Ensure SQS queue policy is not publicly accessible

Error: SQS queue policy is publicly accessible

Bridgecrew Policy ID: BC_AWS_PUBLIC_4
Severity: HIGH

SQS queue policy is publicly accessible


AWS SQS is a hosted queue service that lets you integrate distributed software systems and components. It provides a generic web services API and it can be accessed by any programming language supported by AWS SDK.

Public SQS queues potentially expose existing interfaces to unwanted 3rd parties that can tap into an existing data stream, resulting in data leak to an unwanted party.

Fix - Runtime

AWS Console

To change the policy using the AWS Console, follow these steps:

  1. Log in to the AWS Management Console at https://console.aws.amazon.com/.
  2. Open the Amazon SQS console.
  3. Select an SQS queue and navigate to the Permissions tab.
  4. Select the queue policy, click Edit.
  5. Navigate to the Principal section.
  6. Clear the Everybody (*) checkbox and enter the AWS account ID of the person allowed or denied (based on your access requirements).
  7. To update the policy, select Save Changes.