Overall

Add second account
Add health detection (CloudWatch Alarms? CloudWatch Dashboard?)
- Not enough memory in lambda function
- Lambda function timing out
- dead letter warnings

KMS

Figure out exactly what actions cloudwatch needs. kms:* is too permissive.

SNS

Allow use of custom key

SQS

Allow use of custom key