AWS AmazonElastiCache medium security documentation change
Summary
Added requirement that SNS topic access policies must use 'aws:SourceOwner' instead of 'aws:SourceAccount' to avoid inactive status, with link to policy configuration.
Security assessment
The change addresses a misconfiguration that could prevent security notifications by enforcing proper access control conditions. Explicitly references security policy requirements and inactive topic risks.
Diff
diff --git a/AmazonElastiCache/latest/dg/ElastiCacheSNS.md b/AmazonElastiCache/latest/dg/ElastiCacheSNS.md index a829e28a8..c9f88b543 100644 --- a//AmazonElastiCache/latest/dg/ElastiCacheSNS.md +++ b//AmazonElastiCache/latest/dg/ElastiCacheSNS.md @@ -30,0 +31,2 @@ It is possible to attach an encrypted (at-rest) Amazon SNS topic to the cluster. + * The Amazon SNS topic's access policy must use the `aws:SourceOwner` condition key. If the policy uses `aws:SourceAccount` (which is now the default for newly created topics), ElastiCache cannot publish to the topic and automatically sets the topic status to _inactive_. For the required policy configuration, see [Managing ElastiCache Amazon SNS notifications](./ECEvents.SNS.html). +