AWS Security ChangesHomeSearch

AWS config high security documentation change

Service: config · 2025-05-31 · Security-related high

File: config/latest/developerguide/sqs-queue-no-public-access.md

Summary

Added note clarifying SQS policy requirements for non-public access, specifying exclusion of wildcards and IAM policy variables

Security assessment

Similar to SNS change, this update documents security controls to prevent public access through policy restrictions, addressing potential insecure resource exposure risks.

Diff

diff --git a/config/latest/developerguide/sqs-queue-no-public-access.md b/config/latest/developerguide/sqs-queue-no-public-access.md
index f7022adc2..61f71abc8 100644
--- a//config/latest/developerguide/sqs-queue-no-public-access.md
+++ b//config/latest/developerguide/sqs-queue-no-public-access.md
@@ -10,0 +11,4 @@ Checks if the SQS queue access policy allows public access. The rule is NON_COMP
+###### Note
+
+To be considered non-public, an SQS policy must grant access only to fixed values. This means values that don't contain a wildcard or the following IAM policy element: [Variables](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#policy-vars-using-variables).
+