Control: AWS SQS queues should be encrypted at rest
Description
This control checks whether AWS SQS queues are encrypted at rest.
Usage
Run the control in your terminal:
powerpipe control run aws_compliance.control.sqs_queue_encrypted_at_restSnapshot and share results via Turbot Pipes:
powerpipe loginpowerpipe control run aws_compliance.control.sqs_queue_encrypted_at_rest --shareSQL
This control uses a named query:
select queue_arn as resource, case when sqs_managed_sse_enabled then 'ok' when kms_master_key_id is null then 'alarm' else 'ok' end as status, case when sqs_managed_sse_enabled then title || ' secured with managed SQS-SSE.' when kms_master_key_id is null then title || ' encryption at rest disabled.' else title || ' encryption at rest enabled.' end as reason , region, account_idfrom aws_sqs_queue;