Why aren't messages that I publish to my Amazon SNS topic getting delivered to my subscribed Amazon SQS queue that has server-side encryption activated?

Last updated: 2021-06-21

When I publish messages to my Amazon Simple Notification Service (Amazon SNS) topic, they're not delivered to my Amazon Simple Queue Service (Amazon SQS) queue. How do I fix this issue if my Amazon SNS topic or Amazon SQS queue—or both—have server-side encryption (SSE) activated?

Short description

Your Amazon SQS queue must use a AWS KMS key (KMS key) that is customer managed. This KMS key must include a custom key policy that gives Amazon SNS sufficient key usage permissions.

Note: The required permissions aren't included in the default key policy of the AWS managed KMS key for Amazon SQS, and you can't modify this policy.

If your topic has SSE activated, you must also do the following:

Configure AWS Key Management (AWS KMS) permissions that allow your publisher to publish messages to your encrypted topic.

Resolution