Ensure that your AWS SNS topics are not using access control policies that allow HTTP subscriptions in order to protect against subscription requests that are not encrypted over the network.
When Amazon SNS topic access policies are configured to use HTTP instead of HTTPS as delivery protocol, the communication between AWS and the SNS subscription endpoints is vulnerable to eavesdropping and man-in-the-middle (MITM) attacks. Cloud Conformity strongly recommends enforcing HTTPS-only subscription by denying all regular (unencrypted) HTTP subscription requests using topic policies.
To determine if your AWS SNS topics are using unsecured access policies, perform the following actions:
Remediation / Resolution
To update your Amazon SNS topic policies in order to enforce HTTPS-only subscription, perform the following:
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
Get started for FREE
You are auditing:
AWS SNS Topics with Unsecured Policies
Risk level: Low