Guidance on subscribing to SNS Topics

Subscribe to SNS topics to get information about your AWS Control Tower environment.

AWS Control Tower will stop sending drift notifications to SNS topic for all customers on LZ4.0+.

The aws-controltower-AllConfigNotifications SNS topic receives all events published by AWS Config, including compliance notifications and Amazon CloudWatch event notifications. For example, this topic informs you if a control violation has occurred. It also gives information about other types of events. (Learn more from AWS Config about what they publish when this topic is configured.)
Data Events from the aws-controltower-BaselineCloudTrail trail are set to publish to the aws-controltower-AllConfigNotifications SNS topic as well.
To receive detailed compliance notifications, we recommend that you subscribe to the aws-controltower-AllConfigNotifications SNS topic. This topic aggregates compliance notifications from all child accounts.
To receive drift notifications and other notifications as well as compliance notifications, but fewer notifications overall, we recommend that you subscribe to the aws-controltower-AggregateSecurityNotifications SNS topic.
To receive notifications about AWS Control Tower Account Factory for Terraform (AFT) errors, you can subscribe to an SNS topic called aft_failure_notifications, shown in the AFT repository. For example:
```
resource "aws_sns_topic" "aft_failure_notifications" {
    name = "aft-failure-notifications"
    kms_master_key_id = "alias/aws/sns"
}
```
All SNS topics are encrypted at rest with disk encryption. for more information, see Data encryption.

For more information about SNS topics and compliance, see Prevention and notification.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Account Factory guidance

Guidance for KMS keys