Ensure that your AWS Simple Notification Service (SNS) topics do not allow "Everyone" to publish. The AWS entities that can publish to your SNS topics can be: "Everyone" (unrestricted user access), specific AWS users or AWS resources and the topic owner. From this list of topic message publishers, you need to make sure that the "Everyone" entity is not used with any SNS topics provisioned in your AWS account in order to protect against attackers or unauthorized users that can publish messages to your topics.
This rule can help you with the following compliance standards:
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
When an SNS topic policy grants permission to "Everyone", using a wildcard, i.e. "*", as the Principal value, the topic security can be at risk as any unauthenticated entity can produce and publish malicious messages to the topic, messages that normally should be published only by trusted publishers.
To determine if there are any SNS topics accessible to anonymous publishing available in your AWS account, perform the following actions:
To update the access control policies attached to the AWS SNS topics that are publicly accessible for publishing and implement the required permissions to secure the exposed topics, perform the following actions: