Amazon SQS

1.13: AWS SQS Server-Side Encryption is not enabled

๐Ÿ“˜ Not enabling server-side encryption for AWS SQS queues leaves the data vulnerable to unauthorized access and breaches. Implementing encryption is crucial for the secure handling of messages within these queues.

  • Section: Encryption
  • Severity: High
  • CWE: CWE-311 Missing Encryption of Sensitive Data
  • Assurance Scope: PCI, GDPR, HIPPA, NIST
  • Threat Modeling Principal: Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

1.14: AWS SQS Queue is not Encrypted with Customer Master Key (CMK)

๐Ÿ“˜ The absence of encryption using the Customer Master Key (CMK) for AWS SQS queues diminishes the control over data security. Utilizing CMKs for encryption significantly enhances data protection and key management.

  • Section: Encryption
  • Severity: High
  • CWE: CWE-653 Insufficient Compartmentalization
  • Assurance Scope: PCI, GDPR, HIPPA, NIST
  • Threat Modeling Principal: Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

3.6: AWS SQS Queue is exposed to the Public

๐Ÿ“˜ Public exposure of AWS SQS queues can lead to severe security issues, including unauthorized access and data leaks. Strict access controls are necessary to protect the integrity and confidentiality of the data within these queues.

  • Section: Public Exposure
  • Severity: Critical
  • CWE: CWE-284 Improper Access Control
  • Assurance Scope: PCI, NIST
  • Threat Modeling Principal: Information Disclosure
  • Rule Set: Threat Modeling - Cloud Configuration Check

Updated 5 months ago

Whatโ€™s Next