Ensure that your AWS SNS topics are not using access control policies that allow HTTP subscriptions in order to protect against subscription requests that are not encrypted over the network.
When Amazon SNS topic access policies are configured to use HTTP instead of HTTPS as delivery protocol, the communication between AWS and the SNS subscription endpoints is vulnerable to eavesdropping and man-in-the-middle (MITM) attacks. Cloud Conformity strongly recommends enforcing HTTPS-only subscription by denying all regular (unencrypted) HTTP subscription requests using topic policies.
To determine if your AWS SNS topics are using unsecured access policies, perform the following actions:
To update your Amazon SNS topic policies in order to enforce HTTPS-only subscription, perform the following: