Ensure there is no policy with an invalid principal format for Amazon Simple Queue Service (SQS) Topic

LOW

Description

Setting a Principal in an access policy will effectively grant users, accounts, or services with access to each SNS Queue. For more information on how to properly assign a Principal within the SNS policy, see the AWS documentation.
References:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-basic-examples-of-sqs-policies.html

Remediation

In AWS Console -

  1. Sign in to the AWS console and go to the SQS console.
  2. In the list of Queues, select the Queue to edit.
  3. Select the Access policy tab.
  4. Select Edit and then edit the policy accordingly.
  5. Select Save.

In Terraform -

  1. Review the policy attached to the aws_sqs_queue resource and ensure necessary changes are made.

References:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-add-permissions.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue

Policy Details

Rule Reference ID: AC_AWS_0485
CSP: AWS
Remediation Available: Yes
Resource: aws_sqs_queue
Resource Category: Messaging

Frameworks