diff --git a/checkov/terraform/checks/resource/aws/KMSKeyWildcardPrincipal.py b/checkov/terraform/checks/resource/aws/KMSKeyWildcardPrincipal.py
index 878e6c0a97..76fcc32871 100644
--- a/checkov/terraform/checks/resource/aws/KMSKeyWildcardPrincipal.py
+++ b/checkov/terraform/checks/resource/aws/KMSKeyWildcardPrincipal.py
@@ -24,6 +24,8 @@ def scan_resource_conf(self, conf):
                         principal = statement['Principal']
                         if 'Effect' in statement and statement['Effect'] == 'Deny':
                             continue
+                        if 'Condition' in statement:
+                            continue
                         if 'AWS' in principal:
                             aws = principal['AWS']
                             if (isinstance(aws, str) and aws == '*') or (isinstance(aws, list) and '*' in aws):
diff --git a/checkov/terraform/checks/resource/aws/SNSCrossAccountAccess.py b/checkov/terraform/checks/resource/aws/SNSCrossAccountAccess.py
new file mode 100644
index 0000000000..2aebef77d7
--- /dev/null
+++ b/checkov/terraform/checks/resource/aws/SNSCrossAccountAccess.py
@@ -0,0 +1,65 @@
+from __future__ import annotations
+
+from typing import Any
+
+from cloudsplaining.scan.resource_policy_document import ResourcePolicyDocument
+
+from checkov.common.models.enums import CheckResult, CheckCategories
+from checkov.terraform.checks.resource.base_resource_check import BaseResourceCheck
+
+
+class SNSCrossAccountAccess(BaseResourceCheck):
+    def __init__(self) -> None:
+        name = "Ensure AWS SNS topic policies do not allow cross-account access"
+        id = "CKV_AWS_385"
+        supported_resources = ("aws_sns_topic_policy",)
+        categories = (CheckCategories.IAM,)
+        super().__init__(name=name, id=id, categories=categories, supported_resources=supported_resources)
+
+    def scan_resource_conf(self, conf: dict[str, Any]) -> CheckResult:
+        conf_policy = conf.get("policy")
+
+        if not conf_policy:
+            return CheckResult.PASSED
+
+        if conf_policy:
+            if isinstance(conf_policy[0], dict):
+                for policy in conf_policy:
+                    try:
+                        processed_policy = ResourcePolicyDocument(policy=policy)
+                        for statement in processed_policy.statements:
+                            if statement.effect != "Allow":
+                                continue
+
+                            has_specific_aws_iam_arn_principal = False
+
+                            aws_principal_values = []
+                            if statement.statement and "Principal" in statement.statement and "AWS" in statement.statement["Principal"]:
+                                raw_aws_principals = statement.statement["Principal"]["AWS"]
+                                if isinstance(raw_aws_principals, str):
+                                    aws_principal_values.append(raw_aws_principals)
+                                elif isinstance(raw_aws_principals, list):
+                                    aws_principal_values.extend(raw_aws_principals)
+
+                            for principal_str in aws_principal_values:
+                                if isinstance(principal_str, str) and \
+                                        principal_str.startswith("arn:aws:iam::") and \
+                                        principal_str != "*":
+                                    has_specific_aws_iam_arn_principal = True
+                                    break
+
+                            if has_specific_aws_iam_arn_principal:
+                                if not statement.conditions:
+                                    return CheckResult.FAILED
+
+                    except (TypeError, AttributeError):
+                        return CheckResult.UNKNOWN
+            else:
+                return CheckResult.UNKNOWN
+        return CheckResult.PASSED
+
+    def get_evaluated_keys(self) -> list[str]:
+        return ["policy"]
+
+
+check = SNSCrossAccountAccess()
