<  Back to rules search

SNS Topic has restrictions set for publishing

sns

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Update your Amazon Simple Notification Service (SNS) topic publishing permissions.

Rationale

Setting the topic publishing permission to Everyone gives anyone access to publish on a topic. Unauthenticated users can publish malicious messages.

Remediation

Console

Follow the Preventative best practices docs to learn how to implement least-privilege access or use IAM roles for your applications and AWS services.

CLI

  1. Update your access control policy with the IAM user ARN. Configure action to SNS:Publish and include your AWS IAM ARN. Save the file.

    access-control-policy-pub.json

        {
      ...
      "Statement": [
        ...
        {
          "Sid": "console_pub",
          "Effect": "Allow",
          "Principal": {
            "AWS": "arn:aws:iam::123456789012:root"
          },
          "Action": [
            "SNS:Publish"
          ],
          ...
        }
      ]
    }

  2. Run set-topic-attributes with the ARN of the SNS topic.

    set-topic-attributes.sh

        aws sns set-topic-attributes
      --topic-arn arn:aws:sns:region:123456789012:YourTopic
      --attribute-name DisplayName
      --attribute-value YourTopicDisplayName