Skip to content

Configuration to explicitly turn on SQS Queue Encryption #2588

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 1 commit into
base: main
Choose a base branch
from
Draft

Configuration to explicitly turn on SQS Queue Encryption #2588

wants to merge 1 commit into from

Conversation

@P0NDER0SA
Copy link
Contributor

@P0NDER0SA P0NDER0SA commented Jul 17, 2025

Summary | Résumé

Turning on a configuration to explicitly enable SQS Queue encyption using an AWS managed key whenever celery creates said queues

Related Issues | Cartes liées

https://app.zenhub.com/workspaces/notify-planning-core-6411dfb7c95fb80014e0cab0/issues/gh/cds-snc/notification-planning-core/628

Reviewer checklist | Liste de vérification du réviseur

  • This PR does not break existing functionality.
  • This PR does not violate GCNotify's privacy policies.
  • This PR does not raise new security concerns. Refer to our GC Notify Risk Register document on our Google drive.
  • This PR does not significantly alter performance.
  • Additional required documentation resulting of these changes is covered (such as the README, setup instructions, a related ADR or the technical documentation).

⚠ If boxes cannot be checked off before merging the PR, they should be moved to the "Release Instructions" section with appropriate steps required to verify before release. For example, changes to celery code may require tests on staging to verify that performance has not been affected.

@P0NDER0SA P0NDER0SA requested a review from jimleroyer as a code owner July 17, 2025 15:48
@P0NDER0SA P0NDER0SA mentioned this pull request Jul 17, 2025
Closed
2 tasks
jimleroyer
jimleroyer reviewed Jul 17, 2025
View reviewed changes
app/config.py
"polling_interval": 1, # 1 second
"visibility_timeout": 310,
"queue_name_prefix": NOTIFICATION_QUEUE_PREFIX,
"is_secure": True, # Use HTTPS for SQS
Copy link
Member

@jimleroyer jimleroyer Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will apply on all environments and might not be ready for prime time. Can we apply this conditionally or only in the dev configuration please?

@jimleroyer jimleroyer marked this pull request as draft August 12, 2025 18:53
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@jimleroyer jimleroyer jimleroyer left review comments

Copilot code review Copilot Awaiting requested review from Copilot Copilot will automatically review once the pull request is marked ready for review

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@P0NDER0SA @jimleroyer