Control: AWS > SQS > Queue > Policy > Trusted Access
Take an action when AWS SQS queue policy is not trusted based on the AWS > SQS > Queue > Policy > Trusted Access > * policies.
The Trusted Access control evaluates the queue policy against the list of allowed members in each of the Trusted Access sub-policies (Trusted Access > Accounts, Trusted Access > Services etc.), this control raises an alarm and takes the defined enforcement action.
The account that owns the queue will always be trusted, even if its account ID is not included in the Trusted Accounts policy.
If set to Enforce: Revoke untrusted access, access to non-trusted members will be removed.
Resource Types
This control targets the following resource types:
Primary Policies
The following policies can be used to configure this control:
- Trusted Access
- Trusted Access > Accounts
- Trusted Access > Organization Restrictions
- Trusted Access > Services
Category
In Your Workspace
Developers
- tmod:@turbot/aws-sqs#/control/types/queuePolicyTrustedAccess
- tmod:@turbot/turbot#/control/categories/securityTrustedAccess
- turbot graphql controls --filter "controlTypeId:tmod:@turbot/aws-sqs#/control/types/queuePolicyTrustedAccess"
Get Controls
Control Type URI
Category URI
GraphQL
CLI