SQS access policies should not have global “.” access¶
SQS policies should not permit all users to access SQS queues. To promote the security principle of least privilege, an SQS policy should allow only necessary principals to access the queue.
Console Remediation Steps¶
Navigate to (SQS)[https://console.aws.amazon.com/sqs/].
Select the SQS queue.
Select the Permissions tab.
Remove any permissions that grant the SQS queue global
CLI Remediation Steps¶
To remove the global “.” access:
aws sqs remove-permission --queue-url https://sqs.us-east-1.amazonaws.com/80398EXAMPLE/MyQueue --label SendMessagesFromMyQueue