Short description
-----------------

Your Amazon SQS queue must use an [AWS KMS key (KMS key) that is customer managed](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#custome). This KMS key must include a custom [key policy](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key_permissions) that gives Amazon SNS sufficient key usage permissions.

**Note:** The required permissions aren't included in the default key policy of the AWS managed KMS key for Amazon SQS, and you can't modify this policy.

If your topic has SSE activated, then you must also do the following:

[Configure AWS Key Management (AWS KMS) permissions that allow your publisher to publish messages to your encrypted topic](https://docs.aws.amazon.com/sns/latest/dg/sns-key-management.html#sns-what-permissions-for-sse).

Resolution
----------

Complete the following steps:

1. [Create a new customer managed KMS key with a key policy that has the required permissions for Amazon SNS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-key-management.html#compatibility-with-aws-services).
2. [Configure SSE for your Amazon SQS queue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html#sqs-configure-sse-existing-queue-console) using the custom KMS key that you just created.
3. If your Amazon SNS topic has SSE activated: [Configure AWS KMS permissions that allow your publisher to publish messages to your encrypted topic](https://docs.aws.amazon.com/sns/latest/dg/sns-key-management.html#sns-what-permissions-for-sse).

For more information, see [Activating server-side encryption (SSE) for an Amazon SNS topic with an encrypted Amazon SQS queue subscribed](https://docs.aws.amazon.com/sns/latest/dg/sns-enable-encryption-for-topic-sqs-queue-subscriptions.html).

**Note:** To troubleshoot other message delivery issues, see [Amazon SNS message delivery status](https://docs.aws.amazon.com/sns/latest/dg/sns-topic-attributes.html).

Related information
-------------------

[Encryption at rest for Amazon SQS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html)

[Encryption at rest for Amazon SNS data](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html)

[Configuring server-side encryption (SSE) for an SNS topic](https://docs.aws.amazon.com/sns/latest/dg/sns-enable-encryption-for-topic.html)

[Using key policies in AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html)

[Encrypting messages published to Amazon SNS with AWS KMS](https://aws.amazon.com/blogs/compute/encrypting-messages-published-to-amazon-sns-with-aws-kms/)

I want to resolve why the messages I publish to my Amazon Simple Notification Service (Amazon SNS) topic aren't delivered to my Amazon Simple Queue Service (Amazon SQS) queue that has server-side encryption (SSE) activated. 

Deliver Amazon SNS messages to encrypted Amazon SQS queues

Why aren't messages that I publish to my Amazon SNS topic getting delivered to my subscribed Amazon SQS queue that has server-side encryption activated?

Why aren't messages that I publish to my Amazon SNS topic getting delivered to my subscribed Amazon SQS queue that has server-side encryption activated?

Short description

Resolution

Related information

Ähnliche Videos

Relevanter Inhalt