Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Amazon SQS multi tenancy and HIPAA compliance

I'm going to implement client/server application - 1 server - [0-N] clients.

In order to organize communication between clients and server I plan to use Amazon SQS or something like that.

Right now I have a two questions:

Is Amazon SQS HIPAA compliant ?

How to organise multi tenancy support based on Amazon SQS queues ?

The data between clients must not be shared. Each client can only deal with a data that was sent only for this client.

Is it possible to implement on the single Amazon SQS queue or I need to create a separate queue for each client ?

like image 529
alexanoid Avatar asked Dec 10 '22 21:12

alexanoid


2 Answers

Since there is no cost to create seperate queues, that is clearly the best option for you if you need to not comingle the data. Assuming that each 'client' is going to poll the queue, there would be no good way to segregate the access based on whats in the message, using multiple queues is the best solution. It will also be more performant in that you won't have the request messages from the queue and then thrown them away if they are not for the right client.

like image 163
E.J. Brennan Avatar answered Jan 04 '23 15:01

E.J. Brennan


You should read this page which covers Amazon's HIPAA compliance: https://aws.amazon.com/compliance/hipaa-compliance/

Note that (at this time) SQS isn't in the list of services that are covered under the AWS HIPAA agreement. You can use AWS services that aren't in the HIPAA compliance list, but you can't store PHI data in them. So you would either have to make sure you don't ever store any PHI in your SQS messages, or use a different queue system, such as RabitMQ or ActiveMQ, that you can install on EC2.

like image 42
Mark B Avatar answered Jan 04 '23 16:01

Mark B