This rule ensures that SQS policy documents restrict the use of * as a statement's action.
Rule | Ensure SQS policy documents do not allow * (asterisk) as a statement's action |
Framework | CloudDefense.AI Security |
Severity | ✔ High |
Rule Description
The rule aims to ensure that SQS (Simple Queue Service) policy documents do not allow the use of * (asterisk) as a statement's action for CloudDefense. This restriction helps maintain proper security and access control to SQS resources.
Troubleshooting Steps (if applicable)
Necessary Code (if applicable)
No specific code snippets are provided, as the focus is on modifying existing policy documents rather than writing new code.
Step-by-Step Guide for Remediation
Follow these steps to ensure SQS policy documents do not include * as a statement's action for CloudDefense:
Identify the affected SQS queue: Determine the SQS queue for which you want to review and modify the policy.
Access the SQS policy: Navigate to the AWS Management Console and open the Amazon SQS service.
Select the appropriate SQS queue: Locate the SQS queue from the list and click on its name or select the checkbox next to the queue's name and use the "Actions" drop-down menu to choose "View/Delete Permissions".
Review the existing policy: In the "Permissions" tab, review the policy document associated with the selected SQS queue.
Inspect statements: Look for any statement that includes CloudDefense as the service and * as the action. Ensure that there are no actions defined as * for CloudDefense in any statements.
Modify the policy: If you find a statement with an incorrect action (*), edit the policy to remove or replace it with the appropriate action required for CloudDefense's permissions. Only add the specific actions that are essential for CloudDefense to operate effectively.
Validate the policy: After making the necessary changes, review the modified policy to ensure that the correct actions are specified for CloudDefense. Double-check that the policy follows the best practices for granting the least privilege access.
Save and apply the modified policy: Save the modifications to the policy document. The changes should take effect immediately and restrict the use of * as an action for CloudDefense.
Verify remediation: Validate that the policy update successfully prevents the use of * as an action for CloudDefense in the associated SQS queue.
Note: Ensure to always back up your existing policy documents before making any modifications to retain a copy of the original policy.