Terraform AWS SQS

Controls enforced

These compliance controls are checked at terraform plan time.

• SQS queues should have a dead-letter queue configured(low effort)
• SQS queues should have encryption at rest enabled(low effort)
• SQS queues should be encrypted with KMS CMK(low effort)

Quick start

module "sqs" {
  source  = "awswellarchitected.compliance.tf/terraform-aws-modules/sqs/aws"
  version = "1.0"

  # ... your arguments here
}

module "sqs" {
  source  = "iso27001.compliance.tf/terraform-aws-modules/sqs/aws"
  version = "1.0"

  # ... your arguments here
}

module "sqs" {
  source  = "nistcsf.compliance.tf/terraform-aws-modules/sqs/aws"
  version = "1.0"

  # ... your arguments here
}

See the Get Started guide and Registry Endpoints for details on how to customize the module for your requirements.

Migration from upstream

Already using terraform-aws-modules? Change only the source URL:

module "sqs" {
  source  = "terraform-aws-modules/sqs/aws"
  version = "1.0"
}

module "sqs" {
  source  = "soc2.compliance.tf/terraform-aws-modules/sqs/aws"
  version = "1.0"
}

Same arguments. Same outputs. Controls are checked at terraform plan. See the Migration Guide for step-by-step instructions.

Reversibility

No lock-in. Switch back by reverting the source URL:

module "sqs" {
  source  = "terraform-aws-modules/sqs/aws"
}

Run terraform init -upgrade. Terraform state is unchanged — same resource addresses, same provider, no compliance.tf-specific resources. Controls you already applied remain in AWS.

Mapped compliance frameworks

Framework coverage

Which controls from this module are active under each framework endpoint.

● enforced by default · ○ not activated by this endpoint