Ensure SNS topic policy is not public by only allowing specific services or principals to access it

Error: SNS topic policy is public and access is not restricted to specific services or principals

Bridgecrew Policy ID: BC_AWS_GENERAL_92
Checkov Check ID: CKV_AWS_169
Severity: MEDIUM

SNS topic policy is public and access is not restricted to specific services or principals

Description

TBD

Fix - Buildtime

Terraform

  • Resource: aws_sns_topic_policy
  • Argument: Statement
resource "aws_sns_topic_policy" "sns_tp1" {
    ...
  policy = <<POLICY
{
    "Version":"2012-10-17",
    "Statement":[
       {
          "Principal": "*",
    +     "Effect": "Deny",
          "Action": [
            "SNS:Subscribe",
            "SNS:SetTopicAttributes",
            "SNS:RemovePermission",
            "SNS:Receive",
            "SNS:Publish",
            "SNS:ListSubscriptionsByTopic",
            "SNS:GetTopicAttributes",
            "SNS:DeleteTopic",
            "SNS:AddPermission",
          ],
          "Resource": "${aws_sns_topic.test.arn}"
       }
    ]
}
POLICY
}

Did this page help you?