Aqua CSPM

Queue Service All Access ACL

Quick Info

Plugin TitleQueue Service All Access ACL
CloudAZURE
CategoryQueue Service
DescriptionEnsures queues do not allow full write, delete, or read ACL permissions
More InfoQueues can be configured to allow object read, write or delete. This option should not be configured unless there is a strong business requirement.
AZURE Linkhttps://docs.microsoft.com/en-us/azure/storage/queues/storage-quickstart-queues-portal
Recommended ActionDisable global read, write, delete policies on all queues and ensure the ACL is configured with least privileges.

Detailed Remediation Steps

  1. Log into the Microsoft Azure Management Console.
  2. Select the “Search resources, services, and docs” option at the top and search for Storage account.
  3. Select the “Storage account” by clicking on the “Name” link to access the configuration changes.
  4. Click on the “Overveiw” in the selected “Storage account” and scroll down the right side of the settings and click on the “Queues” option under “Services”.
  5. Select the “Queue” by clicking on the “Name” link to access the configuration changes.
  6. In the selected “Queue”, click on the “Access Policy” and check the “Permissions” assosciated with the “Queue”. If the “Queue” allows full write, delete, or read ACL permissions then the selected “Queue” is not as per the standard configurations.
  7. Repeat steps number 2 - 6 to verify other “Queues” in the Azure account.
  8. Navigate to the “Storage accounts”, select the “Storage account” and click on the “Name”, select the “Overview” options and select the “Queue” by clicking on the “Name” as a link to access the configurations.
  9. On the “Queue” configuration click on the “Access Policy” option and select the “Edit” option to make the changes.
  10. Uncheck the global read/write/detele policies under the “Permissions” and click on the “OK” button to make the changes.
  11. Click on the “Save” button at the top to save the configuration changes.
  12. Repeat steps number 8 - 11 to ensures “Queues” do not allow full write, delete, or read ACL permissions.