SQS With SSE Disabled
- Query id: 6e8849c1-3aa7-40e3-9063-b85ee300f29f
- Query name: SQS With SSE Disabled
- Platform: Terraform
- Severity: Medium
- Category: Encryption
- URL: Github
Description¶
Amazon Simple Queue Service (SQS) queue should protect the contents of their messages using Server-Side Encryption (SSE)
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_sqs_queue" "positive1" {
name = "terraform-example-queue"
kms_data_key_reuse_period_seconds = 300
}
Positive test num. 2 - tf file
resource "aws_sqs_queue" "positive2" {
name = "terraform-example-queue"
kms_master_key_id = ""
kms_data_key_reuse_period_seconds = 300
}
Positive test num. 3 - tf file
resource "aws_sqs_queue" "positive3" {
name = "terraform-example-queue"
kms_master_key_id = null
kms_data_key_reuse_period_seconds = 300
}
Positive test num. 4 - tf file
Positive test num. 5 - tf file
Positive test num. 6 - tf file
Positive test num. 7 - tf file
Code samples without security vulnerabilities¶
Negative test num. 1 - tf file
resource "aws_sqs_queue" "negative1" {
name = "terraform-example-queue"
kms_master_key_id = "alias/aws/sqs"
kms_data_key_reuse_period_seconds = 300
}