Table: aws_sns_topics

This table shows data for Sns Topics.

https://docs.aws.amazon.com/sns/latest/api/API_GetTopicAttributes.html (opens in a new tab)

The primary key for this table is arn.

Columns

NameType
_cq_iduuid
_cq_parent_iduuid
account_idutf8
regionutf8
arn (PK)utf8
tagsjson
delivery_policyjson
policyjson
effective_delivery_policyjson
display_nameutf8
ownerutf8
subscriptions_confirmedint64
subscriptions_deletedint64
subscriptions_pendingint64
kms_master_key_idutf8
fifo_topicbool
content_based_deduplicationbool
unknown_fieldsjson

Example Queries

These SQL queries are sampled from CloudQuery policies and are compatible with PostgreSQL.

SNS topics should be encrypted at rest using AWS KMS

SELECT
  'SNS topics should be encrypted at rest using AWS KMS' AS title,
  account_id,
  arn AS resource_id,
  CASE
  WHEN kms_master_key_id IS NULL OR kms_master_key_id = '' THEN 'fail'
  ELSE 'pass'
  END
    AS status
FROM
  aws_sns_topics;

Logging of delivery status should be enabled for notification messages sent to a topic

SELECT
  'Logging of delivery status should be enabled for notification messages sent to a topic'
    AS title,
  account_id,
  arn AS resource_id,
  CASE
  WHEN (unknown_fields->'HTTPSuccessFeedbackRoleArn') IS NULL
  AND (unknown_fields->'FirehoseSuccessFeedbackRoleArn') IS NULL
  AND (unknown_fields->'LambdaSuccessFeedbackRoleArn') IS NULL
  AND (unknown_fields->'ApplicationSuccessFeedbackRoleArn') IS NULL
  AND (unknown_fields->'SQSSuccessFeedbackRoleArn') IS NULL
  THEN 'fail'
  ELSE 'pass'
  END
    AS status
FROM
  aws_sns_topics;

Unused SNS topic

WITH
  subscription AS (SELECT DISTINCT topic_arn FROM aws_sns_subscriptions)
SELECT
  'Unused SNS topic' AS title,
  topic.account_id,
  topic.arn AS resource_id,
  'fail' AS status
FROM
  aws_sns_topics AS topic
  LEFT JOIN subscription ON subscription.topic_arn = topic.arn
WHERE
  subscription.topic_arn IS NULL;