Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SQS Server side encryption #138

Closed
mbeldo opened this issue Nov 24, 2021 · 4 comments · Fixed by #168
Closed

SQS Server side encryption #138

mbeldo opened this issue Nov 24, 2021 · 4 comments · Fixed by #168
Labels
enhancement New feature or request

Comments

@mbeldo
Copy link

mbeldo commented Nov 24, 2021

Hey,

I want to add service side encryption to the queues created by lift, specifically the KmsMasterKeyId. Is this possible, if not can this property be exposed?
@t-richard
Copy link
Contributor

This is not possible at the moment.

In Lift, we try to be start from the use cases rather than from the technical implementation.

Could you explain what is the use-case here? What could the configuration for this look like?

@BrutalSimplicity
Copy link

Random interested party here, but there are a few use cases I can see:

  • This is fairly common in enterprise organizations with stricter security requirements. In one organization I've worked with they automatically provision a KMS key with their landing zones, and require the usage of it in all cases where the infrastructure allows.
  • This is also required when using S3 event notifications when both targets require encryption. For example, an encrypted S3 event trigger to an encrypted SNS topic requires that they both share the same KMS key (by default, they do not), so you have to provision a CMK that is shared between the resources for the event notifications to be successful.

@mnapoli mnapoli mentioned this issue Dec 22, 2021
Closed
@mnapoli
Copy link
Member

mnapoli commented Dec 22, 2021

Thanks for the details.

To anyone stumbling on this issue with the same needs, please add a 👍 on the issue.

salemdar added a commit to salemdar/lift that referenced this issue Feb 18, 2022
@salemdar
add server-side encryption option for SQS, fixes getlift#138
574f12a
@salemdar
Copy link
Contributor

@mnapoli I have created a PR to add the feature. Let me know if it needs any improvements.

@mnapoli mnapoli mentioned this issue Mar 18, 2022
Merged
mnapoli added a commit that referenced this issue Mar 18, 2022
@mnapoli
Merge pull request #168 from salemdar/sqs-encryption
e8c6808 
Add Server-Side encryption option for SQS, fixes #138
@mnapoli mnapoli added the enhancement New feature or request label Mar 18, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add Server-Side encryption option for SQS, fixes #138 salemdar/lift
5 participants
@mnapoli @BrutalSimplicity @salemdar @mbeldo @t-richard