Posted On: Feb 11, 2020
Amazon SQS is now available through VPC endpoints and also provides server-side encryption (SSE) of queues in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD, allowing you to access Amazon SQS within your Amazon Virtual Private Cloud (Amazon VPC) without traversing the internet.
VPC endpoints for Amazon SQS are powered by Amazon PrivateLink, a highly available, scalable technology that provides secure, private connectivity between VPCs and Amazon Web Services services. Amazon VPC endpoints are easy to configure and provide reliable connectivity to Amazon SQS without requiring an internet gateway, Network Address Translation (NAT) instance, or Amazon Direct Connect connection. With VPC endpoints, the data between your Amazon VPC and Amazon SQS is transferred within the Amazon network, and thus protected from the public internet. You can create an interface VPC endpoint for Amazon SQS in your VPC using the Amazon VPC console, SDK or CLI. You can also access the VPC endpoint from on-premises environments or from other VPCs using Amazon Direct Connect, or VPC Peering.
Amazon SQS server-side encryption uses the 256-bit Advanced Encryption Standard (AES-256 GCM algorithm) to encrypt each message body. The addition of server-side encryption allows you to transmit sensitive data with the increased security of using encrypted queues. The integration with Amazon Key Management Service (KMS) allows you to centrally manage the keys that protect SQS messages along with keys that protect your other Amazon Web Services resources.
To learn more:
- See SQS VPC Endpoints in the Amazon SQS Developer Guide.
- See Protecting Data Using Server-Side Encryption (SSE) and Amazon KMS in the Amazon SQS Developer Guide