SQS Queue not encrypted in AWS

[mariusfilipowski]

Currently, there's a policy for encryption in transit. But I didn't find any working method to provide a AWS or KMS key to be used to encrypt the data at rest in the Queue. Do I miss something here?

[npalm]

Should this not solved in this PR? https://github.com/philips-labs/terraform-aws-github-runner/pull/1798/files

[mariusfilipowski]

Sadly this PR only enabled encryption in transit. But the queue itself data at rest is not encrypted. See https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue#server-side-encryption-sse
At least sqs_managed_sse_enabled should be set to true. Or if a encryption key has been specified, using this key could also be an option.

[npalm]

Would you have time to add the encryption via a variable? Suggest we set it default to encrypted.

[mariusfilipowski]

I'll check if this is possible next week.