Ensure Amazon Simple Queue Service (SQS) is not exposed to public

HIGH

Description

Allowing unrestricted, public access to cloud services could open an application up to external attack. Disallowing this access is typically considered best practice.

Remediation

In AWS Console -

Sign in to the AWS console and go to the SQS console.
In the list of Queues, select the Queue to edit.
Select the Access policy tab.
Select Edit and then edit the policy accordingly.
Select Save.

In Terraform -

Review the policy attached to the aws_sqs_queue resource and ensure necessary changes are made.

References:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-add-permissions.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue

Policy Details

Rule Reference ID: AC_AWS_0365

CSP: AWS

Remediation Available: Yes

Domain: Identity and Access Management

Resource: aws_sqs_queue

Resource Category: Messaging

Resource Type: Simple Queue Service (SQS)

Frameworks

GDPR
HIPAA
ISO-27001
NIST-800-171
NIST-800-53
NIST-CSF
PCI-DSSv3.2.1
PCI-DSSv4.0
SOC2

Detections

Analytics