Aws Anyone Can Publish
Description
Identifies AWS SNS topics that are configured to allow unrestricted publish access through their resource policies. When an SNS topic allows any AWS account to publish messages without conditions, it creates a security risk by enabling potential message injection and abuse of the notification system.
Detection Strategy
• Evaluates each SNS topic's resource policy for statements that grant publish permissions
• Reports a vulnerability when a policy statement contains: Effect='Allow', Principal='*' or includes all AWS accounts, Action includes 'SNS:Publish', matching topic ARN as Resource, and no Condition limitations
• Scans all SNS topics in the specified AWS region to identify any instances of overly permissive publish access
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.