Data protection

SES Identity with public access policy

Description

Amazon Simple Email Service (SES) is an email service that enables developers to send mail from within any application. It was detected that the identity {AwsSesIdentity} has access policy which grants public access to all AWS accounts and users. Therefore, unauthorized AWS accounts and users can take every action from policy actions.
  • Recommended Mitigation

    It is recommended to configure the identity's access policy with permissions to known parties only, in order to restrict who can take actions. For more information: <a href="https://docs.aws.amazon.com/ses/latest/dg/sending-authorization-identity-owner-tasks-management.html" target="_blank" rel="noopener noreferrer">https://docs.aws.amazon.com/ses/latest/dg/sending-authorization-identity-owner-tasks-management.html</a>