SNS topic should not be accessible over the public internet

This page is not yet available in Spanish. We are working on its translation.
If you have any questions or feedback about our current translation project, feel free to reach out to us!

Description

Update your Amazon Simple Notification Service (SNS) topic permissions.

Rationale

Publicly-accessible topics allow unauthorized users access to receive and publish messages and subscribe to exposed topics.

Remediation

From the console

Follow the Using identity-based policies with Amazon SNS docs to learn how to create or add to a policy in the AWS Console.

From the command line

If you do not have an access control policy, create one.

  1. Select SNS Topic Policy as the type of policy.

  2. Add a statement to allow only specific IAM users and roles to have access to the topic. For example:

        Effect: `Allow`
        Principal: `arn:aws:iam::123456789012:root`
        Action: `Add permission`
        Amazon Resource Name: `arn:aws:iam::123456789012:root`
        

If you do have an access control policy, follow the add-permissions docs to add a permission to your existing policy.