4.1 Ensure a SNS topic is created for sending out notifications from Cloudtwatch Alarms and Auto-Scaling Groups - CloudwatchAlarms

Information

For the Cloudwatch alarms and Auto-Scaling Groups to be able to send out notifications, a SNS topic should be created.

Amazon Simple Notification Service (Amazon SNS) is a web service that coordinates and manages the delivery or sending of messages to subscribing endpoints or clients.

When using Amazon SNS, you (as the owner) create a topic and control access to it by defining policies that determine which publishers and subscribers can communicate with the topic.
Cloudwatch alarms and certain actions inside Auto-Scaling Groups needs to be sent out to administrators, in order to be acted upon.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Using the Amazon unified CLI:

* Create a new topic, and note the topic-arn value:

aws sns create-topic --name _<sns_topic_name>_

* Create a subscription to the new topic:

aws sns subscribe --topic-arn <sns_topic_arn> --protocol _<protocol_for_sns>_ --notification-endpoint _<sns_subscription_endpoints>_

See Also

https://workbench.cisecurity.org/files/260

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4(5)

Plugin: amazon_aws

Control ID: 64d241961ef83efb3d1aa00b68c454d76010e170884f7cc48712861822b4a1f1