SQS policy documents should avoid using wildcards
Severity | Exploitability | Providers | Categories |
---|---|---|---|
HIGH | MEDIUM | AWS | PERMISSION |
Description
Amazon Simple Queue Service (Amazon SQS) offers a secure, durable, and available hosted queue to integrate and decouple distributed software systems and components.
SQS supports attaching permissions policies to resources. A too permissive policy could grant access to certain undesired resources or actions.
Impact
Potential data exposure | Visible in logs | User interaction required | Privileges required |
---|---|---|---|
True | False | False | True |
Misconfigured permissions or direct access to storage drives can lead to data leak.
Remediation guidelines
Replace the wildcard *
permissions in the configuration file to grant only the
required ones to perform a task. Start with a minimum set of permissions and grant
additional permissions as necessary.