Identify any publicly accessible SQS queues available in your AWS account and update their permissions in order to protect against unauthorized users.
Allowing anonymous users to have access to your SQS queues can lead to unauthorized actions such as intercepting, deleting and sending queue messages. One common scenario is when the queue owner grants permissions to everyone by setting the Principal to “Everybody (*)” while testing the queue system configuration and the insecure set of permissions reach into production. To avoid data leakage and unexpected costs on your AWS bill, limit access to your queues by implementing the necessary policies.
To determine if there are any exposed SQS queues available in your AWS account, perform the following:
To update the custom policies and set the appropriate permissions to secure any exposed SQS queues, perform the following: