AWS SNS Appropriate Subscribers

01 Sign in to the AWS Management Console.

02 Navigate to SNS dashboard at https://console.aws.amazon.com/sns/v2/.

03 In the left navigation panel, under SNS Dashboard, select Subscriptions.

04 Choose the SNS subscription that you want to examine.

05 Evaluate the topic Amazon Resource Name (ARN), available in the Topic ARN column and the endpoint assigned to the subscription, available within Endpoint column, to determine if the subscriber is appropriate and can access/receive the data published to the assigned topic. If the subscriber is evaluated as unwanted, the selected AWS SNS subscription is not appropriate and can be safely removed from your account.

06 Repeat step no. 4 and 5 to evaluate other Amazon SNS subscriptions available in the current region.

07 Change the AWS region from the navigation bar and repeat the audit process for other regions.

01 Run list-subscriptions command (OSX/Linux/UNIX) with custom query filters to list the Amazon Resource Name for each AWS SNS subscription available in the selected region:

aws sns list-subscriptions
	--region us-east-1
	--query 'Subscriptions[*].SubscriptionArn'

02 The command output should return the requested subscription ARNs:

[

"arn:aws:sns:us-east-1:123456789012:cc-web-sns-topic:12345678-39dc-4669-961b-aaabbbcccddd",
"arn:aws:sns:us-east-1:123456789012:cc-web-sns-topic:12345678-603b-4a82-b29d-aaabbbcccddd"

]

03 Run get-subscription-attributes command (OSX/Linux/UNIX) using the subscription ARN returned at the previous step as identifier and custom query filters to describe the configuration attributes of the selected AWS SNS subscription:

aws sns get-subscription-attributes
	--region us-east-1
	--subscription-arn arn:aws:sns:us-east-1:123456789012:cc-web-sns-topic:12345678-39dc-4669-961b-aaabbbcccddd

04 The command output should return the requested attributes:

{
    "Attributes": {
        "Endpoint": "daniel@cloudconformity.com",
        "Protocol": "email",
        "RawMessageDelivery": "false",
        "ConfirmationWasAuthenticated": "false",
        "Owner": "123456789012",
        "SubscriptionArn": "arn:aws:sns:us-east-1:123456789012:cc-web-sns-topic:12345678-39dc-4669-961b-aaabbbcccddd",
        "TopicArn": "arn:aws:sns:us-east-1:123456789012:cc-web-sns-topic"
    }
}
 

05 Based on the information returned at the previous step, evaluate the topic ARN, available as value for "TopicArn" attribute and the endpoint assigned to the subscription, available as value for "Endpoint" attribute, to determine if the subscriber is appropriate and can receive information published to the assigned topic (in this case arn:aws:sns:us-east-1:123456789012:cc-web-sns-topic). If the subscriber is evaluated as unwanted, the selected Amazon SNS subscription is marked as inappropriate and can be safely removed from your AWS account.

06 Repeat steps no. 3 – 5 to evaluate other Amazon SNS subscriptions available in the current region.

07 Change the AWS region by updating the --region command parameter value and repeat steps no. 1 - 6 to perform the audit process for other regions.

01 Sign in to the AWS Management Console.

02 Navigate to SNS dashboard at https://console.aws.amazon.com/sns/v2/.

03 In the navigation panel, under SNS Dashboard, click Subscriptions.

04 Select the SNS topic subscription that you want to remove (see Audit section part I to identify the right resource).

05 Click Actions button from the dashboard top menu and select Delete subscriptions.

06 Within Delete dialog box, review the SNS subscription ARN, then click Delete to confirm the action. Once the selected subscription is removed, the AWS console will display the following confirmation message: "Subscriptions deleted.".

07 Repeat steps no. 4 - 7 to remove other unwanted Amazon SNS subscriptions available in the selected region.

08 Change the AWS region from the navigation bar and repeat the resolution process for other regions.

01 Run unsubscribe command (OSX/Linux/UNIX) using the ARN of the unwanted subscription that you want to delete as identifier (see Audit section part II to identify the right SNS resource) to remove the selected AWS SNS subscription from your account (the command does not produce an output):

aws sns unsubscribe
	--region us-east-1
	--subscription-arn "arn:aws:sns:us-east-1:123456789012:cc-web-sns-topic:12345678-39dc-4669-961b-aaabbbcccddd"

02 Repeat step no. 1 to remove (unsubscribe) other unwanted Amazon SNS subscriptions created in the selected AWS region.

03 Change the AWS region by updating the --region command parameter value and repeat step no. 1 and 2 to perform the entire process for other regions.