- 필수 기능
- 시작하기
- Glossary
- 표준 속성
- Guides
- Agent
- 통합
- 개방형텔레메트리
- 개발자
- Administrator's Guide
- API
- Datadog Mobile App
- CoScreen
- Cloudcraft
- 앱 내
- 서비스 관리
- 인프라스트럭처
- 애플리케이션 성능
- APM
- Continuous Profiler
- 스팬 시각화
- 데이터 스트림 모니터링
- 데이터 작업 모니터링
- 디지털 경험
- 소프트웨어 제공
- 보안
- AI Observability
- 로그 관리
- 관리
Update your Amazon Simple Notification Service (SNS) topic resource-based policy to prevent unintended access to the resource.
When a *
is specified as a Principal
, along with an Allow
Effect
it grants anyone the ability to perform actions on a resource. In this situation, if the policy includes the sns:Subscribe
Action
, it would permit anyone the ability to receive messages from the topic, resulting in an impact to the confidentiality of the application.
Follow the Preventative best practices docs to learn how to implement least-privilege access or use IAM roles for your applications and AWS services.
Update your resource-based policy with an appropriate Principal
ARN or a Condition
element. Save the file as policy.json
.
{
...
"Statement": [
...
{
"Sid": "console_sub",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:root"
},
"Action": [
"SNS:Subscribe"
],
...
}
]
}
Run set-topic-attributes
with the ARN of the SNS topic.
aws sns set-topic-attributes \
--topic-arn arn:aws:sns:region:123456789012:YourTopic \
--attribute-name Policy \
--attribute-value file://policy.json