SNS topic should not be accessible over the public internet

Docs > Datadog Security > OOTB Rules > SNS topic should not be accessible over the public internet

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Update your Amazon Simple Notification Service (SNS) topic permissions.

Rationale

Publicly-accessible topics allow unauthorized users access to receive and publish messages and subscribe to exposed topics.

Remediation

From the console

Follow the Using identity-based policies with Amazon SNS docs to learn how to create or add to a policy in the AWS Console.

From the command line

If you do not have an access control policy, create one.

Select SNS Topic Policy as the type of policy.

Add a statement to allow only specific IAM users and roles to have access to the topic. For example:

    Effect: `Allow`
    Principal: `arn:aws:iam::123456789012:root`
    Action: `Add permission`
    Amazon Resource Name: `arn:aws:iam::123456789012:root`
    

If you do have an access control policy, follow the add-permissions docs to add a permission to your existing policy.