include::../description.adoc[] include::../ask-yourself.adoc[] include::../recommended.adoc[] == Sensitive Code Example For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.Queue.html[`aws-cdk-lib.aws-sqs.Queue`] [source,javascript] ---- import { Queue } from 'aws-cdk-lib/aws-sqs'; new Queue(this, 'example'); // Sensitive ---- For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.CfnQueue.html[`aws-cdk-lib.aws-sqs.CfnQueue`] [source,javascript] ---- import { CfnQueue } from 'aws-cdk-lib/aws-sqs'; new CfnQueue(this, 'example'); // Sensitive ---- == Compliant Solution For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.Queue.html[`aws-cdk-lib.aws-sqs.Queue`] [source,javascript] ---- import { Queue } from 'aws-cdk-lib/aws-sqs'; new Queue(this, 'example', { encryption: QueueEncryption.KMS_MANAGED }); ---- For https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.CfnQueue.html[`aws-cdk-lib.aws-sqs.CfnQueue`] [source,javascript] ---- import { CfnQueue } from 'aws-cdk-lib/aws-sqs'; const encryptionKey = new Key(this, 'example', { enableKeyRotation: true, }); new CfnQueue(this, 'example', { kmsMasterKeyId: encryptionKey.keyId }); ---- include::../see.adoc[] ifdef::env-github,rspecator-view[] ''' == Implementation Specification (visible only on this page) === Message For CfnQueue: * Omitting "kmsMasterKeyId" disables SQS queues encryption. Make sure it is safe here. For Queue: * Omitting "encryption" disables SQS queues encryption. Make sure it is safe here. * Setting "encryption" to "QueueEncryption.UNENCRYPTED" disables SQS queues encryption. Make sure it is safe here. === Highlighting * Highlight the initializer function if it does not contain the third argument `props` or `props` is set to `undefined`. For Topic: * Highlight the `props` object if it does not contain the property `encryption`. * Highlight the `encryption` attribute if it is set to `QueueEncryption.UNENCRYPTED`. For CfnQueue: * Highlight the `props` object if it does not contain the property `kmsMasterKeyId`. * Highlight the `kmsMasterKeyId` attribute if it is set to `undefined`. endif::env-github,rspecator-view[]