Posted On: Dec 20, 2021

Amazon Simple Queue Service (SQS) now provides managed server-side encryption in Amazon Web Services China (Beijing) Region, operated by Sinnet, and Amazon Web Services China (Ningxia) Region, operated by NWCD using SQS owned encryption keys (SSE-SQS) to protect sensitive data. SSE-SQS helps you build security-sensitive applications to support your encryption compliance and regulatory requirements.

Amazon SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. Using Amazon SQS, you can send, store, and receive messages between software components at any volume without losing messages or requiring other services to be available. Customers are increasingly decoupling their monolith applications to microservices and moving sensitive workloads to Amazon SQS, such as financial and healthcare applications with encryption requirements. Now SSE-SQS helps you transmit data securely and improve your security posture.

Amazon SQS already supports server-side encryption with customer-provided encryption keys using the Amazon Web Services Key Management Service (SSE-KMS). When creating a new queue, you can now use either the SSE-SQS or the SSE-KMS. With the SSE-SQS, you do not need to create or manage any encryption keys. Both encryption options help to reduce the operational burden and complexity involved in protecting data. They encrypt data using industry-standard AES-256 algorithms, so that only authorized roles and services can access data.

With SSE-SQS, you do not have to make any code or application modifications to encrypt your data. Encryption at rest using SSE-SQS is provided at no additional charge. SQS handles the encryption and decryption of your data transparently and continues to deliver the same performance that you have come to expect.

To learn more about SSE-SQS on Amazon SQS, please visit the Amazon SQS documentation.