diff --git a/tests/terraform/checks/resource/aws/example_KMSKeyWildcardPrincipal/pass.tf b/tests/terraform/checks/resource/aws/example_KMSKeyWildcardPrincipal/pass.tf
index 8ed0280525..2b0b1fe027 100644
--- a/tests/terraform/checks/resource/aws/example_KMSKeyWildcardPrincipal/pass.tf
+++ b/tests/terraform/checks/resource/aws/example_KMSKeyWildcardPrincipal/pass.tf
@@ -69,3 +69,42 @@ resource "aws_kms_key" "pass_3" {
 }
 POLICY  
 }
+
+resource "aws_kms_key" "pass_4" {
+  description             = "description"
+
+  policy = <<POLICY
+{
+  "Version": "2012-10-17",
+  "Id": "key-default-1",
+  "Statement": [
+    {
+      "Sid": "Enable IAM User Permissions",
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": "arn:aws:iam::111122223333:root"
+      },
+      "Action": "kms:*",
+      "Resource": "*",
+      "Condition": {
+         "Bool": { "aws:MultiFactorAuthPresent": "true" }
+       }
+    },
+    {
+      "Sid": "RestrictWildcardPrincipalToAccount",
+      "Effect": "Allow",
+      "Principal": {
+        "AWS": "*"
+      },
+      "Action": "kms:*",
+      "Resource": "*",
+      "Condition": {
+         "StringEquals": {
+           "kms:CallerAccount": "111122223333"
+         }
+       }
+    }
+  ]
+}
+POLICY
+}
diff --git a/tests/terraform/checks/resource/aws/example_SNSCrossAccountAccess/main.tf b/tests/terraform/checks/resource/aws/example_SNSCrossAccountAccess/main.tf
new file mode 100644
index 0000000000..e32fa2f287
--- /dev/null
+++ b/tests/terraform/checks/resource/aws/example_SNSCrossAccountAccess/main.tf
@@ -0,0 +1,200 @@
+# fail
+resource "aws_sns_topic_policy" "fail0" {
+  arn = aws_sns_topic.test.arn
+
+  policy = <<POLICY
+{
+    "Version":"2012-10-17",
+    "Statement":[
+       {
+           "Principal": {
+            "AWS": [
+                "arn:aws:iam::123456789101:role/sns"
+            ]
+          },
+          "Effect": "Allow",
+          "Action": [
+            "SNS:Subscribe",
+            "SNS:SetTopicAttributes",
+            "SNS:RemovePermission",
+            "SNS:Receive",
+            "SNS:Publish",
+            "SNS:ListSubscriptionsByTopic",
+            "SNS:GetTopicAttributes",
+            "SNS:DeleteTopic",
+            "SNS:AddPermission",
+          ],
+          "Resource": "${aws_sns_topic.test.arn}"
+       }
+    ]
+}
+POLICY
+}
+
+resource "aws_sns_topic_policy" "fail1" {
+  arn = aws_sns_topic.test.arn
+
+  policy = <<POLICY
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "AllowS3ToPublish",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "s3.amazonaws.com"
+            },
+            "Action": "SNS:Publish",
+            "Resource": "${aws_sns_topic.test.arn}",
+            "Condition": {
+                "ArnLike": {
+                    "aws:SourceArn": "arn:aws:s3:::your-s3-bucket-name/*"
+                },
+                "StringEquals": {
+                    "aws:SourceAccount": "${data.aws_caller_identity.current.account_id}"
+                }
+            }
+        },
+        {
+            "Sid": "AllowOriginalAccess",
+            "Principal": {
+              "AWS": [
+                  "arn:aws:iam::123456789101:role/sns"
+              ]
+            },
+            "Effect": "Allow",
+            "Action": [
+                "SNS:Subscribe",
+                "SNS:SetTopicAttributes",
+                "SNS:RemovePermission",
+                "SNS:Receive",
+                "SNS:Publish",
+                "SNS:ListSubscriptionsByTopic",
+                "SNS:GetTopicAttributes",
+                "SNS:DeleteTopic",
+                "SNS:AddPermission"
+            ],
+            "Resource": "${aws_sns_topic.test.arn}"
+        }
+    ]
+}
+POLICY
+}
+
+
+
+# pass
+resource "aws_sns_topic_policy" "pass0" {
+  arn = aws_sns_topic.test.arn
+
+  policy = <<POLICY
+{
+    "Version":"2012-10-17",
+    "Statement":[
+       {
+           "Principal": {
+            "AWS": [
+                "*"
+            ]
+          },
+          "Effect": "Allow",
+          "Action": [
+            "SNS:Subscribe",
