Ensure SQS queue policy is not publicly accessible
Error: SQS queue policy is publicly accessible
Bridgecrew Policy ID: BC_AWS_PUBLIC_4
SQS queue policy is publicly accessible
AWS SQS is a hosted queue service that lets you integrate distributed software systems and components. It provides a generic web services API and it can be accessed by any programming language supported by AWS SDK.
Public SQS queues potentially expose existing interfaces to unwanted 3rd parties that can tap into an existing data stream, resulting in data leak to an unwanted party.
Fix - Runtime
To change the policy using the AWS Console, follow these steps:
- Log in to the AWS Management Console at https://console.aws.amazon.com/.
- Open the Amazon SQS console.
- Select an SQS queue and navigate to the Permissions tab.
- Select the queue policy, click Edit.
- Navigate to the Principal section.
- Clear the Everybody (*) checkbox and enter the AWS account ID of the person allowed or denied (based on your access requirements).
- To update the policy, select Save Changes.
Updated almost 2 years ago