AWS-SQS-SQS-Public-Access

Severity : Critical

Description: This controls ensures that SQS queue policy only allow access to specific service or principal to access the queue.Allowing anonymous users to have access to SQS queues can lead to unauthorized actions such as intercepting, deleting and sending queue messages. To avoid data leakage and unexpected costs on your AWS bill, limit access to queues by implementing the necessary policies. When granting permissions only specific users must be given permissions, the resource they get permissions for, and the specific actions that allow on the resource by implementing least-privilege access.

Remediation Steps:

Perform following to modify the default security group for VPC:

1. Login to the AWS Management Console at https://console.aws.amazon.com.

2. Navigate to SQS console.

3. Select SQS queue reported from the list of SQS queues.

4. Navigate to the Access Policy.

5. Select the queue policy, click Edit.

6. Edit Action statement to replace wildcard(*) to specific actions required for role or users.

7. Edit Resources statement to include specific SQS queues the action is allowed.

8. Edit Principal from wildcard(*) to specific IAM Users or Role ARN allowed to perform the action on the resources specified.

9. select Save Changes.

Important:

Reference:

• Configuring an access policy in Amazon SQS - Amazon Simple Queue Service