+            "SNS:SetTopicAttributes",
+            "SNS:RemovePermission",
+            "SNS:Receive",
+            "SNS:Publish",
+            "SNS:ListSubscriptionsByTopic",
+            "SNS:GetTopicAttributes",
+            "SNS:DeleteTopic",
+            "SNS:AddPermission",
+          ],
+          "Resource": "${aws_sns_topic.test.arn}"
+       }
+    ]
+}
+POLICY
+}
+
+resource "aws_sns_topic_policy" "pass1" {
+  arn = aws_sns_topic.test.arn
+
+  policy = <<POLICY
+{
+    "Version":"2012-10-17",
+    "Statement":[
+       {
+          "Principal": "*",
+          "Effect": "Allow",
+          "Action": [
+            "SNS:Subscribe",
+            "SNS:SetTopicAttributes",
+            "SNS:RemovePermission",
+            "SNS:Receive",
+            "SNS:Publish",
+            "SNS:ListSubscriptionsByTopic",
+            "SNS:GetTopicAttributes",
+            "SNS:DeleteTopic",
+            "SNS:AddPermission",
+          ],
+          "Resource": "${aws_sns_topic.test.arn}"
+       }
+    ]
+}
+POLICY
+}
+
+resource "aws_sns_topic_policy" "pass2" {
+  arn = aws_sns_topic.test.arn
+
+  policy = <<POLICY
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "AllowS3ToPublish",
+            "Effect": "Allow",
+            "Principal": {
+                "Service": "s3.amazonaws.com"
+            },
+            "Action": "SNS:Publish",
+            "Resource": "${aws_sns_topic.test.arn}",
+            "Condition": {
+                "ArnLike": {
+                    "aws:SourceArn": "arn:aws:s3:::your-s3-bucket-name/*"
+                },
+                "StringEquals": {
+                    "aws:SourceAccount": "${data.aws_caller_identity.current.account_id}"
+                }
+            }
+        },
+        {
+            "Sid": "AllowOriginalAccess",
+            "Principal": {
+              "AWS": [
+                  "arn:aws:iam::123456789101:role/sns"
+              ]
+            },
+            "Effect": "Allow",
+            "Action": [
+                "SNS:Subscribe",
+                "SNS:SetTopicAttributes",
+                "SNS:RemovePermission",
+                "SNS:Receive",
+                "SNS:Publish",
+                "SNS:ListSubscriptionsByTopic",
+                "SNS:GetTopicAttributes",
+                "SNS:DeleteTopic",
+                "SNS:AddPermission"
+            ],
+            "Resource": "${aws_sns_topic.test.arn}",
+            "Condition": {
+                "ArnEquals": {
+                    "aws:PrincipalArn": "arn:aws:iam::123456789101:role/sns"
+                }
+            }
+        }
+    ]
+}
+POLICY
+}
\ No newline at end of file
diff --git a/tests/terraform/checks/resource/aws/example_SNSTopicPolicyAnyPrincipal/main.tf b/tests/terraform/checks/resource/aws/example_SNSTopicPolicyAnyPrincipal/main.tf
index 26a7ebfc05..98f2f867af 100644
--- a/tests/terraform/checks/resource/aws/example_SNSTopicPolicyAnyPrincipal/main.tf
+++ b/tests/terraform/checks/resource/aws/example_SNSTopicPolicyAnyPrincipal/main.tf
@@ -27,6 +27,45 @@ resource "aws_sns_topic_policy" "sns_tp1" {
 POLICY
 }
 
+resource "aws_sns_topic_policy" "sns_pass_condition" {
+  arn = aws_sns_topic.test.arn
+
+  policy = <<POLICY
+{
+    "Version":"2012-10-17",
+    "Statement":[
+       {
+           "Sid": "AllowSpecificPrincipalsFromSourceAccount",
+           "Principal": {
+            "AWS": [
+                "arn:aws:iam::123456789101:role/sns",
+                "*"
+            ]
+          },
+          "Effect": "Allow",
+          "Action": [
+            "SNS:Subscribe",
+            "SNS:SetTopicAttributes",
+            "SNS:RemovePermission",
+            "SNS:Receive",
+            "SNS:Publish",
+            "SNS:ListSubscriptionsByTopic",
+            "SNS:GetTopicAttributes",
+            "SNS:DeleteTopic",
+            "SNS:AddPermission"
+          ],
+          "Resource": "${aws_sns_topic.test.arn}",
+          "Condition": {
+            "StringEquals": {
+              "aws:SourceAccount": "123456789101"
+            }
+          }
+       }
+    ]
