AWS Security ChangesHomeSearch

AWS AmazonElastiCache medium security documentation change

Service: AmazonElastiCache · 2026-06-28 · Security-related medium

File: AmazonElastiCache/latest/dg/ElastiCacheSNS.md

Summary

Added requirement that SNS topic access policies must use 'aws:SourceOwner' instead of 'aws:SourceAccount' to avoid inactive status, with link to policy configuration.

Security assessment

The change addresses a misconfiguration that could prevent security notifications by enforcing proper access control conditions. Explicitly references security policy requirements and inactive topic risks.

Diff

diff --git a/AmazonElastiCache/latest/dg/ElastiCacheSNS.md b/AmazonElastiCache/latest/dg/ElastiCacheSNS.md
index a829e28a8..c9f88b543 100644
--- a//AmazonElastiCache/latest/dg/ElastiCacheSNS.md
+++ b//AmazonElastiCache/latest/dg/ElastiCacheSNS.md
@@ -30,0 +31,2 @@ It is possible to attach an encrypted (at-rest) Amazon SNS topic to the cluster.
+  * The Amazon SNS topic's access policy must use the `aws:SourceOwner` condition key. If the policy uses `aws:SourceAccount` (which is now the default for newly created topics), ElastiCache cannot publish to the topic and automatically sets the topic status to _inactive_. For the required policy configuration, see [Managing ElastiCache Amazon SNS notifications](./ECEvents.SNS.html).
+