Posted On: Apr 28, 2017
You can now use HAQM Simple Queue Service (SQS) to exchange sensitive data between applications using server-side encryption (SSE) integrated with the AWS Key Management Service (KMS). HAQM SQS is a fully managed message queuing service for reliably communicating between distributed software components and microservices – at any scale. You can use HAQM SQS to take advantage of the scale, cost, and operational benefits of a managed messaging service. The addition of server-side encryption allows you to transmit sensitive data with the increased security of using encrypted queues.
HAQM SQS server-side encryption uses the 256-bit Advanced Encryption Standard (AES-256 GCM algorithm) to encrypt each message body. The integration with AWS Key Management Service (KMS) allows you to centrally manage the keys that protect SQS messages along with keys that protect your other AWS resources. AWS KMS logs every use of your encryption keys to AWS CloudTrail to help meet your regulatory and compliance needs.
HAQM SQS server-side encryption is now available in the US West (Oregon) and US East (Ohio) regions, with more regions to follow. There are no additional HAQM SQS charges for using encrypted queues. There are additional charges for using AWS KMS. For more information, see "How Do I Estimate My Customer Master Key (CMK) Usage Costs?" in the HAQM SQS Developer Guide. For more information on AWS KMS pricing, see AWS Key Management Service Pricing.
Get started with encrypted queues today using the AWS Management Console and the HAQM SQS API. To learn more, see the following resources:
• The "Server-Side Encryption" section of the HAQM SQS Developer Guide
• AWS Blog
• HAQM SQS FAQ