Posted On: Apr 28, 2017

You can now use Amazon Simple Queue Service (SQS) to exchange sensitive data between applications using server-side encryption (SSE) integrated with the AWS Key Management Service (KMS). Amazon SQS is a fully managed message queuing service for reliably communicating between distributed software components and microservices – at any scale. You can use Amazon SQS to take advantage of the scale, cost, and operational benefits of a managed messaging service. The addition of server-side encryption allows you to transmit sensitive data with the increased security of using encrypted queues.

Amazon SQS server-side encryption uses the 256-bit Advanced Encryption Standard (AES-256 GCM algorithm) to encrypt each message body. The integration with AWS Key Management Service (KMS) allows you to centrally manage the keys that protect SQS messages along with keys that protect your other AWS resources. AWS KMS logs every use of your encryption keys to AWS CloudTrail to help meet your regulatory and compliance needs.

Amazon SQS server-side encryption is now available in the US West (Oregon) and US East (Ohio) regions, with more regions to follow. There are no additional Amazon SQS charges for using encrypted queues. There are additional charges for using AWS KMS. For more information, see "How Do I Estimate My Customer Master Key (CMK) Usage Costs?" in the Amazon SQS Developer Guide. For more information on AWS KMS pricing, see AWS Key Management Service Pricing.

Get started with encrypted queues today using the AWS Management Console and the Amazon SQS API. To learn more, see the following resources:

• The "Server-Side Encryption" section of the Amazon SQS Developer Guide
AWS Blog
Amazon SQS FAQ