field.

- Follow the remaining process as usual.
Update existing CloudFormation Stack
- Login to Clumio and Navigate to AWS > Connect > Account > Update to Latest
- Click on Update CloudFormation Template > Launch Stack Wizard
- When redirected to your AWS account, follow the steps above.
Validate that the SNS topic is encrypted
- Login to the AWS Management console.
- Navigate to Simple Notification Service > Topics
- Click on the topic that begins with ClumioInventoryTopic > Encryption
- Here you may verify the encryption status and the KMS key ARN

Ensure that the KMS key allows access
- Verify that the KMS policy allows access to the EventBridge and SNS services.
- You can use the following example below to allow access to the necessary services.
{
"Sid": "Allow EventBridge to use the key",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": [
"kms:GenerateDataKey*",
"kms:Decrypt"
],
"Resource": "*"
},
{
"Sid": "Allow SNS to use the key",
"Effect": "Allow",
"Principal": {
"Service": "sns.amazonaws.com"
},
"Action": [
"kms:GenerateDataKey*",
"kms:Decrypt"
],
"Resource": "*"
}
Note: Resource can be modified to be specific KMS key(s).
Updated 5 days ago