aws-cdk-lib.aws_sqs.QueueEncryption

enum QueueEncryption

LanguageType name
.NETAmazon.CDK.AWS.SQS.QueueEncryption
Gogithub.com/aws/aws-cdk-go/awscdk/v2/awssqs#QueueEncryption
Javasoftware.amazon.awscdk.services.sqs.QueueEncryption
Pythonaws_cdk.aws_sqs.QueueEncryption
TypeScript (source)aws-cdk-lib » aws_sqs » QueueEncryption

What kind of encryption to apply to this queue.

Example

// Use managed key
new sqs.Queue(this, 'Queue', {
  encryption: sqs.QueueEncryption.KMS_MANAGED,
});

// Use custom key
const myKey = new kms.Key(this, 'Key');

new sqs.Queue(this, 'Queue', {
  encryption: sqs.QueueEncryption.KMS,
  encryptionMasterKey: myKey,
});

// Use SQS managed server side encryption (SSE-SQS)
new sqs.Queue(this, 'Queue', {
  encryption: sqs.QueueEncryption.SQS_MANAGED,
});

// Unencrypted queue
new sqs.Queue(this, 'Queue', {
  encryption: sqs.QueueEncryption.UNENCRYPTED,
});

Members

NameDescription
UNENCRYPTEDMessages in the queue are not encrypted.
KMS_MANAGEDServer-side KMS encryption with a KMS key managed by SQS.
KMSServer-side encryption with a KMS key managed by the user.
SQS_MANAGEDServer-side encryption key managed by SQS (SSE-SQS).

UNENCRYPTED

Messages in the queue are not encrypted.


KMS_MANAGED

Server-side KMS encryption with a KMS key managed by SQS.


KMS

Server-side encryption with a KMS key managed by the user.

If encryptionKey is specified, this key will be used, otherwise, one will be defined.


SQS_MANAGED

Server-side encryption key managed by SQS (SSE-SQS).

To learn more about SSE-SQS on Amazon SQS, please visit the Amazon SQS documentation.