4.2 Ensure a SNS topic is created for sending out notifications from RDS events - RDS Event Subscriptions

Information

For the RDS event subscriptions to be able to send out notifications, a SNS topic should be created.

Amazon Simple Notification Service (Amazon SNS) is a web service that coordinates and manages the delivery or sending of messages to subscribing endpoints or clients.

When using Amazon SNS, you (as the owner) create a topic and control access to it by defining policies that determine which publishers and subscribers can communicate with the topic.
RDS events generaged through defined RDS event subscriptions needs to be sent out to administrators, in order to be acted upon.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Using the Amazon unified CLI:

* Create a new topic, and note the topic-arn value:

aws sns create-topic --name _<sns_topic_name>_

* Create a subscription to the new topic:

aws sns subscribe --topic-arn <sns_topic_arn> --protocol _<protocol_for_sns>_ --notification-endpoint _<sns_subscription_endpoints>_

See Also

https://workbench.cisecurity.org/files/260

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-4(5)

Plugin: amazon_aws

Control ID: 5d3c5e4f7fca886513d5c76f838dc48595f4a09b9d850f84c8d6c0856f9c527d