Simple Queue Service - SQS is a fully managed message queuing service that makes it easy to decouple and scale microservices, distributed systems, and server-less applications. Amazon SQS offers common constructs such as dead-letter queues and cost allocation tags. It provides a generic web services API that you can access using any programming language that the AWS SDK supports.


Server-side encryption (SSE) lets you transmit sensitive data in encrypted queues. SSE protects the contents of messages in queues using keys managed in AWS Key Management Service (AWS KMS).


When you are using AWS SQS queues to send and receive messages that contain sensitive data, it is highly recommended to implement encryption in order to make the contents of these messages unavailable to unauthorized or anonymous users. The encryption and decryption is handled transparently by SQS SSE and do not require any additional action from you or your application.

Default value:

By default, SQS queues have Server Side Encryption disable.


  1. Log in to the AWS Management Console

  2. Go to the Amazon SQS service at

  3. Choose the Queue you want to examine and click on it

  4. In the Details section check whether encryption is enabled or not
    If you notice encryption is disabled follow the implementation steps


Implementation Step:

  1. Log in to the AWS Management Console

  2. Go to the Amazon SQS service at

  3. Select the Queue and click Edit at the top right.

  4. Go to the Encryption section and choose Enable

  5. Select the key you want to encrypt with, or else it will take the default key

  6. Set the Data Key reuse period, you can choose between 1 minute to 24 hours. The default value for this setting is 5 minutes (suitable for most configurations). Click on save

Backout plan:

If you want to revoke the change then follow the implantation steps and choose Disable at step 4 and click on save. 



What is Amazon Simple Queue Service? - Amazon Simple Queue Service