SNS topic should not be accessible over the public internet

Description

Update your Amazon Simple Notification Service (SNS) topic permissions.

Rationale

Publicly-accessible topics allow unauthorized users access to receive and publish messages and subscribe to exposed topics.

Remediation

From the console

Follow the Using identity-based policies with Amazon SNS docs to learn how to create or add to a policy in the AWS Console.

From the command line

If you do not have an access control policy, create one.

  1. Select SNS Topic Policy as the type of policy.

  2. Add a statement to allow only specific IAM users and roles to have access to the topic. For example:

        Effect: `Allow`
        Principal: `arn:aws:iam::123456789012:root`
        Action: `Add permission`
        Amazon Resource Name: `arn:aws:iam::123456789012:root`
        

If you do have an access control policy, follow the add-permissions docs to add a permission to your existing policy.