Detections
Analytics

Ensure Amazon Simple Notification Service (SNS) is enabled for CloudFormation stacks

MEDIUM

Description

AWS Simple Notification Service (SNS) can be used with AWS CloudFormation to receive notifications about the state of your stack, such as when a resource has been created, deleted, or an update operation has failed. By configuring SNS notifications, you can monitor and respond quickly to any issues that arise.

Remediation

In AWS Console -

  1. Sign in to the AWS Console and open the AWS CloudFormation console, and follow the steps in the setup wizard to create a stack.
  2. For Notification options, select Amazon SNS topic.
  3. Select the SNS topic that you created to notify the Lambda function.
  4. Complete the steps in the setup wizard to create your stack.

In Terraform -

  1. In the aws_cloudformation_stack resource, configure notification_arns to include a list of any SNS topic ARNS to use.

References:
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudformation_stack#notification_arns

Policy Details

Rule Reference ID: AC_AWS_0021
CSP: AWS
Remediation Available: Yes
Domain: Security Best Practices
Resource: aws_cloudformation_stack
Resource Category: Management
Resource Type: CloudFormation

Frameworks