Posted On: May 23, 2017
You can now use HAQM Simple Queue Service (SQS) server-side encryption (SSE) integrated with the AWS Key Management Service (KMS) in the US East (N. Virginia) region. HAQM SQS is a fully managed message queuing service for reliably communicating between distributed software components and microservices – at any scale. You can use HAQM SQS to take advantage of the scale, cost, and operational benefits of a managed messaging service. The addition of server-side encryption allows you to transmit sensitive data with the increased security of using encrypted queues.
HAQM SQS server-side encryption uses the 256-bit Advanced Encryption Standard (AES-256 GCM algorithm) to encrypt each message body. The integration with AWS Key Management Service (KMS) allows you to centrally manage the keys that protect SQS messages along with keys that protect your other AWS resources. AWS KMS logs every use of your encryption keys to AWS CloudTrail to help meet your regulatory and compliance needs.
With this launch, HAQM SQS server-side encryption is now available in the US East (N. Virginia), US East (Ohio), and US West (Oregon) regions, with more regions to follow. There are no additional HAQM SQS charges for using encrypted queues. You are charged for each AWS KMS request. For more information, see "How Do I Estimate My AWS KMS Usage Costs?" in the HAQM SQS Developer Guide. For more information on AWS KMS pricing, see AWS Key Management Service Pricing.
Get started with encrypted queues today using the AWS Management Console and the HAQM SQS API. To learn more, see the following resources:
- HAQM SQS Product Page
- AWS Blog
- The "Server-Side Encryption" section of the HAQM SQS Developer Guide
- HAQM SQS FAQ
