Ensure SQS queue policy is not public by only allowing specific services or principals to access it
Error: SQS queue policy is public and access is not restricted to specific services or principals
Bridgecrew Policy ID: BC_AWS_GENERAL_91
Checkov Check ID: CKV_AWS_168
Severity: MEDIUM
SQS queue policy is public and access is not restricted to specific services or principals
Description
TBD
Fix - Buildtime
Terraform
- Resource: aws_sqs_queue_policy
- Argument: Statement
resource "aws_sqs_queue_policy" "test" {
...
policy = <<POLICY
{
"Version":"2012-10-17",
"Statement":[
{
"Principal": "*",
+ "Effect": "Deny",
"Action": "sqs:SendMessage",
"Resource": "${aws_sqs_queue_policy.q.arn}"
}
]
}
POLICY
}
Updated 4 months ago
Did this page help you?