SNS topic should not be accessible over the public internet

sns
このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Update your Amazon Simple Notification Service (SNS) topic permissions.

Rationale

Publicly-accessible topics allow unauthorized users access to receive and publish messages and subscribe to exposed topics.

Remediation

From the console

Follow the Using identity-based policies with Amazon SNS docs to learn how to create or add to a policy in the AWS Console.

From the command line

If you do not have an access control policy, create one.

  1. Select SNS Topic Policy as the type of policy.

  2. Add a statement to allow only specific IAM users and roles to have access to the topic. For example:

        Effect: `Allow`
        Principal: `arn:aws:iam::123456789012:root`
        Action: `Add permission`
        Amazon Resource Name: `arn:aws:iam::123456789012:root`
        

If you do have an access control policy, follow the add-permissions docs to add a permission to your existing policy.