Ensure that your AWS SNS topics are not using access control policies that allow HTTP subscriptions in order to protect against subscription requests that are not encrypted over the network.
When Amazon SNS topic access policies are configured to use HTTP instead of HTTPS as delivery protocol, the communication between AWS and the SNS subscription endpoints is vulnerable to eavesdropping and man-in-the-middle (MITM) attacks. Cloud Conformity strongly recommends enforcing HTTPS-only subscription by denying all regular (unencrypted) HTTP subscription requests using topic policies.
Audit
To determine if your AWS SNS topics are using unsecured access policies, perform the following actions:
Remediation / Resolution
To update your Amazon SNS topic policies in order to enforce HTTPS-only subscription, perform the following:
References
- AWS Documentation
- Amazon SNS FAQs
- Managing Access to Your Amazon SNS Topics
- Special Information for Amazon SNS Policies
- IAM Policy Elements Reference
- Example Cases for Amazon SNS Access Control
- AWS Command Line Interface (CLI) Documentation
- sns
- list-topics
- get-topic-attributes
- set-topic-attributes
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.
You are auditing:
AWS SNS Topics with Unsecured Policies
Risk Level: Low