Help us improve the AWS re:Post Knowledge Center by sharing your feedback in a brief survey. Your input can influence how we create and update our content to better support your AWS journey.
Why didn't my Amazon SNS topic deliver the messages I published to my Amazon SQS queue that has SSE activated?
My Amazon Simple Notification Service (Amazon SNS) topic didn't deliver the messages I published to my Amazon Simple Queue Service (Amazon SQS) queue. My Amazon SQS queue has server-side encryption (SSE) activated.
Short description
Your Amazon SQS queue must use an AWS Key Management Service (AWS KMS) customer managed key. The customer managed key must include a custom key policy that gives Amazon SNS sufficient key usage permissions.
Note: The default key policy of the AWS managed key for Amazon SQS doesn't include the required permissions, and you can't modify this key's policy.
Resolution
Complete the following steps:
- Create a new customer managed KMS key with a key policy that has the required permissions for Amazon SNS.
- Use the custom KMS key that you just created to Configure SSE for your Amazon SQS queue.
- If your Amazon SNS topic has SSE activated, then check your configuration requirements. Configure AWS KMS permissions that allow your publisher to publish messages to your encrypted topic.
For more information, see Setting up Amazon SNS topic encryption with encrypted Amazon SQS queue subscription.
Related information
- Topics
- Application Integration
- Language
- English
This article was reviewed and updated on 2026-04-08.
Relevant content
- asked 2 years ago
