It is highly recommended to implement data encryption for messages containing sensitive data that are sent and received using Amazon SQS queues. This is to prevent unauthorized or anonymous users from accessing the message contents. To enable encryption, Amazon SQS provides the Server-Side Encryption (SSE) feature, which handles encryption and decryption transparently without requiring additional action from you or your application. To ensure protection of message contents, enable Server-Side Encryption (SSE) for your Amazon Simple Queue Service (SQS) queues. SQS uses a KMS Customer Master Key (CMK) to generate the data keys required for the encryption and decryption process of SQS messages. Using SQS Server-Side Encryption does not incur additional charges, however, there is a charge for using Amazon KMS.
Here are the remediation steps to ensure that encryption is enabled for Amazon SQS queues:
You can also use AWS CLI or SDKs to enable encryption for SQS queues.