Aws Public Queue
Description
Detects Amazon SQS queues that are configured with overly permissive access policies that allow public access. A publicly accessible queue poses a security risk as it could allow any AWS user to send or receive messages, potentially exposing sensitive data or enabling denial of service attacks.
Detection Strategy
• Scans all SQS queues in the specified AWS region
• Examines each queue's resource policy for statements that have Effect: Allow
• Checks if the Principal is set to '*' or {'AWS': '*'} indicating public access
• Verifies there are no Condition elements that would restrict the access
• Reports a vulnerability if any queue policy grants unrestricted public access
Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan.If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.