Free Assessment

Amazon_SNS_7

Ensure SNS Cross Account Access is not enabled

Description

Using overly permissive policies that allow unknown cross-account access to your SNS topics can produce to unauthorized actions such as intercepting and publishing messages or subscribing to the exposed topics. To prevent data leaks and unexpected charges on your AWS bill you need to grant access only to the trusted accounts by implementing the right SNS policies.

Remediation

Perform the following steps to disable cross-account access:

  1. Sign in to the AWS Management Console.
  2. Navigate to SNS dashboard at https://console.aws.amazon.com/sns/v2/.
  3. In the left navigation panel, under the SNS Dashboard, select Topics.
  4. Select the SNS topic that you want to examine.
  5. Inside the Edit topic policy dialog box, select Advanced view tab and replace the existing (untrusted) AWS identifier(s) defined as the Principal element value(s) with the trusted one(s).
  6. Click Update policy to apply for the new permissions. The AWS SNS dashboard should display now the “Successfully edited topic policy.” confirmation message.
  7. Change the AWS region from the navigation bar and repeat the process for other regions.

Service

SNS

Severity

High

Compliance

Mapping

Want to Know More?

Learn how our partners are managing their cloud security and compliance with Cloudlytics.

I hereby accept the GDPR and Privacy Policy, by subscribing to the newsletters.

Cloudlytics

Solutions

Resources

Company

Legal

Facebook Twitter Linkedin Youtube
Start Free Trial
Login

CLOSE

We are now live on AWS Marketplace.
The integrated view of your cloud infrastructure is now easier than ever!

Learn More