Ensure Server Side Encryption (SSE) is enabled Amazon Simple Queue Service (SQS) queue

HIGH

Description

Amazon Simple Queue Service (SQS) queues are not protecting the contents of their messages using Server-Side Encryption (SSE).

Remediation

In AWS Console -

  1. Sign in to AWS Console and go to the Amazon SQS console.
  2. In the navigation panel, select the SQS Queue.
  3. In the Encryption tab, expand the Server Side Encryption configuration section and do the following:
    a. Choose Enable encryption.
    b. Specify the customer master key (CMK).

In Terraform -

  1. In the aws_sqs_queue resource, set the kms_kms_master_key_id field to a valid KMS key.

References:
https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html
https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue#kms_master_key_id

Policy Details

Rule Reference ID: AC_AWS_0366
CSP: AWS
Remediation Available: Yes
Resource: aws_sqs_queue
Resource Category: Messaging

Frameworks