Ensure there is no policy with an invalid principal key for Amazon Simple Notification Service (SNS) Topic

LOW

Description

Setting a Principal in an access policy will effectively grant users, accounts, or services with access to each SNS Topic. For more information on how to properly assign a Principal within the SNS policy, see the AWS documentation.
References:
https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html

Remediation

In AWS Console -

Sign in to the AWS console and go to the SNS console.
In the Navigation pane, select Topics.
In the list of Topics, select the Topic to edit.
Expand the Access section, and then edit the policy.
Select Save changes.

In Terraform -

Review the policy attached to the aws_sns_topic resource and ensure necessary changes are made.

References:
https://docs.aws.amazon.com/sns/latest/dg/sns-access-policy-use-cases.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic

Policy Details

Rule Reference ID: AC_AWS_0484

CSP: AWS

Remediation Available: Yes

Domain: Identity and Access Management

Resource: aws_sns_topic

Resource Category: Messaging

Resource Type: Simple Notification Service (SNS)

Frameworks

GDPR
NIST-800-171
NIST-800-53
NIST-CSF
HIPAA