SQS policy documents should avoid using wildcards
- GG_ID: GG_IAC_0065
- Severity: HIGH
- Complexity: MEDIUM
- Categories: PERMISSION
- Providers: AWS
- Potential data exposure: True
- Visible in logs: False
- User interaction required: False
- Privileges required: True
#
DescriptionAmazon Simple Queue Service (Amazon SQS) offers a secure, durable, and available hosted queue to integrate and decouple distributed software systems and components.
SQS supports attaching permissions policies to resources. A too permissive policy could grant access to certain undesired resources or actions.
#
ImpactMisconfigured permissions or direct access to storage drives can lead to data leak.
#
Remediation guidelinesReplace the wildcard *
permissions in the configuration file to grant only the
required ones to perform a task. Start with a minimum set of permissions and grant
additional permissions as necessary.