


 Short description
------------------



Your Amazon SQS queue must use a [AWS KMS key (KMS key) that is customer managed](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#custome). This KMS key must include a custom [key policy](https://docs.aws.amazon.com/kms/latest/developerguide/concepts.html#key_permissions) that gives Amazon SNS sufficient key usage permissions.


**Note:** The required permissions aren't included in the default key policy of the AWS managed KMS key for Amazon SQS, and you can't modify this policy.


If your topic has SSE activated, you must also do the following:


[Configure AWS Key Management (AWS KMS) permissions that allow your publisher to publish messages to your encrypted topic](https://docs.aws.amazon.com/sns/latest/dg/sns-key-management.html#sns-what-permissions-for-sse).



 Resolution
-----------



1.    [Create a new customer managed KMS key with a key policy that has the required permissions for Amazon SNS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-key-management.html#compatibility-with-aws-services).


2.    [Configure SSE for your Amazon SQS queue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html#sqs-configure-sse-existing-queue-console) using the custom KMS key you just created.


3.    (If your Amazon SNS topic has SSE activated) [Configure AWS KMS permissions that allow your publisher to publish messages to your encrypted topic](https://docs.aws.amazon.com/sns/latest/dg/sns-key-management.html#sns-what-permissions-for-sse).


For more information, see [Activating server-side encryption (SSE) for an Amazon SNS topic with an encrypted Amazon SQS queue subscribed](https://docs.aws.amazon.com/sns/latest/dg/sns-enable-encryption-for-topic-sqs-queue-subscriptions.html).


**Note:** To troubleshoot other message delivery issues, see [Amazon SNS message delivery status](https://docs.aws.amazon.com/sns/latest/dg/sns-topic-attributes.html).





---




 Related information
--------------------



[Encryption at rest for Amazon SQS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html)


[Encryption at rest for Amazon SNS data](https://docs.aws.amazon.com/sns/latest/dg/sns-server-side-encryption.html)


[Configuring server-side encryption (SSE) for an SNS topic](https://docs.aws.amazon.com/sns/latest/dg/sns-enable-encryption-for-topic.html)


[Using key policies in AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/key-policies.html)


[Encrypting messages published to Amazon SNS with AWS KMS](https://aws.amazon.com/blogs/compute/encrypting-messages-published-to-amazon-sns-with-aws-kms/)







When I publish messages to my Amazon Simple Notification Service (Amazon SNS) topic, they're not delivered to my Amazon Simple Queue Service (Amazon SQS) queue. How do I fix this issue if my Amazon SNS topic or Amazon SQS queue—or both—have server-side encryption (SSE) activated?

Deliver Amazon SNS messages to encrypted Amazon SQS queues

Why aren't messages that I publish to my Amazon SNS topic getting delivered to my subscribed Amazon SQS queue that has server-side encryption activated?

Why aren't messages that I publish to my Amazon SNS topic getting delivered to my subscribed Amazon SQS queue that has server-side encryption activated?

Short description

Resolution

Related information

Ähnliche Videos

Relevanter Inhalt