Best practice rules for Amazon Simple Queue Service
Amazon Simple Queue Service (SQS) is a fully managed message queue service that is fast, reliable, and scalable. SQS allows you to offload the administrative burden of operating a highly available messaging cluster, while reducing your costs by only paying for what you use. You can use SQS to manage the transmission of any amount of data, at any level of throughput, while remaining confident that no message will be lost.
Trend Micro Cloud One™ – Conformity monitors Amazon Simple Queue Service with the following rules:
- Queue Server Side Encryption
Ensure Amazon SQS queues enforce Server-Side Encryption (SSE).
- Queue Unprocessed Messages
Ensure SQS queues aren't holding a high number of unprocessed messages due to unresponsive or incapacitated consumers.
- SQS Cross Account Access
Ensure SQS queues don't allow unknown cross account access.
- SQS Dead Letter Queue
Ensure Dead Letter Queue (DLQ) is configured for SQS queue.
- SQS Encrypted With KMS Customer Master Keys
Ensure SQS queues are encrypted with KMS CMKs to gain full control over data encryption and decryption
- SQS Queue Exposed
Ensure SQS queues aren't exposed to everyone.