TF 0153 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
SQS queue should be encrypted with a CMK.
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Service | sqs |
| Provider | AWS |
| Vulnerability Type | misconfiguration |
Description
The SQS queue is encrypted using the default AWS managed KMS key instead of a customer-managed key, limiting fine-grained access controls and key management. This configuration reduces the ability to restrict or audit access to the queue's encrypted data.
Impact
If compromised, attackers could potentially access the SQS queue's messages due to weaker key management and broader access to default keys. This increases the risk of unauthorized data exposure and limits the ability to enforce strict security policies or respond to breaches.
Resolution
Encrypt SQS Queue with a customer-managed key