Skip to content

Event Source for Amazon SQS

The event source captures messages sent to a Amazon SQS queue and sends them as CloudEvents to an event sink.

Prerequisite(s)

  • SQS Queue
  • Amazon Resource Name (ARN)
  • API Credentials

SQS Queue

If you don't already have an Amazon SQS queue, create one by following the instructions in the Getting started with Amazon SQS guide.

Amazon Resource Name (ARN)

A fully qualified ARN is required to uniquely identify the Amazon SQS queue.

SQS queue

As shown in the above screenshot, you can obtain the ARN of a SQS queue from the AWS console. It typically has the following format:

arn:aws:sqs:{awsRegion}:{awsAccountId}:{queueName}

Alternatively you can also use the AWS CLI. The following command retrieves the ARN of a SQS queue named MyQueue in the us-west-2 region.

$ aws --region us-west-2 sqs get-queue-attributes --queue-url $(aws --region us-west-2 sqs list-queues --queue-name MyQueue | jq -r .QueueUrls[0]) --attribute-names QueueArn
{
    "Attributes": {
        "QueueArn": "arn:aws:sqs:us-west-2:123456789012:MyQueue"
    }
}

API Credentials

The TriggerMesh event source for Amazon SQS authenticates calls to the AWS API using AWS Access Keys. The page Understanding and getting your AWS credentials contains instructions to create access keys when signed-in either as the root user or as an IAM user. Take note of the Access Key ID and Secret Access Key, they will be used to create an instance of the event source.

It is considered a good practice to create dedicated users with restricted privileges in order to programmatically access AWS services. Permissions can be added or revoked granularly for a given IAM user by attaching IAM Policies to it.

As an example, the following policy contains the permissions required by the TriggerMesh Amazon SQS event source to read and delete messages from any queue linked to the AWS account:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "AWSSQSSourceReceiveAdapter",
            "Effect": "Allow",
            "Action": [
                "sqs:GetQueueUrl",
                "sqs:ReceiveMessage",
                "sqs:DeleteMessage"
            ],
            "Resource": [
                "arn:aws:sqs:*:*:*"
            ]
        }
    ]
}

Creating an IAM user

Deploying an Instance of the Source

Open the Bridge creation screen and add a source of type Amazon SQS.

Adding an Amazon SQS source

In the Source creation form, give a name to the event source and add the following information:

  • Secret: Reference to a TriggerMesh secret containing an Access Key ID and a Secret Access Key to communicate with the Amazon SQS API, as described in the previous sections.
  • AWS ARN: ARN of the SQS queue, as described in the previous sections.

Amazon SQS source form

After clicking the Save button, you will be taken back to the Bridge editor. Proceed to adding the remaining components to the Bridge, then submit it.

Bridge overview

A ready status on the main Bridges page indicates that the event source is ready to receive notifications from the Amazon SQS queue.

Bridge status

Event Types

The Amazon SQS event source emits events of the following type:

  • com.amazon.sqs.message