Posted On: Nov 23, 2021
Amazon Simple Queue Service (SQS) now provides managed server-side encryption using SQS owned encryption keys (SSE-SQS) to protect sensitive data. SSE-SQS helps you build security-sensitive applications to support your encryption compliance and regulatory requirements.
Amazon SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. Using Amazon SQS, you can send, store, and receive messages between software components at any volume without losing messages or requiring other services to be available. Customers are increasingly decoupling their monolith applications to microservices and moving sensitive workloads to Amazon SQS, such as financial and healthcare applications with encryption requirements. Now SSE-SQS helps you transmit data securely and improve your security posture.
Amazon SQS already supports server-side encryption with customer-provided encryption keys using the AWS Key Management Service (SSE-KMS). When creating a new queue, you can now use either the SSE-SQS or the SSE-KMS. With the SSE-SQS, you do not need to create or manage any encryption keys. Both encryption options help to reduce the operational burden and complexity involved in protecting data. They encrypt data using industry-standard AES-256 algorithms, so that only authorized roles and services can access data.
With SSE-SQS, you do not have to make any code or application modifications to encrypt your data. Encryption at rest using SSE-SQS is provided at no additional charge. SQS handles the encryption and decryption of your data transparently and continues to deliver the same performance that you have come to expect.
Support for SSE-SQS is available in all AWS Commercial and GovCloud Regions except the China Regions. To learn more about SSE-SQS on Amazon SQS, please visit the Amazon SQS documentation.