Ensure public access is disabled for Amazon Simple Notification Service (SNS)

HIGH

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In AWS Console -

Sign in to the AWS console and go to the SNS console.
In the Navigation pane, select Topics.
In the list of Topics, select the Topic to edit.
Expand the Access section, and then edit the policy.
Select Save changes.

In Terraform -

Review the policy attached to the aws_sns_topic resource and ensure necessary changes are made.

References:
https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic

Policy Details

Rule Reference ID: AC_AWS_0385

CSP: AWS

Remediation Available: Yes

Domain: Identity and Access Management

Resource: aws_sns_topic

Resource Category: Messaging

Resource Type: Simple Notification Service (SNS)

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
SOC2

Detections

Analytics