diff --git a/cloudwatchlogs-with-dlq/DLQLambdaCloudFormation.json b/cloudwatchlogs-with-dlq/DLQLambdaCloudFormation.json
index a63133c..189fe72 100644
--- a/cloudwatchlogs-with-dlq/DLQLambdaCloudFormation.json
+++ b/cloudwatchlogs-with-dlq/DLQLambdaCloudFormation.json
@@ -12,6 +12,11 @@
         "Default": "test@gmail.com",
         "Description": "Enter your email for receiving alerts.You will receive confirmation email after the deployment is complete, confirm it to subscribe for alerts."
       },
+      "SNSTopicKMSKey": {
+        "Type": "String",
+        "Default": "",
+        "Description": "Optional KMS key id to encrypt messages on the email SNS topic."
+      },
       "NumOfWorkers": {
         "Type": "Number",
         "Default": 4,
@@ -63,6 +68,9 @@
             "ap-southeast-3": {"bucketname": "appdevzipfiles-ap-southeast-3"}
         }
     },
+    "Conditions": {
+        "HasSNSTopicKey": { "Fn::Not": [ { "Fn::Equals": [ { "Ref": "SNSTopicKMSKey" }, "" ] } ] }
+    },
     "Resources": {
         "SumoCWLogGroup": {
             "Type": "AWS::Logs::LogGroup",
@@ -322,7 +330,8 @@
                 "Subscription":[ {
                     "Endpoint" : {"Ref": "EmailID"},
                     "Protocol" : "email"
-                }]
+                }],
+                "KmsMasterKeyId": { "Fn::If" : [ "HasSNSTopicKey", { "Ref": "SNSTopicKMSKey" }, { "Ref": "AWS::NoValue" } ] }
             }
         },
         "SumoCWSpilloverAlarm":{
diff --git a/cloudwatchlogs-with-dlq/DLQLambdaCloudFormationWithSecuredEndpoint.json b/cloudwatchlogs-with-dlq/DLQLambdaCloudFormationWithSecuredEndpoint.json
index ac1b721..56596f8 100644
--- a/cloudwatchlogs-with-dlq/DLQLambdaCloudFormationWithSecuredEndpoint.json
+++ b/cloudwatchlogs-with-dlq/DLQLambdaCloudFormationWithSecuredEndpoint.json
@@ -12,6 +12,11 @@
         "Default": "test@gmail.com",
         "Description": "Enter your email for receiving alerts.You will receive confirmation email after the deployment is complete, confirm it to subscribe for alerts."
       },
+      "SNSTopicKMSKey": {
+        "Type": "String",
+        "Default": "",
+        "Description": "Optional KMS key id to encrypt messages on the email SNS topic."
+      },
       "NumOfWorkers": {
         "Type": "Number",
         "Default": 4,
@@ -63,6 +68,9 @@
             "ap-southeast-3": {"bucketname": "appdevzipfiles-ap-southeast-3"}
         }
     },
+    "Conditions": {
+        "HasSNSTopicKey": { "Fn::Not": [ { "Fn::Equals": [ { "Ref": "SNSTopicKMSKey" }, "" ] } ] }
+    },
     "Resources": {
         "SumoCWLogGroup": {
             "Type": "AWS::Logs::LogGroup",
@@ -362,7 +370,8 @@
                 "Subscription":[ {
                     "Endpoint" : {"Ref": "EmailID"},
                     "Protocol" : "email"
-                }]
+                }],
+                "KmsMasterKeyId": { "Fn::If" : [ "HasSNSTopicKey", { "Ref": "SNSTopicKMSKey" }, { "Ref": "AWS::NoValue" } ] }
             }
         },
         "SumoCWSpilloverAlarm":{