Identify any publicly accessible SQS queues available in your AWS account and update their permissions in order to protect against unauthorized users.
This rule can help you with the following compliance standards:
- Payment Card Industry Data Security Standard (PCI DSS)
- General Data Protection Regulation (GDPR)
- APRA
- MAS
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Allowing anonymous users to have access to your SQS queues can lead to unauthorized actions such as intercepting, deleting and sending queue messages. One common scenario is when the queue owner grants permissions to everyone by setting the Principal to “Everybody (*)” while testing the queue system configuration and the insecure set of permissions reach into production. To avoid data leakage and unexpected costs on your AWS bill, limit access to your queues by implementing the necessary policies.
Audit
To determine if there are any exposed SQS queues available in your AWS account, perform the following:
Remediation / Resolution
To update the custom policies and set the appropriate permissions to secure any exposed SQS queues, perform the following:
References
- AWS Documentation
- Amazon SQS FAQs
- Access Control Using AWS Identity and Access Management (IAM)
- IAM Policy Elements Reference
- Key Concepts
- AWS Command Line Interface (CLI) Documentation
- sqs
- list-queues
- get-queue-attributes
- remove-permission
- add-permission
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
SQS Queue Exposed
Risk level: High