Identify any publicly accessible SQS queues available in your AWS account and update their permissions in order to protect against unauthorized users.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
Allowing anonymous users to have access to your SQS queues can lead to unauthorized actions such as intercepting, deleting and sending queue messages. One common scenario is when the queue owner grants permissions to everyone by setting the Principal to “Everybody (*)” while testing the queue system configuration and the insecure set of permissions reach into production. To avoid data leakage and unexpected costs on your AWS bill, limit access to your queues by implementing the necessary policies.
To determine if there are any exposed SQS queues available in your AWS account, perform the following:
To update the custom policies and set the appropriate permissions to secure any exposed SQS queues, perform the following: