SNS Topic is Publicly Accessible

  • Query id: b26d2b7e-60f6-413d-a3a1-a57db24aa2b3
  • Query name: SNS Topic is Publicly Accessible
  • Platform: Terraform
  • Severity: High
  • Category: Access Control
  • URL: Github

Description

SNS Topic Policy should not allow any principal to access
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file
resource "aws_sns_topic" "positive1" {
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "*",
"Principal": {
  "AWS": "*"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file
resource "aws_sns_topic" "negative1" {
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "*",
"Principal": {
  "AWS": "arn:aws:iam::##account_number##:root"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}