QueueEncryption

class aws_cdk.aws_sqs.QueueEncryption(value, names=None, *, module=None, qualname=None, type=None, start=1, boundary=None)

Bases: Enum

What kind of encryption to apply to this queue.

ExampleMetadata:

infused

Example:

# Use managed key
sqs.Queue(self, "Queue",
    encryption=sqs.QueueEncryption.KMS_MANAGED
)

# Use custom key
my_key = kms.Key(self, "Key")

sqs.Queue(self, "Queue",
    encryption=sqs.QueueEncryption.KMS,
    encryption_master_key=my_key
)

# Use SQS managed server side encryption (SSE-SQS)
sqs.Queue(self, "Queue",
    encryption=sqs.QueueEncryption.SQS_MANAGED
)

# Unencrypted queue
sqs.Queue(self, "Queue",
    encryption=sqs.QueueEncryption.UNENCRYPTED
)

Attributes

KMS

Server-side encryption with a KMS key managed by the user.

If encryptionKey is specified, this key will be used, otherwise, one will be defined.

KMS_MANAGED

Server-side KMS encryption with a KMS key managed by SQS.

SQS_MANAGED

Server-side encryption key managed by SQS (SSE-SQS).

To learn more about SSE-SQS on Amazon SQS, please visit the Amazon SQS documentation.

UNENCRYPTED

Messages in the queue are not encrypted.