Complete a 3 Question Survey and Earn a re:Post Badge

Help improve AWS Support Official channel in re:Post and share your experience - complete a quick three-question survey to earn a re:Post badge!

Why aren't messages that I publish to my Amazon SNS topic getting delivered to my subscribed Amazon SQS queue that has server-side encryption activated?

2 minute read

0

I want to resolve why the messages I publish to my Amazon Simple Notification Service (Amazon SNS) topic aren't delivered to my Amazon Simple Queue Service (Amazon SQS) queue that has server-side encryption (SSE) activated.

Short description

Your Amazon SQS queue must use an AWS KMS key (KMS key) that is customer managed. This KMS key must include a custom key policy that gives Amazon SNS sufficient key usage permissions.

Note: The required permissions aren't included in the default key policy of the AWS managed KMS key for Amazon SQS, and you can't modify this policy.

If your topic has SSE activated, then you must also do the following:

Configure AWS Key Management (AWS KMS) permissions that allow your publisher to publish messages to your encrypted topic.

Resolution

Complete the following steps:

Create a new customer managed KMS key with a key policy that has the required permissions for Amazon SNS.
Configure SSE for your Amazon SQS queue using the custom KMS key that you just created.
If your Amazon SNS topic has SSE activated: Configure AWS KMS permissions that allow your publisher to publish messages to your encrypted topic.

For more information, see Activating server-side encryption (SSE) for an Amazon SNS topic with an encrypted Amazon SQS queue subscribed.

Note: To troubleshoot other message delivery issues, see Amazon SNS message delivery status.

Related information

Encryption at rest for Amazon SQS

Encryption at rest for Amazon SNS data

Configuring server-side encryption (SSE) for an SNS topic

Using key policies in AWS KMS

Encrypting messages published to Amazon SNS with AWS KMS

Topics

Application Integration

Tags

Amazon Simple Notification Service (SNS)

Language

English

Related videos

Watch Ross's video to learn more (7:49)

Watch Ross's video to learn more (7:49)

AWS OFFICIALUpdated a year ago

No comments

Relevant content

SQS FIFO Queue subscribed to SNS FIFO topic stopped receiving messages suddenly
edgegoldberg
asked 2 years ago
Is SNS able to send messages to subscribed SQS in batches?
Accepted Answer
Tomas Bartek
asked 8 months ago
Subscribe-Success message is not getting received into SQS from SNS topic while integrating AWS Marketplace SaaS product with Contract pricing
PD
asked 3 years ago
does SNS FIFO topic's message retries to SQS FIFO Queue in strict sequence?
Mudassir
asked 9 months ago
Number messageAttribute delivered as String in Lambda subscriber to SNS Topic
Accepted Answer
CP_2022
asked 3 years ago
How can I troubleshoot Amazon SQS issues that have SSE activated?
AWS OFFICIALUpdated 2 years ago
Why isn't my encrypted SNS topic receiving notification from an AWS service?
AWS OFFICIALUpdated 2 years ago
How can I get my Amazon SQS subscription to successfully receive a notification from my Amazon SNS topic?
AWS OFFICIALUpdated 2 years ago
Why aren't Amazon S3 event notifications delivered to an Amazon SQS queue that uses server-side encryption?
AWS OFFICIALUpdated 2 years ago
AWS re:Post Live | Encryption, FIFO Ordering and Message Lifecycle in SQS
EXPERT
AWS rePost Live
published 3 months ago