SQS Queue Should Enforce Server Side Encryption
Amazon SQS queues should enforce Server-Side Encryption (SSE) to protect the contents of their messages. This way contents of your messages will be unavailable to unauthorized or anonymous users.
Amazon SQS queues should enforce Server-Side Encryption (SSE) to protect the contents of their messages. This way contents of your messages will be unavailable to unauthorized or anonymous users.
Amazon Simple Queue Service (SQS) queues should not be holding a high number of unsuccessfully-processed messages due to unresponsive or incapacitated consumers.
AWS SQS queues should be configured to allow access only to trusted AWS accounts in order to protect against unauthorized cross account entities.
AWS SQS queues should be configured to use a Dead Letter Queue (DLQ) in order to help maintain the queue flow and avoid losing data by detecting and mitigating failures and service disruptions on time.
AWS SQS queues should use KMS CMK customer-managed keys instead of AWS managed-keys in order to benefit from a more granular control over the queues data encryption/decryption process.
There should not be any publicly accessible SQS queues available in your AWS account in order to protect against unauthorized users. Unauthorized access can lead to unauthorized actions such as intercepting, deleting and sending queue messages.