使用AWS re:Post即您表示您同意 AWS re:Post 使用条款
AWS re:Postre:Post

Data Key Recycling for SQS

0

I need to use recycle keys for SQS. When I recycle the key, both producer and consumer will use same key as per documentation. The calls to SendMessage and ReceiveMessage will each trigger a call to AWS KMS Decrypt to verify the integrity of the data key before using it. This works only if the messages are ordered i.e. Fifo queues. If I am using standard queues, this will not work as the messages may be out of order. Can you clarify.

主题
安全、身份和合规性无服务器应用程序集成
标签
AWS 智能钥匙管理服务亚马逊简单队列服务 (SQS)
语言
English
AWS-User-7601237
已提问 2 年前231 查看次数
1 回答
0

I think it will work. Look at this documentation:

https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html

SQS uses "Envelop Encryption": It describes the fact that every message is stored with it encrypted data key with it.

That way in- or out-of-order messages will not matter in case of rotation.

profile picture
JaccoPK
已回答 2 年前

您未登录。 登录 发布回答。

一个好的回答可以清楚地解答问题和提供建设性反馈,并能促进提问者的职业发展。

回答问题的准则

相关内容