Ensure that all your AWS SQS queues are configured to allow access only to trusted AWS accounts in order to protect against unauthorized cross account entities. Prior to running this rule by the Cloud Conformity engine, you need to provide the ID of each trusted AWS account (e.g. 575392584085) that can access your queues by using the rule settings available on the Cloud Conformity Console.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Allowing untrustworthy cross account access to your SQS queues can lead to unauthorized actions such as intercepting, deleting or sending queue messages without permission. To prevent data leaks, data loss and avoid unexpected costs on your AWS bill, limit access only to the trusted entities by implementing the necessary SQS policies.
To determine if there are any AWS SQS queues that allow unknown cross account access, perform the following:
To update your AWS SQS queues permissions in order to allow cross account access only from trusted entities, perform the following: