Amazon_SNS_1

Ensure SNS Topics do not 'Allow Everyone' To Publish

Description

Amazon Simple Notification Service (Amazon SNS) is a web service that coordinates and manages the delivery or sending of messages to subscribing endpoints or clients. In Amazon SNS, there are two types of clients—publishers and subscribers—also referred to as producers and consumers. Publishers communicate asynchronously with subscribers by producing and sending a message to a topic, which is a logical access point and communication channel. Subscribers (i.e., web servers, email addresses, Amazon SQS queues, AWS Lambda functions) consume or receive the message or notification over one of the supported protocols (i.e., Amazon SQS, HTTP/S, email, SMS, Lambda) when they are subscribed to the topic

Remediation

Perform the following in the AWS Management Console:
1. Login to the AWS account as root

2. Select SNS service from services

3. Click on topics on left hand side and select single topic

4. Click on Actions drop down and select edit topic policy

5. Select ‘Advanced view’ option and Check the Policy field for the presence of:

  • { Effect”:”Allow”, “Principal”:{ “AWS”:”*” }, “Action”:”SNS:Publish”, “Resource”:”” }

6. Edit your existing policy by replacing the above snippet “Principal”:{“AWS” : “*”} with “Principal”:{“AWS” : “”}

References:

  1. http://docs.aws.amazon.com/cli/latest/reference/sns/list-topics.html
  2. http://docs.aws.amazon.com/cli/latest/reference/sns/get-topic-attributes.html
  3. http://docs.aws.amazon.com/cli/latest/reference/sns/set-topic-attributes.html
  4. http://docs.aws.amazon.com/sns/latest/dg/UsingIAMwithSNS.html#ExamplePolicies_SNS

Service

SNS

Severity

Low

Compliance

Mapping

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!