Data protection

SNS topic policy allows everyone to subscribe

Risk Level

Informational (4)

Platform(s)
Compliance Frameworks

Description

A resource-based policy enables you to specify which AWS account and which AWS users or roles can access your SNS Topic. Allowing Everyone to subscribe to the SNS topic is a security risk and can lead to data leaks. It was detected that the policy of SNS topic {AwsSnsTopic} allows everyone to subscribe. As a best practice, ensure SNS topics do not allow everyone to subscribe to topics.
  • Recommended Mitigation

    It is recommended to edit the access policy of the SNS topic to allow topic subscription only to specific users.