Encryption in Amazon Simple Queue Service (SQS)

encryption-locks

As I come from .Net background, I have always used MSMQ which is obviously very good. Now a days I am working a bit with Amazon Simple Queue Service(SQS) and I find it very cool.

Amazon Simple Queue Service (SQS) is a fully-managed message queuing service for reliably communicating among distributed software components and micro services – at any scale.

Recently Amazon has added one more useful feature into SQS which is Server-Side Encryption.

In the context of Message Queuing, encryption is the process for encoding and decoding messages, ensuring they cannot be read or used by unauthorized persons so now Amazon SQS is even more secured than before.

It gives you ability to store encrypted messages in either standard queue or FIFO queue. You can add it while creating new queue or you can set it in any existing queue as well.

AWS by default provides standr key for all customers which is unique and it is called  Customer Master Key (CMK). You can use this key or you can create your own keys for encryption. If you choose to use your own keys, don’t forget to update your KMS key policies so that they allow for encryption and decryption of messages.

sqs_set_encrypt_2

So what exactly it encrypts in SQS?

It encrypts the body of a message in an Amazon SQS queue.

It doesn’t encrypt the following components:

  • Queue metadata (queue name and attributes)
  • Message metadata (message ID, timestamp, and attributes)
  • Per-queue metrics

Give it a try!

Advertisements

Blog at WordPress.com.

Up ↑