如何 encrypt/decrypt 来自 KMS 策略的 sqs 消息

how to encrypt/decrypt sqs messages from KMS policy

{
            "Sid": "Some_ID",
            "Effect": "Allow",
            "Principal": {
                "Service": "sqs.amazonaws.com"
            },
            "Action": [
                "kms:GenerateDataKey",
                "kms:Decrypt"
            ],
            "Resource": "*"
        }

消息应加密给未授权用户，并自动在 sqs 中为授权用户解密 user/queue。

gusto2:- 区别在于底层存储中的数据将被加密，但客户端本身看不到。