AWS config high security documentation change
Summary
Added note clarifying SQS policy requirements for non-public access, specifying exclusion of wildcards and IAM policy variables
Security assessment
Similar to SNS change, this update documents security controls to prevent public access through policy restrictions, addressing potential insecure resource exposure risks.
Diff
diff --git a/config/latest/developerguide/sqs-queue-no-public-access.md b/config/latest/developerguide/sqs-queue-no-public-access.md index f7022adc2..61f71abc8 100644 --- a//config/latest/developerguide/sqs-queue-no-public-access.md +++ b//config/latest/developerguide/sqs-queue-no-public-access.md @@ -10,0 +11,4 @@ Checks if the SQS queue access policy allows public access. The rule is NON_COMP +###### Note + +To be considered non-public, an SQS policy must grant access only to fixed values. This means values that don't contain a wildcard or the following IAM policy element: [Variables](https://docs.aws.amazon.com/IAM/latest/UserGuide/reference_policies_variables.html#policy-vars-using-variables). +