Amazon SNS
๐ Leaving AWS SNS Topics unencrypted exposes them to potential data breaches and unauthorized access, making encryption a crucial measure for protecting sensitive information communicated through these topics.
- Section: Encryption
- Severity: High
- CWE: CWE-311 Missing Encryption of Sensitive Data
- Assurance Scope: PCI, GDPR, HIPPA, NIST
- Threat Modeling Principal: Information Disclosure
- Rule Set: Threat Modeling - Cloud Configuration Check
๐ Not using the Customer Master Key (CMK) for encrypting AWS SNS Topics can lead to weaker data security controls. Employing CMKs offers enhanced encryption management and security oversight.
- Section: Encryption
- Severity: High
- CWE: CWE-653 Insufficient Compartmentalization
- Assurance Scope: PCI, GDPR, HIPPA, NIST
- Threat Modeling Principal: Information Disclosure
- Rule Set: Threat Modeling - Cloud Configuration Check
๐ Public exposure of AWS SNS Topics can lead to unauthorized access and information leaks, stressing the need for stringent access controls to ensure that sensitive data remains confidential and secure.
- Section: Public Exposure
- Severity: Critical
- CWE: CWE-668 Exposure of Resource to the Wrong Sphere
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure
- Rule Set: Threat Modeling - Cloud Configuration Check
๐ Allowing public subscriptions to AWS SNS Topics poses a severe risk of sensitive information disclosure. Implementing robust access control measures is essential to safeguard against unauthorized access and data breaches.
- Section: Public Exposure
- Severity: Critical
- CWE: CWE-284 Improper Access Control
- Assurance Scope: PCI, GDPR, NIST
- Threat Modeling Principal: Information Disclosure
- Rule Set: Threat Modeling - Cloud Configuration Check
Updated 5 months ago