UPD: added custom kms key support. the default alias/aws/sns key does not work.

modules/ManagementGovernance/acm-cert-expiry-notice/README.md

@@ -67,11 +67,12 @@ An error occurred (ValidationException) when calling the PutAccountConfiguration
 
 ## Inputs
 
-| Name | Description                                         | Type | Default | Required |
-|------|-----------------------------------------------------|------|---------|:--------:|
-| days-before-expiry | ACM DaysBeforeExpiry account configuration          | `number` | `45` | no |
+| Name | Description | Type | Default | Required |
+|------|-------------|------|---------|:--------:|
+| days-before-expiry | ACM DaysBeforeExpiry account configuration | `number` | `45` | no |
 | email-addresses | Set of email addresses to receive SNS notifications | `set(string)` | n/a | yes |
-| res-prefix | Resource name prefix                                | `string` | `"aws"` | no |
+| res-prefix | Resource name prefix | `string` | `"aws"` | no |
+| sns-kms-key-arn | ARN of KMS key used for SNS encryption | `string` | `null` | no |
 
 ## Outputs
 
@@ -79,4 +80,4 @@ No outputs.
  
 ---
 ## Authorship
-This module was developed by xpk.
+This module was developed by UPDATE_THIS.

modules/ManagementGovernance/acm-cert-expiry-notice/main.tf

@@ -45,8 +45,8 @@ module "awscli" {
 
 # SNS topic and subscription
 resource "aws_sns_topic" "ssl-cert-expiry-notice" {
-  name = "${var.res-prefix}-ssl-cert-expiry-notice-${random_id.this.dec}"
-  # kms_master_key_id = "alias/aws/sns"
+  name              = "${var.res-prefix}-ssl-cert-expiry-notice-${random_id.this.dec}"
+  kms_master_key_id = var.sns-kms-key-arn
 }
 
 resource "aws_sns_topic_policy" "default" {

modules/ManagementGovernance/acm-cert-expiry-notice/variables.tf

@@ -15,3 +15,8 @@ variable "res-prefix" {
   default     = "aws"
 }
 
+variable "sns-kms-key-arn" {
+  type        = string
+  description = "ARN of KMS key used for SNS encryption"
+  default     = null
+}