SNS Topic is Publicly Accessible

• Query id: b26d2b7e-60f6-413d-a3a1-a57db24aa2b3
• Query name: SNS Topic is Publicly Accessible
• Platform: Terraform
• Severity: Critical
• Category: Access Control
• URL: Github

Description

SNS Topic Policy should not allow any principal to access
Documentation

Code samples

Code samples with security vulnerabilities

Positive test num. 1 - tf file

resource "aws_sns_topic" "positive1" {
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "*",
"Principal": {
  "AWS": "*"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}

Code samples without security vulnerabilities

Negative test num. 1 - tf file

resource "aws_sns_topic" "negative1" {
policy = <<EOF
{
"Version": "2012-10-17",
"Statement": [
{
"Action": "*",
"Principal": {
  "AWS": "arn:aws:iam::##account_number##:root"
},
"Effect": "Allow",
"Sid": ""
}
]
}
EOF
}