As I come from .Net background, I have always used MSMQ which is obviously very good. Now a days I am working a bit with Amazon Simple Queue Service(SQS) and I find it very cool.
Amazon Simple Queue Service (SQS) is a fully-managed message queuing service for reliably communicating among distributed software components and micro services – at any scale.
Recently Amazon has added one more useful feature into SQS which is Server-Side Encryption.
In the context of Message Queuing, encryption is the process for encoding and decoding messages, ensuring they cannot be read or used by unauthorized persons so now Amazon SQS is even more secured than before.
It gives you ability to store encrypted messages in either standard queue or FIFO queue. You can add it while creating new queue or you can set it in any existing queue as well.
AWS by default provides standr key for all customers which is unique and it is called Customer Master Key (CMK). You can use this key or you can create your own keys for encryption. If you choose to use your own keys, don’t forget to update your KMS key policies so that they allow for encryption and decryption of messages.
So what exactly it encrypts in SQS?
It encrypts the body of a message in an Amazon SQS queue.
It doesn’t encrypt the following components:
- Queue metadata (queue name and attributes)
- Message metadata (message ID, timestamp, and attributes)
- Per-queue metrics
Give it a try!
2 thoughts on “Encryption in Amazon Simple Queue Service (SQS)”
I have configured my sqs queues with default CMK = aws/sqs but when i create and send messages in queue – i can see these messages in plain text. how i am bit confused how this message body gets encrypted ? do i need to add any code while sending messages to queues. ? I am also using .NET core Lambda function for sending messages into SQS queues.
Hey, would this help you? https://aws.amazon.com/blogs/developer/client-side-data-encryption-with-aws-sdk-for-net-and-amazon-s3/