01 Run list-subscriptions command (OSX/Linux/UNIX) with custom query filters to list the Amazon Resource Name for each AWS SNS subscription available in the selected region:
aws sns list-subscriptions
--region us-east-1
--query 'Subscriptions[*].SubscriptionArn'
02 The command output should return the requested subscription ARNs:
[
"arn:aws:sns:us-east-1:123456789012:cc-web-sns-topic:12345678-39dc-4669-961b-aaabbbcccddd",
"arn:aws:sns:us-east-1:123456789012:cc-web-sns-topic:12345678-603b-4a82-b29d-aaabbbcccddd"
]
03 Run get-subscription-attributes command (OSX/Linux/UNIX) using the subscription ARN returned at the previous step as identifier and custom query filters to describe the configuration attributes of the selected AWS SNS subscription:
aws sns get-subscription-attributes
--region us-east-1
--subscription-arn arn:aws:sns:us-east-1:123456789012:cc-web-sns-topic:12345678-39dc-4669-961b-aaabbbcccddd
04 The command output should return the requested attributes:
{
"Attributes": {
"Endpoint": "daniel@cloudconformity.com",
"Protocol": "email",
"RawMessageDelivery": "false",
"ConfirmationWasAuthenticated": "false",
"Owner": "123456789012",
"SubscriptionArn": "arn:aws:sns:us-east-1:123456789012:cc-web-sns-topic:12345678-39dc-4669-961b-aaabbbcccddd",
"TopicArn": "arn:aws:sns:us-east-1:123456789012:cc-web-sns-topic"
}
}
05 Based on the information returned at the previous step, evaluate the topic ARN, available as value for "TopicArn" attribute and the endpoint assigned to the subscription, available as value for "Endpoint" attribute, to determine if the subscriber is appropriate and can receive information published to the assigned topic (in this case arn:aws:sns:us-east-1:123456789012:cc-web-sns-topic). If the subscriber is evaluated as unwanted, the selected Amazon SNS subscription is marked as inappropriate and can be safely removed from your AWS account.
06 Repeat steps no. 3 – 5 to evaluate other Amazon SNS subscriptions available in the current region.
07 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 - 6 to perform the audit process for other regions.