+}
+POLICY
+}
+
 # should return as unknown dou to condition parsing error.
 resource "aws_sns_topic_policy" "sns_tp_unknown" {
   arn = aws_sns_topic.test.arn
diff --git a/tests/terraform/checks/resource/aws/test_KMSKeyWildcardPrincipal.py b/tests/terraform/checks/resource/aws/test_KMSKeyWildcardPrincipal.py
index c39b5424e1..79871c9623 100644
--- a/tests/terraform/checks/resource/aws/test_KMSKeyWildcardPrincipal.py
+++ b/tests/terraform/checks/resource/aws/test_KMSKeyWildcardPrincipal.py
@@ -20,14 +20,15 @@ def test(self):
             'aws_kms_key.pass_0',
             'aws_kms_key.pass_1',
             'aws_kms_key.pass_2',
-            'aws_kms_key.pass_3'
+            'aws_kms_key.pass_3',
+            'aws_kms_key.pass_4',
         }
         failing_resources = {
             'aws_kms_key.fail_0',
             'aws_kms_key.fail_1',
             'aws_kms_key.fail_2',
             'aws_kms_key.fail_3',
-            'aws_kms_key.fail_4'
+            'aws_kms_key.fail_4',
         }
 
         passed_check_resources = set([c.resource for c in report.passed_checks])
@@ -36,7 +37,7 @@ def test(self):
         self.assertEqual(passing_resources, passed_check_resources)
         self.assertEqual(failing_resources, failed_check_resources)
         
-        self.assertEqual(summary['passed'], 4)
+        self.assertEqual(summary['passed'], 5)
         self.assertEqual(summary['failed'], 5)
         self.assertEqual(summary['skipped'], 0)
         self.assertEqual(summary['parsing_errors'], 0)
diff --git a/tests/terraform/checks/resource/aws/test_SNSCrossAccountAccess.py b/tests/terraform/checks/resource/aws/test_SNSCrossAccountAccess.py
new file mode 100644
index 0000000000..d02ff67477
--- /dev/null
+++ b/tests/terraform/checks/resource/aws/test_SNSCrossAccountAccess.py
@@ -0,0 +1,43 @@
+import unittest
+from pathlib import Path
+
+from checkov.runner_filter import RunnerFilter
+from checkov.terraform.checks.resource.aws.SNSCrossAccountAccess import check
+from checkov.terraform.runner import Runner
+
+
+class TestSNSOverPermissivePublishing(unittest.TestCase):
+    def test(self):
+        # given
+        test_files_dir = Path(__file__).parent / "example_SNSCrossAccountAccess"
+
+        # when
+        report = Runner().run(root_folder=str(test_files_dir), runner_filter=RunnerFilter(checks=[check.id]))
+
+        # then
+        summary = report.get_summary()
+
+        passing_resources = {
+            "aws_sns_topic_policy.pass0",
+            "aws_sns_topic_policy.pass1",
+            "aws_sns_topic_policy.pass2",
+        }
+        failing_resources = {
+            "aws_sns_topic_policy.fail0",
+            "aws_sns_topic_policy.fail1",
+        }
+
+        passed_check_resources = {c.resource for c in report.passed_checks}
+        failed_check_resources = {c.resource for c in report.failed_checks}
+
+        self.assertEqual(summary["passed"], len(passing_resources))
+        self.assertEqual(summary["failed"], len(failing_resources))
+        self.assertEqual(summary["skipped"], 0)
+        self.assertEqual(summary["parsing_errors"], 0)
+
+        self.assertEqual(passing_resources, passed_check_resources)
+        self.assertEqual(failing_resources, failed_check_resources)
+
+
+if __name__ == "__main__":
+    unittest.main()
diff --git a/tests/terraform/checks/resource/aws/test_SNSTopicPolicyAnyPrincipal.py b/tests/terraform/checks/resource/aws/test_SNSTopicPolicyAnyPrincipal.py
index 1f6b7f0533..8825ac9c8d 100644
--- a/tests/terraform/checks/resource/aws/test_SNSTopicPolicyAnyPrincipal.py
+++ b/tests/terraform/checks/resource/aws/test_SNSTopicPolicyAnyPrincipal.py
@@ -18,6 +18,7 @@ def test(self):
         passing_resources = {
             "aws_sns_topic_policy.sns_tp1",
             "aws_sns_topic_policy.sns_tp6",
+            "aws_sns_topic_policy.sns_pass_condition",
         }
         failing_resources = {
             "aws_sns_topic_policy.sns_tp2",
@@ -29,7 +30,7 @@ def test(self):
         passed_check_resources = set([c.resource for c in report.passed_checks])
         failed_check_resources = set([c.resource for c in report.failed_checks])
 
-        self.assertEqual(summary["passed"], 2)
+        self.assertEqual(summary["passed"], 3)
         self.assertEqual(summary["failed"], 4)
         self.assertEqual(summary["skipped"], 0)
         self.assertEqual(summary["parsing_errors"], 0)
diff --git a/tests/terraform/runner/test_runner.py b/tests/terraform/runner/test_runner.py
index f990dddf60..aab501f28e 100644
--- a/tests/terraform/runner/test_runner.py
+++ b/tests/terraform/runner/test_runner.py
@@ -400,6 +400,9 @@ def test_no_missing_ids(self):
             if f'CKV_AWS_{i}' == 'CKV_AWS_188':
                 # CKV_AWS_188 was deleted because it duplicated CKV_AWS_142
                 continue
+            if f'CKV_AWS_{i}' == 'CKV_AWS_384':
+                # CKV_AWS_384 is CFN only
+                continue
             self.assertIn(f'CKV_AWS_{i}', aws_checks, msg=f'The new AWS violation should have the ID "CKV_AWS_{i}"')
 
         gcp_checks = sorted(