Sign in to the Amazon SNS console.

On the navigation panel, choose Topics.

On the Topics page, select a topic and choose Actions, Edit.

Expand the Encryption section and do the following:

1. Choose Enable encryption.

2. Specify the customer master key (CMK).

   For each CMK type, the Description, Account, and CMK ARN are displayed.

   Important

   If you aren’t the owner of the CMK, or if you log in with an account that doesn’t have the kms:ListAliases and kms:DescribeKey permissions, you won’t be able to view information about the CMK on the Amazon SNS console.

   • The AWS managed CMK for Amazon SNS (Default) alias/aws/sns is selected by default.

     Note

     Keep the following in mind:

     • The first time you use the AWS Management Console to specify the AWS managed CMK for Amazon SNS for a topic, AWS KMS creates the AWS managed CMK for Amazon SNS.

     • Alternatively, the first time you use the Publish action on a topic with SSE enabled, AWS KMS creates the AWS managed CMK for Amazon SNS.

   • To use a custom CMK from your AWS account, choose the Customer master key (CMK) field and then select the custom CMK from the list.

   • To use a custom CMK ARN from your AWS account or from another AWS account, enter it into the Customer master key (CMK) field.

Choose Save changes.

SSE is enabled for your topic and the MyTopic page is displayed.

The topic’s Encryption status, AWS Account, Customer master key (CMK), CMK ARN, andDescription are displayed on the Encryption tab.