Ensure that Amazon Config service is referencing an active Simple Notification Service (SNS) topic in order to send configuration changes notifications to your SNS subscription endpoints for monitoring. These notifications supply useful information regarding each configuration item created by AWS Config and provide a delivery status for each configuration snapshot and configuration history generated by the service.
When AWS Config is not referencing an active SNS topic, Amazon cannot send notifications to your subscription endpoints anymore, therefore you lose the ability to monitor the configuration changes made within your AWS account via email (or any other communication protocol provided by SNS).
To determine if Amazon Config service is missing the ability to send notifications due to inactive SNS topic, perform the following actions:
Remediation / Resolution
To update Amazon Config service configurations that reference missing SNS topics, perform the following:
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
AWS Config Referencing Missing SNS Topic
Risk level: Medium