En utilisant AWS re:Post, vous acceptez les AWS re:Post Conditions d’utilisation
AWS re:Postre:Post

Data Key Recycling for SQS

0

I need to use recycle keys for SQS. When I recycle the key, both producer and consumer will use same key as per documentation. The calls to SendMessage and ReceiveMessage will each trigger a call to AWS KMS Decrypt to verify the integrity of the data key before using it. This works only if the messages are ordered i.e. Fifo queues. If I am using standard queues, this will not work as the messages may be out of order. Can you clarify.

Sujets
Sécurité, identité et conformitéSans serveurIntégration d'applications
Balises
Service AWS Key ManagementSimple service de file Amazon
Langue
English
AWS-User-7601237
demandé il y a 2 ans231 vues
1 réponse
0

I think it will work. Look at this documentation:

https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html

SQS uses "Envelop Encryption": It describes the fact that every message is stored with it encrypted data key with it.

That way in- or out-of-order messages will not matter in case of rotation.

profile picture
JaccoPK
répondu il y a 2 ans

Vous n'êtes pas connecté. Se connecter pour publier une réponse.

Une bonne réponse répond clairement à la question, contient des commentaires constructifs et encourage le développement professionnel de la personne qui pose la question.

Instructions pour répondre aux questions

Contenus pertinents