Protect data in transit when two lambda communicate via AWS SNS (simple notification service)



I am working on serverless architecture using AWS lambda where multiple modules/lambdas communicate via SNS (simple notification service).

Due to compliance requirement that data in transit should be secure and encrypted, do I need to do that manually or SNS natively supports it?


It is. Your communication to SNS (i.e. the API endpoint) is encrypted using TLS (SSL), and the triggering process (i.e. SNS > Lambda) happens “under the hood” and is presumably encrypted too (ask your friendly AWS SA/TAM for more details).

For an added layer of security you could conceivably encrypt your SNS message payload, but you’d have to do that in your application, as SNS doesn’t have built-in encryption of payloads.

Here’s a similar answer on SO.