Query: sqs_queue_encrypted_with_kms_cmk

select
  queue_arn as resource,
  case
    when kms_master_key_id is null then 'alarm'
    when kms_master_key_id is not null
    and kms_master_key_id = 'alias/aws/sqs' then 'alarm'
    else 'ok'
  end as status,
  case
    when kms_master_key_id is null then title || ' encryption at rest disabled.'
    when kms_master_key_id is not null
    and kms_master_key_id = 'alias/aws/sqs' then title || ' not encrypted with CMK.'
    else title || ' encrypted with CMK.'
  end as reason,
  region,
  account_id
from
  aws_sqs_queue;