AWS SNS
About
Monitor and audit SNS to ensure security, availability, reliability is not compromised.
Security
SNS Topics should not allow global publishing
Ensure that your AWS Simple Notification Service (SNS) topics do not allow Everyone to publish.
SNS Topics should not allow global subscribe
Ensure that your AWS Simple Notification Service (SNS) topics do not allow "Everyone" to subscribe.
SNS Topic should be encrypted
Server-Side Encryption (SSE) must be enabled for the SNS topics. This ensures protection of sensitive data delivered as messages to subscribers.
SNS Topic should be encrypted using CMK
SNS Topics should be encrypted with Customer managed keys (CMK) instead of AWS managed keys.
Is Topic Exposed
Check if any topic is publicly accessible.
Is Subscription Secure Only
Ensure that subscribers get the data over secure-only protocol.
SNS Topic should have Subscription
Let there be no topics without subscription.
Sources
https://www.cloudanix.com/recipelist/aws/snsmonitoring
https://docs.aws.amazon.com/sns/latest/dg/AccessPolicyLanguage.html
https://docs.aws.amazon.com/sns/latest/dg/AccessPolicyLanguage.html
https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html
https://docs.aws.amazon.com/sns/latest/dg/sns-enable-encryption.html
https://aws.amazon.com/about-aws/whats-new/2018/11/amazon-sns-sse/
https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html
http://docs.aws.amazon.com/sns/latest/dg/AccessPolicyLanguage.html
Help Us Improve!
If you have any suggestions to improve this checklist, please let us know by filling out
this form.
