/
AWS-SQS-SQS-Public-Access

AWS-SQS-SQS-Public-Access

Severity : Critical

Description: This controls ensures that SQS queue policy only allow access to specific service or principal to access the queue.Allowing anonymous users to have access to SQS queues can lead to unauthorized actions such as intercepting, deleting and sending queue messages. To avoid data leakage and unexpected costs on your AWS bill, limit access to queues by implementing the necessary policies. When granting permissions only specific users must be given permissions, the resource they get permissions for, and the specific actions that allow on the resource by implementing least-privilege access.

Remediation Steps:

Perform following to modify the default security group for VPC:

  1. Login to the AWS Management Console at https://console.aws.amazon.com.

  2. Navigate to SQS console.

  3. Select SQS queue reported from the list of SQS queues.

  4. Navigate to the Access Policy.

  5. Select the queue policy, click Edit.

  6. Edit Action statement to replace wildcard(*) to specific actions required for role or users.

  7. Edit Resources statement to include specific SQS queues the action is allowed.

  8. Edit Principal from wildcard(*) to specific IAM Users or Role ARN allowed to perform the action on the resources specified.

  9. select Save Changes.

Important:

Reference:

Related content

AWS-CloudFront-Public-S3-CloudFront-Origin
AWS-CloudFront-Public-S3-CloudFront-Origin
Read with this
AWS-EC2-Default-Security-Group
AWS-EC2-Default-Security-Group
Read with this
AWS-IAM-Unexpected-Admin-Privilege-Principal
AWS-IAM-Unexpected-Admin-Privilege-Principal
Read with this
AWS-EC2-VPC-Endpoint-Exposed
AWS-EC2-VPC-Endpoint-Exposed
Read with this
AWS-ES-ElasticSearch-Exposed-Domain
AWS-ES-ElasticSearch-Exposed-Domain
Read with this
AWS-EC2-Insecure-EC2-Metadata-Options
AWS-EC2-Insecure-EC2-Metadata-Options
Read with this

Blue Hexagon Proprietary