<  Back to rules search

SNS Topic is not publicly accessible

sns

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Update your Amazon Simple Notification Service (SNS) topic permissions.

Rationale

Publicly-accessible topics allow unauthorized users access to receive and publish messages and subscribe to exposed topics.

Remediation

Console

Follow the Using identity-based policies with Amazon SNS docs to learn how to create or add to a policy in the AWS Console.

CLI

If you do not have an access control policy, create one.

  1. Select SNS Topic Policy as the type of policy.

  2. Add a statement to allow only specific IAM users and roles to have access to the topic. For example:

        Effect: `Allow`
        Principal: `arn:aws:iam::123456789012:root`
        Action: `Add permission`
        Amazon Resource Name: `arn:aws:iam::123456789012:root`
        

If you do have an access control policy, follow the add-permissions docs to add a permission to your existing policy.