AWS - SQS Persistence
SQS
For more information check:
pageAWS - SQS EnumUsing resource policy
In SQS you need to indicate with an IAM policy who has access to read and write. It's possible to indicate external accounts, ARN of roles, or even "*". The following policy gives everyone in AWS access to everything in the queue called MyTestQueue:
You could even trigger a Lambda in the attackers account every-time a new message is put in the queue (you would need to re-put it) somehow. For this follow these instructinos: https://docs.aws.amazon.com/lambda/latest/dg/with-sqs-cross-account-example.html
Last updated