aws-messaging-and-streaming
Pass
Audited by Gen Agent Trust Hub on May 6, 2026
Risk Level: SAFE
Full Analysis
- Secure Secret Management: The skill explicitly advises against hardcoding credentials and recommends using AWS Secrets Manager for broker and Kafka authentication, providing specific implementation details for SASL/SCRAM and Lambda integrations.
- Confused Deputy Protection: It highlights the importance of using
aws:SourceArnandaws:SourceAccountconditions in resource policies and IAM trust policies to prevent unauthorized cross-account access. - Data Encryption: Recommends the use of customer-managed KMS keys for SQS and MSK encryption rather than default AWS-managed keys to maintain better control over cryptographic material.
- Official Security References: Includes links to official AWS security documentation for the Well-Architected Framework and IAM best practices, ensuring the guidance is grounded in established security pillars.
Audit Metadata