fix(aws): avoid false positives in SQS encryption check for ephemeral queues (#8330)

Co-authored-by: Hugo Pereira Brito <101209179+HugoPBrito@users.noreply.github.com>
2025-12-19 05:17:47 +00:00 · 2025-07-23 15:03:02 +02:00
parent a6c88c0d9e
commit 83b328ea92
2 changed files with 8 additions and 0 deletions
--- a/prowler/CHANGELOG.md
+++ b/prowler/CHANGELOG.md
@@ -8,6 +8,9 @@ All notable changes to the **Prowler SDK** are documented in this file.
 - Add `bedrock_api_key_no_administrative_privileges` check for AWS provider [(#8321)](https://github.com/prowler-cloud/prowler/pull/8321)
 - Support App Key Content in GitHub provider [(#8271)](https://github.com/prowler-cloud/prowler/pull/8271)

+### Fixed
+- False positives in SQS encryption check for ephemeral queues [(#8330)](https://github.com/prowler-cloud/prowler/pull/8330)
+
 ---

 ## [v5.9.3] (Prowler UNRELEASED)
--- a/prowler/providers/aws/services/sqs/sqs_service.py
+++ b/prowler/providers/aws/services/sqs/sqs_service.py
@@ -51,6 +51,7 @@ class SQS(AWSService):
    def _get_queue_attributes(self):
        try:
            logger.info("SQS - describing queue attributes...")
+            valid_queues = []
            for queue in self.queues:
                try:
                    regional_client = self.regional_clients[queue.region]
@@ -72,6 +73,7 @@ class SQS(AWSService):
                                == "true"
                            ):
                                queue.kms_key_id = "SqsManagedSseEnabled"
+                    valid_queues.append(queue)
                except ClientError as error:
                    if (
                        error.response["Error"]["Code"]
@@ -84,10 +86,13 @@ class SQS(AWSService):
                        logger.error(
                            f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
                        )
+                        valid_queues.append(queue)
                except Exception as error:
                    logger.error(
                        f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"
                    )
+                    valid_queues.append(queue)
+            self.queues = valid_queues
        except Exception as error:
            logger.error(
                f"{regional_client.region} -- {error.__class__.__name__}[{error.__traceback__.tb_lineno}]: {error}"