Ensure SNS topic policy is not public by only allowing specific services or principals to access it
Error: SNS topic policy is public and access is not restricted to specific services or principals
Bridgecrew Policy ID: BC_AWS_GENERAL_92
Checkov Check ID: CKV_AWS_169
Severity: MEDIUM
SNS topic policy is public and access is not restricted to specific services or principals
Description
TBD
Fix - Buildtime
Terraform
- Resource: aws_sns_topic_policy
- Argument: Statement
resource "aws_sns_topic_policy" "sns_tp1" {
...
policy = <<POLICY
{
"Version":"2012-10-17",
"Statement":[
{
"Principal": "*",
+ "Effect": "Deny",
"Action": [
"SNS:Subscribe",
"SNS:SetTopicAttributes",
"SNS:RemovePermission",
"SNS:Receive",
"SNS:Publish",
"SNS:ListSubscriptionsByTopic",
"SNS:GetTopicAttributes",
"SNS:DeleteTopic",
"SNS:AddPermission",
],
"Resource": "${aws_sns_topic.test.arn}"
}
]
}
POLICY
}
Updated about 1 month ago
Did this page help you?