SNS Topics Should Not Allow Global Publishing
Your AWS Simple Notification Service (SNS) topics should not allow Everyone to publish in order to protect against attackers or unauthorized users that can publish malicious messages to your topics.
Your AWS Simple Notification Service (SNS) topics should not allow Everyone to publish in order to protect against attackers or unauthorized users that can publish malicious messages to your topics.
Your AWS Simple Notification Service (SNS) topics should not allow "Everyone" to subscribe in order to protect the messages published to your topics against attackers or unauthorized personnel.
Server-Side Encryption (SSE) must be enabled for the SNS topics. This ensures protection of sensitive data delivered as messages to subscribers.
SNS Topics should be encrypted with Customer managed keys (CMK) instead of AWS managed keys in order to have a more granular control over the SNS data-at-rest encryption and decryption process.
There should not be any publicly accessible SNS topics in order to protect them against attackers or unauthorized personnel.
None of the Amazon SNS subscriptions created within your AWS account should use HTTP instead of HTTPS as delivery protocol in order to enforce SSL encryption for all subscription requests.
Your SNS topics should have subscribers. Corrective action must be taken about topics that have no subscribers.
Your SNS topics should be configured to allow access only to trusted AWS accounts in order to protect against unauthorized cross account access. This can prevent data leaks and avoid unexpected costs on your AWS bill.
If you are not yet convinced to sign up with Cloudanix, that's not a problem. We recommend you use a comprehensive checklist which your team can use to perform a manual assessment of your workload.