Added SNS Topic access publicly Template

sns_topic_public_accessible.yaml

@@ -0,0 +1,63 @@
+id: sns-topic-policy-public-access
+
+info:
+  name: Public Access of SNS Topics via Policy
+  author: Ritesh_Gohil(#L4stPL4Y3R)
+  severity: critical
+  description: |
+    This template checks if Amazon SNS topics are configured to prevent public access via topic policies.
+  reference:
+    - https://docs.aws.amazon.com/sns/latest/api/API_GetTopicAttributes.html
+  tags: cloud, devops, aws, amazon, sns, aws-cloud-config
+
+flow: |
+  code(1)
+  for (let topicArn of iterate(template.topics)) {
+    set("topicArn", topicArn)
+    code(2)
+  }
+
+self-contained: true
+code:
+  - engine:
+      - sh
+      - bash
+    source: |
+      aws sns list-topics --query 'Topics[*].TopicArn'
+
+    extractors:
+      - type: json
+        internal: true
+        name: topics
+        json:
+          - '.[]'
+
+  - engine:
+      - sh
+      - bash
+    source: |
+      aws sns get-topic-attributes --topic-arn $topicArn --query Attributes.Policy --output text
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - '"Effect":"Allow"'
+
+      - type: word
+        part: body
+        words:
+          - '"Principal":{"AWS":"*"}'
+
+      - type: regex
+        part: body
+        negative: true
+        regex:
+          - '"Condition"'
+
+    extractors:
+      - type: dsl
+        dsl:
+          - '"The SNS topic " + topicArn + " is publicly accessible via Policy"'
+# digest: 4a0a0047304502200290e750e82d1e0766cede53f1ad65a1f9a04aaa4a4a36957a9f1072761cb25a0221009a7af53a7ee9887715e2c5791bab6885c0efaa7286ebc7731c40ccb5c5b14c8c:f37bf26b30a8e29c9db6a85589544950