SQS With SSE Disabled
- Query id: 12726829-93ed-4d51-9cbe-13423f4299e1
- Query name: SQS With SSE Disabled
- Platform: CloudFormation
- Severity: Medium
- Category: Encryption
- CWE: 319
- URL: Github
Description¶
Amazon Simple Queue Service (SQS) queue should protect the contents of their messages using Server-Side Encryption (SSE)
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - yaml file
Resources:
MyQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: "SampleQueue"
MyQueue2:
Type: AWS::SQS::Queue
Properties:
QueueName: "SampleQueue"
SqsManagedSseEnabled: false
Positive test num. 2 - json file
{
"Resources": {
"MyQueue": {
"Type": "AWS::SQS::Queue",
"Properties": {
"QueueName": "SampleQueue"
}
},
"MyQueue2": {
"Type": "AWS::SQS::Queue",
"Properties": {
"QueueName": "SampleQueue",
"SqsManagedSseEnabled": "false"
}
}
}
}