Which of the following AWS service allows secure hosted queue server-side encryption (SSE), or uses custom SSE keys managed in AWS Key Management Service (AWS KMS)?

A web server passes the reservation information to an application server and then the application server queries an Airline service.

Which of the following AWS service allows secure hosted queue server-side encryption (SSE), or uses custom SSE keys managed in AWS Key Management Service (AWS KMS)?
A . Amazon Simple Workflow
B . Amazon SQS
C . Amazon SNS
D . Amazon CloudSearch

View Answer

Answer: B

Explanation:

Amazon Simple Queue Service (Amazon SQS) supports server-side encryption (SSE) to protect the contents of messages in queues using SQS-managed encryption keys or keys managed in the AWS Key Management Service (AWS KMS).

Enable SSE on Amazon SQS: When you create a new queue or update an existing queue, you can enable SSE by selecting the option for server-side encryption.

Choose Encryption Keys: You can choose to use the default SQS-managed keys (SSE-SQS) or select a custom customer-managed key in AWS KMS (SSE-KMS).

Secure Data Transmission: With SSE enabled, messages are encrypted as soon as Amazon SQS receives them and are stored in encrypted form.

Decryption for Authorized Consumers: Amazon SQS decrypts messages only when they are sent to an authorized consumer, ensuring the security of the message contents during transit.

Reference: Amazon SQS provides server-side encryption to protect sensitive data in queues, using either SQS-managed encryption keys or customer-managed keys in AWS KMS1. This feature helps in meeting strict encryption compliance and regulatory requirements, making it suitable for scenarios where secure message transmission is critical12.