fix(sns): handle topic policy conditions (#2660)

tests/providers/aws/services/sns/sns_topics_not_publicly_accessible/sns_topics_not_publicly_accessible_test.py

@@ -27,7 +27,7 @@ test_policy_restricted_condition = {
             "Principal": {"AWS": "*"},
             "Action": ["sns:Publish"],
             "Resource": f"arn:aws:sns:{AWS_REGION}:{AWS_ACCOUNT_NUMBER}:{topic_name}",
-            "Condition": {"StringEquals": {"sns:Protocol": "https"}},
+            "Condition": {"StringEquals": {"aws:SourceAccount": AWS_ACCOUNT_NUMBER}},
         }
     ]
 }
@@ -121,6 +121,7 @@ class Test_sns_topics_not_publicly_accessible:
 
     def test_topic_public_with_condition(self):
         sns_client = mock.MagicMock
+        sns_client.audited_account = AWS_ACCOUNT_NUMBER
         sns_client.topics = []
         sns_client.topics.append(
             Topic(
@@ -144,7 +145,7 @@ class Test_sns_topics_not_publicly_accessible:
             assert result[0].status == "PASS"
             assert (
                 result[0].status_extended
-                == f"SNS topic {topic_name} is publicly accesible but has a Condition that could filter it"
+                == f"SNS topic {topic_name} is not public because its policy only allows access from the same account"
             )
             assert result[0].resource_id == topic_name
             assert result[0].resource_arn == topic_arn
@@ -176,7 +177,7 @@ class Test_sns_topics_not_publicly_accessible:
             assert result[0].status == "FAIL"
             assert (
                 result[0].status_extended
-                == f"SNS topic {topic_name} is publicly accesible"
+                == f"SNS topic {topic_name} is public because its policy allows public access"
             )
             assert result[0].resource_id == topic_name
             assert result[0].resource_arn == topic_arn