Skip to content

Commit

Permalink
Merge pull request #21954 from rmorris1218/add-sse-sqs-support
Browse files Browse the repository at this point in the history
add support for SQS-managed SSE
  • Loading branch information
ewbankkit authored Dec 2, 2021
2 parents 6659762 + 0214d39 commit bd98d1e
Show file tree
Hide file tree
Showing 4 changed files with 41 additions and 2 deletions.
3 changes: 3 additions & 0 deletions .changelog/21954.txt
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
```release-note:enhancement
resource/aws_sqs_queue: Add `sqs_managed_sse_enabled` argument
```
12 changes: 10 additions & 2 deletions internal/service/sqs/queue.go
Original file line number Diff line number Diff line change
Expand Up @@ -71,8 +71,15 @@ var (
},

"kms_master_key_id": {
Type: schema.TypeString,
Optional: true,
Type: schema.TypeString,
Optional: true,
ConflictsWith: []string{"sqs_managed_sse_enabled"},
},

"sqs_managed_sse_enabled": {
Type: schema.TypeBool,
Optional: true,
ConflictsWith: []string{"kms_master_key_id"},
},

"max_message_size": {
Expand Down Expand Up @@ -158,6 +165,7 @@ var (
"content_based_deduplication": sqs.QueueAttributeNameContentBasedDeduplication,
"kms_master_key_id": sqs.QueueAttributeNameKmsMasterKeyId,
"kms_data_key_reuse_period_seconds": sqs.QueueAttributeNameKmsDataKeyReusePeriodSeconds,
"sqs_managed_sse_enabled": sqs.QueueAttributeNameSqsManagedSseEnabled,
"deduplication_scope": sqs.QueueAttributeNameDeduplicationScope,
"fifo_throughput_limit": sqs.QueueAttributeNameFifoThroughputLimit,
}, sqsQueueSchema)
Expand Down
16 changes: 16 additions & 0 deletions internal/service/sqs/queue_test.go
Original file line number Diff line number Diff line change
Expand Up @@ -559,6 +559,13 @@ func TestAccSQSQueue_encryption(t *testing.T) {
resource.TestCheckResourceAttr(resourceName, "kms_master_key_id", "alias/aws/sqs"),
),
},
{
Config: testAccManagedEncryptionConfig(rName, "true"),
Check: resource.ComposeTestCheckFunc(
testAccCheckQueueExists(resourceName, &queueAttributes),
resource.TestCheckResourceAttr(resourceName, "sqs_managed_sse_enabled", "true"),
),
},
},
})
}
Expand Down Expand Up @@ -912,6 +919,15 @@ resource "aws_sqs_queue" "test" {
`, rName, kmsDataKeyReusePeriodSeconds)
}

func testAccManagedEncryptionConfig(rName, sqsManagedSseEnabled string) string {
return fmt.Sprintf(`
resource "aws_sqs_queue" "test" {
name = %[1]q
sqs_managed_sse_enabled = %[2]s
}
`, rName, sqsManagedSseEnabled)
}

func testAccZeroVisibilityTimeoutSecondsConfig(rName string) string {
return fmt.Sprintf(`
resource "aws_sqs_queue" "test" {
Expand Down
12 changes: 12 additions & 0 deletions website/docs/r/sqs_queue.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -51,6 +51,17 @@ resource "aws_sqs_queue" "terraform_queue" {

## Server-side encryption (SSE)

Using [SSE-SQS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sqs-sse-queue.html):

```terraform
resource "aws_sqs_queue" "terraform_queue" {
name = "terraform-example-queue"
sqs_managed_sse_enabled = true
}
```

Using [SSE-KMS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-configure-sse-existing-queue.html):

```terraform
resource "aws_sqs_queue" "terraform_queue" {
name = "terraform-example-queue"
Expand All @@ -74,6 +85,7 @@ The following arguments are supported:
* `redrive_policy` - (Optional) The JSON policy to set up the Dead Letter Queue, see [AWS docs](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/SQSDeadLetterQueue.html). **Note:** when specifying `maxReceiveCount`, you must specify it as an integer (`5`), and not a string (`"5"`).
* `fifo_queue` - (Optional) Boolean designating a FIFO queue. If not set, it defaults to `false` making it standard.
* `content_based_deduplication` - (Optional) Enables content-based deduplication for FIFO queues. For more information, see the [related documentation](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/FIFO-queues.html#FIFO-queues-exactly-once-processing)
* `sqs_managed_sse_enabled` - (Optional) Boolean to enable server-side encryption (SSE) of message content with SQS-owned encryption keys. Defaults to `false`. See [Encryption at rest](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html).
* `kms_master_key_id` - (Optional) The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see [Key Terms](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-server-side-encryption.html#sqs-sse-key-terms).
* `kms_data_key_reuse_period_seconds` - (Optional) The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). The default is 300 (5 minutes).
* `deduplication_scope` - (Optional) Specifies whether message deduplication occurs at the message group or queue level. Valid values are `messageGroup` and `queue` (default).
Expand Down

0 comments on commit bd98d1e

Please sign in to comment.