Terraform AWS SQS
SQS queues with server side encryption, access policies, FIFO options, visibility timeout, redrive policies, and dead letter queues for durable message processing.
Controls Enforced
The following compliance controls are enforced by this module at terraform plan time.
- SQS queues should have a dead-letter queue configured low effort
- SQS queues should have encryption at rest enabled low effort
- SQS queues should be encrypted with KMS CMK low effort
Quick Start
module "sqs" {
source = "acscessentialeight.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "acscism2023.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "awscontroltower.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "awsgenai.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "awswellarchitected.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "cccsmedium.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "cfrpart11.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "cisv140.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "cisv500.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "cis.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "cisv80ig1.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "cisacyberessentials.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "eugmpannex11.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "fedramplow.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "fedrampmoderate.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "ffiec.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "gdpr.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "hipaa.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "iso27001.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "nis2.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "nist800171.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "nist80053.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "nistcsf.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "nydfs23.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "pcidss.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "rbicybersecurity.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "rbiitfnbfc.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
module "sqs" {
source = "soc2.compliance.tf/terraform-aws-modules/sqs/aws"
version = "<version>"
# ... your arguments here
}
See the Get Started guide to get started and read the Features section for more details on how to customize the module for your requirements.
Migration from Upstream
Already using terraform-aws-modules? Change only the source URL:
module "sqs" {
source = "terraform-aws-modules/sqs/aws"
version = "1.0"
}
module "sqs" {
source = "soc2.compliance.tf/terraform-aws-modules/sqs/aws"
version = "1.0"
}
Same arguments. Same outputs. Compliance controls are enforced automatically at terraform plan. If a required value is missing, you get a clear validation error telling you what to set.
See the Migration Guide for step-by-step instructions.
Reversibility
No lock-in. Switch back by reverting the source URL to the upstream path:
module "sqs" {
source = "terraform-aws-modules/sqs/aws"
}
Run terraform init -upgrade. Terraform state is unchanged — same resource addresses, same provider, no compliance.tf-specific resources. Controls you already applied remain in AWS.
Mapped compliance frameworks
Data protection
A.8.11 Data masking
A.8.24 Use of cryptography
Framework Coverage
Which controls from this module are active under each framework endpoint. ● enforced by default · ○ not activated by this endpoint
| Control | AWS Well-Architected Framework v10 | ISO/IEC 27001:2022 | NIST Cybersecurity Framework v2.0 |
|---|---|---|---|
| SQS queues should have a dead-letter queue configured | ○ | ○ | ○ |
| SQS queues should have encryption at rest enabled | ● | ● | ● |
| SQS queues should be encrypted with KMS CMK | ● | ● | ● |
Showing top 3 frameworks by coverage. All framework endpoints →