Este contenido no está disponible en el idioma seleccionado
Trabajamos constantemente para que el contenido esté disponible en el idioma seleccionado. Gracias por tu paciencia.
How can I troubleshoot Amazon SQS issues that have SSE activated?
2 minutos de lectura
0
I can't send messages to my Amazon Simple Queue Service (Amazon SQS) queue that has server-side encryption (SSE) activated.
Resolution
Amazon SNS topics
If you use an Amazon Simple Notification Service (Amazon SNS) topic to publish messages to an Amazon SQS queue, then additional configuration might be required. For example, your Amazon SQS queue must use an AWS Key Management Service (AWS KMS) customer managed key.
The SendMessage API call to the Amazon SQS queue returns this error:
"KMS.InvalidStateException. Error message: arn:aws:kms:us-east-1:xxxx:key/xxxx is pending deletion. (Service: AWSKMS; Status Code: 400; Error Code: KMSInvalidStateException; Request ID: f9abfcad-7c25-xxxx-9xxx-aexxxyyxxe1; Proxy: null)"
The customer managed key must be in the Activated state so that the producer can perform the GenerateDataKey and Decrypt API actions. The GenerateDataKey and Decrypt API actions encrypt the messages before they're sent to the Amazon SQS queue.
To understand how the key state affects AWS KMS API calls, review the key state table.
DisabledException errors
The SendMessage API call to the Amazon SQS queue returns this error:
Amazon SQS moves the customer managed key to the Disabled state when you stop the key deletion. Before you publish messages to the Amazon SQS queue, check the state of the customer managed key that you use for encryption. If the customer managed key is deactivated, then activate it. Then, try to publish the message again to the Amazon SQS queue.