AWS config high security documentation change
Summary
Added note clarifying SNS policy requirements for non-public access, specifying exclusion of wildcards and IAM policy variables
Security assessment
The change explicitly documents security requirements to prevent public access by restricting policy elements that could enable unintended access through wildcards or variables. This directly addresses potential misconfiguration security risks.
Diff
diff --git a/config/latest/developerguide/sns-topic-no-public-access.md b/config/latest/developerguide/sns-topic-no-public-access.md index 9378ea257..6d31ab8fb 100644 --- a//config/latest/developerguide/sns-topic-no-public-access.md +++ b//config/latest/developerguide/sns-topic-no-public-access.md @@ -10,0 +11,4 @@ Checks if the SNS topic access policy allows public access. The rule is NON_COMP +###### Note + +To be considered non-public, an SNS policy must grant access only to fixed values. This means values that don't contain a wildcard or the following IAM policy element: [Variables](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#policy-vars-using-variables). +