Open museadmin opened 5 years ago
I am seeing a lot of false positives for the SNS Audit along these lines:
Warning: SNS topic arn:aws:sns:eu-west-2:nnnnnnnnnnnn:MGT-NONPROD-CONFIG-ALERTS is publicly accessible
When I look at the policy though:
{ "Version": "2008-10-17", "Id": "__default_policy_ID", "Statement": [ { "Sid": "__default_statement_ID", "Effect": "Allow", "Principal": { "AWS": "*" }, "Action": [ "SNS:GetTopicAttributes", "SNS:SetTopicAttributes", "SNS:AddPermission", "SNS:RemovePermission", "SNS:DeleteTopic", "SNS:Subscribe", "SNS:ListSubscriptionsByTopic", "SNS:Publish", "SNS:Receive" ], "Resource": "arn:aws:sns:eu-west-2:xxxxxxxxxxxxxx:MGT-NONPROD-CONFIG-ALERTS", "Condition": { "StringEquals": { "AWS:SourceOwner": "xxxxxxxxxxxxxx" } } } ] }
I'm not an expert on AWS but this reads to me like it is granting access to AWS:"*" and then imposing a condition of restricting it to the "AWS:SourceOwner"
Am I completely misinterpreting this or is it a bug?
definitely a false positive thanks for reporting it I will get it fixed and review it again
Cheers. If you let me know when the fix is available I'll pull it and rerun the scan for you
I am seeing a lot of false positives for the SNS Audit along these lines:
Warning: SNS topic arn:aws:sns:eu-west-2:nnnnnnnnnnnn:MGT-NONPROD-CONFIG-ALERTS is publicly accessible
When I look at the policy though:
I'm not an expert on AWS but this reads to me like it is granting access to AWS:"*" and then imposing a condition of restricting it to the "AWS:SourceOwner"
Am I completely misinterpreting this or is it a bug?