Ensure SQS queue policy is not public by only allowing specific services or principals to access it

Error: SQS queue policy is public and access is not restricted to specific services or principals

Bridgecrew Policy ID: BC_AWS_GENERAL_91
Checkov Check ID: CKV_AWS_168
Severity: MEDIUM

SQS queue policy is public and access is not restricted to specific services or principals

Description

TBD

Fix - Buildtime

Terraform

  • Resource: aws_sqs_queue_policy
  • Argument: Statement
resource "aws_sqs_queue_policy" "test" {
  ... 
  policy = <<POLICY
{
    "Version":"2012-10-17",
    "Statement":[
       {
          "Principal": "*",
+         "Effect": "Deny",
          "Action": "sqs:SendMessage",
          "Resource": "${aws_sqs_queue_policy.q.arn}"
       }
    ]
}
POLICY
}

Did this page help you?