Skip to main content

More Info:

Your SNS topics should have subscribers. Corrective action must be taken about topics that have no subscribers.

Risk Level

Low

Address

Operational Maturity

Compliance Standards

CBP

Triage and Remediation

  • Remediation

Remediation

Using Console

Sure, here are the step by step instructions to remediate the misconfiguration of SNS topics not having subscriptions in AWS:
  1. Open the AWS Management Console and navigate to the SNS service.
  2. Select the SNS topic which is not having any subscription.
  3. Click on the “Create Subscription” button.
  4. Choose the protocol for the subscription. For example, you can choose email, SMS, or HTTP/HTTPS.
  5. Enter the endpoint details based on the protocol you have selected. For example, if you have chosen email, then enter the email address of the recipient.
  6. Click on the “Create Subscription” button to create the subscription.
  7. Once the subscription is created, you will receive a confirmation message on the endpoint you have specified.
  8. Repeat the above steps for all the SNS topics which do not have any subscription.
By following the above steps, you will be able to remediate the misconfiguration of SNS topics not having subscriptions in AWS.

To remediate the misconfiguration “SNS Topics Should Have Subscription” for AWS using AWS CLI, follow these steps:
  1. Open the AWS CLI on your local machine.
  2. Run the following command to list all the SNS topics in your AWS account: 
    aws sns list-topics
  3. Identify the SNS topic that does not have any subscription.
  4. Run the following command to list all the subscriptions for that SNS topic: 
    aws sns list-subscriptions-by-topic --topic-arn <topic_arn>
    Replace <topic_arn> with the ARN of the SNS topic that you identified in step 3.
  5. If the output of the above command is empty, it means that the SNS topic does not have any subscription.
  6. Run the following command to create a subscription for the SNS topic: 
    aws sns subscribe --topic-arn <topic_arn> --protocol <protocol> --notification-endpoint <endpoint>
    Replace <topic_arn> with the ARN of the SNS topic that you identified in step 3. Replace <protocol> with the protocol that you want to use for the subscription (e.g. email, SMS, etc.). Replace <endpoint> with the endpoint that you want to use for the subscription (e.g. email address, phone number, etc.).
  7. Verify that the subscription was created successfully by running the following command: 
    aws sns list-subscriptions-by-topic --topic-arn <topic_arn>
    Replace <topic_arn> with the ARN of the SNS topic that you identified in step 3.
  8. Repeat steps 3 to 7 for any other SNS topics that do not have any subscription.
To remediate the misconfiguration where SNS topics should have a subscription, you can use the following steps in Python:
  1. Import the necessary libraries:
import boto3
  1. Create a boto3 client for SNS:
sns_client = boto3.client('sns')
  1. Use the list_topics() method to get a list of all topics:
topics = sns_client.list_topics()
  1. Loop through the list of topics and check if each topic has at least one subscription:
for topic in topics['Topics']:
    subscriptions = sns_client.list_subscriptions_by_topic(TopicArn=topic['TopicArn'])
    if len(subscriptions['Subscriptions']) == 0:
        # If the topic has no subscriptions, create a subscription
        # You can choose to subscribe to an email address or an endpoint, depending on your use case
        sns_client.subscribe(TopicArn=topic['TopicArn'], Protocol='email', Endpoint='youremail@example.com')
  1. Run the script to create subscriptions for all SNS topics that do not have any subscriptions.
Note: Make sure that you have the necessary permissions to create subscriptions for SNS topics.

Additional Reading:

I