Best practice rules for Amazon Simple Queue Service
Amazon Simple Queue Service (SQS) is a fully managed message queue service that is fast, reliable, and scalable. SQS allows you to offload the administrative burden of operating a highly available messaging cluster, while reducing your costs by only paying for what you use. You can use SQS to manage the transmission of any amount of data, at any level of throughput, while remaining confident that no message will be lost.
Trend Micro Cloud One™ – Conformity monitors Amazon Simple Queue Service with the following rules:
- Queue Server Side Encryption
Ensure Amazon SQS queues enforce Server-Side Encryption (SSE).
- Queue Unprocessed Messages
Ensure AWS SQS queues do not retain a high number of unprocessed messages.
- SQS Cross Account Access
Ensure AWS Simple Queue Service (SQS) queues do not allow unknown cross account access.
- SQS Dead Letter Queue
Ensure there is a Dead Letter Queue configured for each Amazon SQS queue.
- SQS Encrypted With KMS Customer Master Keys
Ensure SQS queues are encrypted with KMS CMKs to gain full control over data encryption and decryption.
- SQS Queue Exposed
Ensure that AWS Simple Queue Service (SQS) queues are not exposed to everyone.