turbot/aws_compliance

Control: 1 Amazon SQS queues should be encrypted at rest

Description

This control checks whether Amazon SQS queues are encrypted at rest.

Server-side encryption (SSE) allows you to transmit sensitive data in encrypted queues. To protect the content of messages in queues, SSE uses keys managed in AWS KMS. For more information, see Encryption at rest in the Amazon Simple Queue Service Developer Guide.

Remediation

For information about managing SSE using the AWS Management Console, see Configuring server-side encryption (SSE) for a queue (console) in the Amazon Simple Queue Service Developer Guide.

Usage

Run the control in your terminal:

powerpipe control run aws_compliance.control.foundational_security_sqs_1

Snapshot and share results via Turbot Pipes:

powerpipe login
powerpipe control run aws_compliance.control.foundational_security_sqs_1 --share

SQL

This control uses a named query:

sqs_queue_encrypted_at_rest

Tags