Ensures SNS topics do not allow global send or subscribe.
SNS policies should not be configured to allow any AWS user to subscribe or send messages. This could result in data leakage or financial DDoS.
Follow the appropriate remediation steps below to resolve the issue.
Log in to the AWS Management Console.
Select the “Services” option and search for SNS.
In the left navigation panel, select Topics under SNS Dashboard.
Select the Topic by clicking on the ID.
In the Topic configuration page, scroll down and click on “Access policy” tab.
Check the value of “Prinicipal” key. If it’s set to (*) everyone then this topic allows access to everyone.
To change the access policy, click on the “Edit” button at the top of the page.
On the “Edit topic” page, scroll down to “Access policy” and in the “JSON editor” change the “Principal” key with the correct IAM role ARN eg. arn:aws:iam::066531304300:user/dev27.
Click on “Save changes” button at the bottom of the page.
Repeat step 3-9 for all other SNS Topics across all regions.