Audit your SQS to safe gaurd your data

What we do?

SQS Queue Should Enforce Server Side Encryption

Amazon SQS queues should enforce Server-Side Encryption (SSE) to protect the contents of their messages. This way contents of your messages will be unavailable to unauthorized or anonymous users.

SQS Queue Should Not Have A High Number of Unprocessed Messages

Amazon Simple Queue Service (SQS) queues should not be holding a high number of unsuccessfully-processed messages due to unresponsive or incapacitated consumers.

SQS Queues Should Not Allow Cross Account Access

AWS SQS queues should be configured to allow access only to trusted AWS accounts in order to protect against unauthorized cross account entities.

SQS Queues Should Be Configured With A Dead Letter Queue

AWS SQS queues should be configured to use a Dead Letter Queue (DLQ) in order to help maintain the queue flow and avoid losing data by detecting and mitigating failures and service disruptions on time.

SQS Queues Should Be Encrypted With KMS Customer Master Keys

AWS SQS queues should use KMS CMK customer-managed keys instead of AWS managed-keys in order to benefit from a more granular control over the queues data encryption/decryption process.

SQS Queues Should Not Be Publicly Exposed

There should not be any publicly accessible SQS queues available in your AWS account in order to protect against unauthorized users. Unauthorized access can lead to unauthorized actions such as intercepting, deleting and sending queue messages.