<  Back to rules search

SQS Queue is not publicly accessible

sqs

Classification:

compliance

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Description

Update Amazon Simple Queue Service (SQS) queue permissions.

Rationale

Publicly-available Amazon SQS queues give unauthorized users access to potentially intercept, delete, or send queue messages, which can lead to data leaks.

Remediation

Console

Follow the Managing access to resources docs to learn how to implement a permissions policy in the AWS console.

CLI

  1. Run list-queues to get a list of queue URLs.

  2. Run get-queue-attributes with a queue URL returned in step 1.

    get-queue-attributes.sh

        aws sqs get-queue-attributes
            --queue-url https://queue.amazonaws.com/123456789012/YourQueue
            --attribute-names Policy
        
  3. Run add-permission to add a new statement to your queue policy.

    add-permission.sh

        aws sqs add-permission
            --queue-url https://queue.amazonaws.com/123456789012/YourQueue
            --label SendMessages
            --aws-account-ids 123456789012
            --actions SendMessage