Data protection

SES Identity with public access policy

Risk Level

Hazardous (3)

Platform(s)
Compliance Frameworks

Description

Amazon Simple Email Service (SES) is an email service that enables developers to send mail from within any application. It was detected that the identity {AwsSesIdentity} has access policy which grants public access to all AWS accounts and users. Therefore, unauthorized AWS accounts and users can take every action from policy actions.

  • Recommended Mitigation

    It is recommended to configure the identity's access policy with permissions to known parties only, in order to restrict who can take actions. For more information: <a href="https://docs.aws.amazon.com/ses/latest/dg/sending-authorization-identity-owner-tasks-management.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/ses/latest/dg/sending-authorization-identity-owner-tasks-management.html</a>

Need help?

Get a free Security Risk Assessment. Start today

See Orca in action See Orca in action-> View a 10 minute recorded demo or sign up for a personalized one-on-one walk-through.