We’re using SqsTransport. My company requires Server Side Encryption for SQS and SNS. SQS Queues are presently managed by DevOps and SSE is enabled. I am starting to use Sagas and I want NSB to create the topics with SSE enabled. Chat GPT suggests there is a “topic factory” that can be plugged in but the code given looks like a hallucination.
What’s the most direct, simple way to continue to allow NSB to create topics, but with SSE enabled?
@dastultz Thank you for reaching out.
For NServiceBus with SQS Transport, the guidance on required permissions and setup is here:
NServiceBus SQS Transport Prerequisites
For more details on enabling server-side encryption for topics, see:
For anyone finding this later, the documentation linked above does not describe how to configure NServiceBus to tell AWS to turn on SSE (for either SQS or SNS).
I ended up writing a background service that adds the necessary attributes to topics after the app starts up (and NServiceBus is done creating topics). This was the simplest way to do it without replacing large parts of the transport.
Chat GPT’s suggestion of a topic (and queue) factory would be nice. There’s already a name generator, an attribute generator would make this quite elegant.
I do have a question for you. I was looking into SSE and noticed that SQS supports two types of encryption:
My understanding is that SNS only supports KMS encryption.
Is that correct?
If that’s the case, I assume that:
Thanks, regards
.m
Hi, I do not know if SNS supports only KMS encryption.
My understanding of SSE is that it refers to “encryption at rest”, the durable storage of the messages somewhere. Once in transit, a different encryption method is used such as HTTPS. So I would think a message stored durably in SNS with encryption method A would be decrypted and sent over a common encrypted channel to SQS. SQS may then write the message to durable storage with encryption method B.