Skip to content

Unencrypted SQS queue.

Default Severity: high

Explanation

Queues should be encrypted to protect queue contents.

Possible Impact

The SQS queue messages could be read if compromised

Suggested Resolution

Turn on SQS Queue encryption

Insecure Example

The following example will fail the aws-sqs-enable-queue-encryption check.

 resource "aws_sqs_queue" "bad_example" {
    # no key specified
 }

Secure Example

The following example will pass the aws-sqs-enable-queue-encryption check.

 resource "aws_sqs_queue" "good_example" {
    kms_master_key_id = "/blah"
 }