Severity Framework
Snyk CCSS
Rule category
General / Best Practices
Is your enviroment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsFrameworks
CIS-Controls
CSA-CCM
ISO-27001
SOC-2
- Snyk ID SNYK-CC-00322
- credit Snyk Research Team
Description
Using the wildcard action in an SQS policy grants permission to perform any action, which is against 'least privilege' principle.
How to fix?
Ensure that the Action field in the policy heredoc is set to specific actions, for examplesqs:SendMessage.
Example Configuration
resource "aws_sqs_queue_policy" "q" {
policy = <<POLICY
{
"Statement": [
{
"Effect": "Allow",
"Principal": "*",
"Action": "sqs:SendMessage",
# other required fields here
}
]
}
POLICY
}