By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Data Key Recycling for SQS

0

I need to use recycle keys for SQS. When I recycle the key, both producer and consumer will use same key as per documentation. The calls to SendMessage and ReceiveMessage will each trigger a call to AWS KMS Decrypt to verify the integrity of the data key before using it. This works only if the messages are ordered i.e. Fifo queues. If I am using standard queues, this will not work as the messages may be out of order. Can you clarify.

Topics
Security, Identity, & ComplianceServerlessApplication Integration
Tags
AWS Key Management ServiceAmazon Simple Queue Service
Language
English
AWS-User-7601237
asked 2 years ago226 views
1 Answer
0

I think it will work. Look at this documentation:

https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html

SQS uses "Envelop Encryption": It describes the fact that every message is stored with it encrypted data key with it.

That way in- or out-of-order messages will not matter in case of rotation.

profile picture
JaccoPK
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content