Amazon SQS
š Not enabling server-side encryption for AWS SQS queues leaves the data vulnerable to unauthorized access and breaches. Implementing encryption is crucial for the secure handling of messages within these queues.
- Section: Encryption
- Severity: High
- CWE: CWE-311 Missing Encryption of Sensitive Data
- Assurance Scope: PCI, GDPR, HIPPA, NIST
- Threat Modeling Principal: Information Disclosure
- Rule Set: Threat Modeling - Cloud Configuration Check
š The absence of encryption using the Customer Master Key (CMK) for AWS SQS queues diminishes the control over data security. Utilizing CMKs for encryption significantly enhances data protection and key management.
- Section: Encryption
- Severity: High
- CWE: CWE-653 Insufficient Compartmentalization
- Assurance Scope: PCI, GDPR, HIPPA, NIST
- Threat Modeling Principal: Information Disclosure
- Rule Set: Threat Modeling - Cloud Configuration Check
š Public exposure of AWS SQS queues can lead to severe security issues, including unauthorized access and data leaks. Strict access controls are necessary to protect the integrity and confidentiality of the data within these queues.
- Section: Public Exposure
- Severity: Critical
- CWE: CWE-284 Improper Access Control
- Assurance Scope: PCI, NIST
- Threat Modeling Principal: Information Disclosure
- Rule Set: Threat Modeling - Cloud Configuration Check
Updated 12 months ago
Whatās Next