Ensure that none of the Amazon SNS subscriptions created within your AWS account are using HTTP instead of HTTPS as delivery protocol in order to enforce SSL encryption for all subscription requests.
When an AWS SNS subscription is configured to utilize the HTTP protocol instead of HTTPS, the communication between Amazon and the subscription endpoint is vulnerable to malicious activity such as eavesdropping and network sniffing. Cloud Conformity strongly recommends using only HTTPS-based subscriptions by implementing secure SNS topic policies and favor HTTPS over HTTP during the subscription creation process.
Audit
To determine if your AWS SNS subscriptions are using HTTP instead of HTTPS as delivery protocol, perform the following actions:
Remediation / Resolution
To implement the HTTPS protocol within your existing Amazon SNS subscriptions configuration you need to re-create and confirm these subscriptions by performing the following actions:
References
- AWS Documentation
- Amazon SNS FAQs
- Sending Amazon SNS Messages to HTTP/HTTPS Endpoints
- Subscribe to a Topic
- AWS Command Line Interface (CLI) Documentation
- sns
- list-subscriptions
- get-subscription-attributes
- subscribe
- confirm-subscription
- unsubscribe
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
AWS SNS HTTP Subscriptions
Risk Level: Medium