BOM - AWS SNS
- Query id: eccc4d59-74b9-4974-86f1-74386e0c7f33
- Query name: BOM - AWS SNS
- Platform: Terraform
- Severity: Trace
- Category: Bill Of Materials
- CWE: 532
- URL: Github
Description¶
A list of SNS resources specified. Amazon Simple Notification Service (Amazon SNS) is a fully managed messaging service for both application-to-application (A2A) and application-to-person (A2P) communication.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 2 - tf file
resource "aws_sns_topic" "positive2" {
name = "user-updates-topic"
}
resource "aws_sns_topic_policy" "positive2" {
arn = aws_sns_topic.positive2.arn
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSConfigSNSPolicy20180202",
"Action": [
"*"
],
"Effect": "Allow",
"Resource": "aws_sns_topic.positive2.arn",
"Principal": {
"AWS": "*"
}
}
]
}
EOF
}
Positive test num. 3 - tf file
resource "aws_sns_topic" "positive3" {
name = "user-updates-topic"
}
resource "aws_sns_topic_policy" "positive3" {
arn = aws_sns_topic.positive3.arn
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSConfigSNSPolicy20180202",
"Action": [
"*"
],
"Effect": "Allow",
"Resource": "aws_sns_topic.positive3.arn",
"Principal" : {
"AWS": [
"arn:aws:iam::123456789012:root",
"arn:aws:iam::555555555555:root"
]
}
}
]
}
EOF
}
Positive test num. 4 - tf file
Positive test num. 5 - tf file
resource "aws_sns_topic" "positive5" {
tags = {
Name = "SNS Topic"
}
kms_master_key_id = "alias/aws/sns"
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSConfigSNSPolicy20180202",
"Action": [
"*"
],
"Effect": "Allow",
"Resource": "aws_sns_topic.positive5.arn",
"Principal" : {
"AWS": [
"arn:aws:iam::123456789012:root",
"arn:aws:iam::555555555555:root"
]
}
}
]
}
EOF
}