Posted On: May 23, 2017

You can now use Amazon Simple Queue Service (SQS) server-side encryption (SSE) integrated with the AWS Key Management Service (KMS) in the US East (N. Virginia) region. Amazon SQS is a fully managed message queuing service for reliably communicating between distributed software components and microservices – at any scale. You can use Amazon SQS to take advantage of the scale, cost, and operational benefits of a managed messaging service. The addition of server-side encryption allows you to transmit sensitive data with the increased security of using encrypted queues. 

Amazon SQS server-side encryption uses the 256-bit Advanced Encryption Standard (AES-256 GCM algorithm) to encrypt each message body. The integration with AWS Key Management Service (KMS) allows you to centrally manage the keys that protect SQS messages along with keys that protect your other AWS resources. AWS KMS logs every use of your encryption keys to AWS CloudTrail to help meet your regulatory and compliance needs. 

With this launch, Amazon SQS server-side encryption is now available in the US East (N. Virginia), US East (Ohio), and US West (Oregon) regions, with more regions to follow. There are no additional Amazon SQS charges for using encrypted queues. You are charged for each AWS KMS request. For more information, see "How Do I Estimate My AWS KMS Usage Costs?" in the Amazon SQS Developer Guide. For more information on AWS KMS pricing, see AWS Key Management Service Pricing

Get started with encrypted queues today using the AWS Management Console and the Amazon SQS API. To learn more, see the following resources:

SQSSSE_NoPlayButton-5-23