BOM - AWS SQS
- Query id: baecd2da-492a-4d59-b9dc-29540a1398e0
- Query name: BOM - AWS SQS
- Platform: Terraform
- Severity: Trace
- Category: Bill Of Materials
- URL: Github
Description¶
A list of SQS resources specified. Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
Documentation
Code samples¶
Code samples with security vulnerabilities¶
Positive test num. 1 - tf file
resource "aws_sqs_queue" "positive1" {
name = "terraform-example-queue"
delay_seconds = 90
max_message_size = 2048
message_retention_seconds = 86400
receive_wait_time_seconds = 10
redrive_policy = jsonencode({
deadLetterTargetArn = aws_sqs_queue.terraform_queue_deadletter.arn
maxReceiveCount = 4
})
tags = {
Environment = "production"
}
}
resource "aws_sqs_queue_policy" "positive1" {
queue_url = aws_sqs_queue.positive1.id
policy = <<POLICY
{
"Version": "2012-10-17",
"Id": "sqspolicy",
"Statement": [
{
"Sid": "First",
"Effect": "Allow",
"Principal": "*",
"Action": "sqs:SendMessage",
"Resource": "aws_sqs_queue.positive1.arn"
}
]
}
POLICY
}
Positive test num. 2 - tf file
resource "aws_sqs_queue" "positive2" {
name = "terraform-example-queue"
delay_seconds = 90
max_message_size = 2048
message_retention_seconds = 86400
receive_wait_time_seconds = 10
redrive_policy = jsonencode({
deadLetterTargetArn = aws_sqs_queue.terraform_queue_deadletter.arn
maxReceiveCount = 4
})
tags = {
Environment = "production"
}
}
resource "aws_sqs_queue_policy" "positive2" {
queue_url = aws_sqs_queue.positive2.id
policy = <<POLICY
{
"Version": "2012-10-17",
"Id": "sqspolicy",
"Statement": [
{
"Sid": "First",
"Effect": "Allow",
"Principal" : {
"AWS": [
"arn:aws:iam::123456789012:root",
"arn:aws:iam::555555555555:root"
]
},
"Action": "sqs:SendMessage",
"Resource": "aws_sqs_queue.positive2.arn"
}
]
}
POLICY
}
Positive test num. 3 - tf file
resource "aws_sqs_queue" "positive3" {
name = "terraform-example-queue"
delay_seconds = 90
max_message_size = 2048
message_retention_seconds = 86400
receive_wait_time_seconds = 10
redrive_policy = jsonencode({
deadLetterTargetArn = aws_sqs_queue.terraform_queue_deadletter.arn
maxReceiveCount = 4
})
tags = {
Environment = "production"
}
policy = <<POLICY
{
"Version": "2012-10-17",
"Id": "sqspolicy",
"Statement": [
{
"Sid": "First",
"Effect": "Allow",
"Principal": "*",
"Action": "sqs:SendMessage",
"Resource": "aws_sqs_queue.positive3.arn"
}
]
}
POLICY
}
Positive test num. 4 - tf file
resource "aws_sqs_queue" "positive4" {
name = "terraform-example-queue"
delay_seconds = 90
max_message_size = 2048
message_retention_seconds = 86400
receive_wait_time_seconds = 10
redrive_policy = jsonencode({
deadLetterTargetArn = aws_sqs_queue.terraform_queue_deadletter.arn
maxReceiveCount = 4
})
tags = {
Environment = "production"
}
policy = <<POLICY
{
"Version": "2012-10-17",
"Id": "sqspolicy",
"Statement": [
{
"Sid": "First",
"Effect": "Allow",
"Principal" : {
"AWS": [
"arn:aws:iam::123456789012:root",
"arn:aws:iam::555555555555:root"
]
},
"Action": "sqs:SendMessage",
"Resource": "aws_sqs_queue.positive4.arn"
}
]
}
POLICY
}
Positive test num. 5 - tf file
resource "aws_sqs_queue" "positive5" {
name = "terraform-example-queue"
delay_seconds = 90
max_message_size = 2048
message_retention_seconds = 86400
receive_wait_time_seconds = 10
redrive_policy = jsonencode({
deadLetterTargetArn = aws_sqs_queue.terraform_queue_deadletter.arn
maxReceiveCount = 4
})
tags = {
Environment = "production"
}
sqs_managed_sse_enabled = true
}