如何 encrypt/decrypt 来自 KMS 策略的 sqs 消息
how to encrypt/decrypt sqs messages from KMS policy
{
"Sid": "Some_ID",
"Effect": "Allow",
"Principal": {
"Service": "sqs.amazonaws.com"
},
"Action": [
"kms:GenerateDataKey",
"kms:Decrypt"
],
"Resource": "*"
}
消息应加密给未授权用户,并自动在 sqs 中为授权用户解密 user/queue。
gusto2:- 区别在于底层存储中的数据将被加密,但客户端本身看不到。
{
"Sid": "Some_ID",
"Effect": "Allow",
"Principal": {
"Service": "sqs.amazonaws.com"
},
"Action": [
"kms:GenerateDataKey",
"kms:Decrypt"
],
"Resource": "*"
}
消息应加密给未授权用户,并自动在 sqs 中为授权用户解密 user/queue。
gusto2:- 区别在于底层存储中的数据将被加密,但客户端本身看不到。