Queue security

There are several ways to protect the data in the SQS:

  • Encryption
  • Access control
  • VPC endpoints

The data is protected in transit with encryption, as the service always uses the HTTPS protocol when responding to requests. We also have the ability to enable server-side encryption for data at rest. We have the ability to select the default server-side encryption with an AWS SQS managed key, or we can use our own key via the KMS service with a customer managed key (CMK). 

We can assign permissions to our own account users and roles to perform operations against the SQS service. Proper controls need to be put in place, and least privilege permissions need to be applied when using IAM to control access. For public access, we are also able to add permissions to a particular queue to other accounts and anonymous users. Remember that, when sharing queues, it is the owner of the queue who pays for all requests against a queue.

If the queues need to be kept within the private network, we can attach a VPC endpoint to a queue and thus allow for private communication that never passes over the internet within a region.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset