Vulnerabilities
Misconfiguration
Runtime Security
Compliance
AWS > SQS >

SQS Cross Account Access

HIGH
Source
CloudSploit
ID
sqs-cross-account-access
management console

SQS Cross Account Access

Ensures SQS policies disallow cross-account access

SQS policies should be carefully restricted to prevent publishing or reading from the queue from unexpected sources. Queue policies can be used to limit these privileges.

Follow the appropriate remediation steps below to resolve the issue.

  1. Log in to the AWS Management Console.

  2. Select the “Services” option and search for SQS. Step

  3. Select the “SQS” queue that needs to be verified by clicking on its “Name”.Step

  4. Scroll down the page and click on the “Access Policy” tab from the bottom panel.Step

  5. Check the “Principal” key under “Access policy (Permissions)” and if set to “*” or an “AWS Account ID” which does not match any of the trusted AWS accounts then the selected “SQS” queue cross-account access is not secured.Step

  6. To edit the selected “SQS” queue permission click on “Edit button”. Step

  7. On the “Edit Queue” page scroll down to “Access policy” and change the “Principal” value from Everyone(*) to relevant AWS Account Id.Step

  8. Click on the “Save” button to make the necessary changes.Step

  9. Repeat steps number 3 - 8 to update the SQS policy to prevent access from external accounts.

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use