SQS queue should not be accessible over the public internet

sqs
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Description

Update Amazon Simple Queue Service (SQS) queue permissions.

Rationale

Publicly-available Amazon SQS queues give unauthorized users access to potentially intercept, delete, or send queue messages, which can lead to data leaks.

Remediation

From the console

Follow the Managing access to resources docs to learn how to implement a permissions policy in the AWS console.

From the command line

  1. Run the list-queues command to get a list of queue URLs.

    aws sqs list-queues --region insert-your-region-here

  2. Run the get-queue-attributes command with a queue URL returned in step 1.

    aws sqs get-queue-attributes \
    --queue-url https://queue.amazonaws.com/123456789012/YourQueue \
    --attribute-names Policy

  3. Run the remove-permission command to remove any unwanted permissions from your queue policy.

    aws sqs remove-permission \
    --region insert-your-region-here \
    --queue-url https://queue.amazonaws.com/YourAccountID/YourQueue \
    --label insert-label-name \
    --aws-account-ids insert-aws-account-ids-here \
    --actions insert-action-to-remove

  4. Run the add-permission command to add a new permission to your queue policy.

    aws sqs add-permission \
    --queue-url https://queue.amazonaws.com/YourAccountID/YourQueue \
    --label insert-label-name \
    --aws-account-ids insert-aws-account-ids-here \
    --actions insert-action-to-add

  5. Complete steps 2 through 4 for any remaining queue URLs returned from step 1 for each region you have SQS enabled.

PREVIEWING: aliciascott/DOCS-9725-Cloudcraft