SQS policy documents should avoid using wildcards
| Severity | Exploitability | Providers | Categories |
|---|---|---|---|
| HIGH | MEDIUM | AWS | PERMISSION |
Description
Amazon Simple Queue Service (Amazon SQS) offers a secure, durable, and available hosted queue to integrate and decouple distributed software systems and components.
SQS supports attaching permissions policies to resources. A too permissive policy could grant access to certain undesired resources or actions.
Impact
| Potential data exposure | Visible in logs | User interaction required | Privileges required |
|---|---|---|---|
| True | False | False | True |
Misconfigured permissions or direct access to storage drives can lead to data leak.
Remediation guidelines
Replace the wildcard * permissions in the configuration file to grant only the
required ones to perform a task. Start with a minimum set of permissions and grant
additional permissions as necessary.
References
Was this page helpful?
