Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

(sqs): add SSE queue encryption for SQS

See original GitHub issue


Currently you can only only select the following queue encryptions:

  • KMS

However, via AWS Console you can also select SSE encryption.

Use Case

We use S3 events, that are automatically forwarded to SQS, but that doesn’t work with KMS encryption, but it does with SSE (we tried this via AWS console).

Proposed Solution

Add a new option SSE to QueueEncryption:

Other information

No response


  • I may be able to implement this feature request
  • This feature might incur a breaking change

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Reactions:7
  • Comments:7 (4 by maintainers)

github_iconTop GitHub Comments

a-hcommented, Feb 28, 2022

I’d also like to propose that SSE becomes the default for queues, and that queues that don’t have KMS encryption enabled, get it enabled by default after the rollout.

This affects me because at present, the deadLetterQueueEnabled field on AWS Lambda creates an SQS queue. That queue is then not encrypted, which (depending on your use case) could lead to personal data being stored unencrypted at rest.

Any Lambda functions that use this behaviour will have their DLQs show up in AWS Security Hub because they don’t have encryption at rest enabled.

Read more comments on GitHub >

github_iconTop Results From Across the Web

Configuring server-side encryption (SSE) for a queue (console)
Open the Amazon SQS console at . · In the navigation pane, choose Queues. · Choose a queue, and then choose Edit....
Read more >
Support Amazon SQS-managed encryption keys (SSE-SQS ...
Amazon SQS has announced a new Server-Side Encryption method, Amazon SQS-managed encryption keys (SSE-SQS). AWS::SQS::Queue needs to be able to ...
Read more >
Using server-side encryption (SSE) - Amazon Simple Queue ...
You can use the Amazon SDK for Java to add server-side encryption (SSE) to an Amazon SQS queue. Each queue uses an Amazon...
Read more >
Ensure AWS SQS server side encryption is enabled
Amazon Simple Queue Service (SQS) provides the ability to encrypt queues so sensitive data is passed securely. It uses server-side-encrypyion (SSE) and ...
Read more >
managed encryption keys (SSE-SQS) by default - Noise
Configuring SSE-SQS encryption for existing queues vis AWS Management Console · In the navigation pane, choose Queues. · Select a queue, and then ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Post

No results found

github_iconTop Related Hashnode Post

No results found