SQS integrations enable you to automatically forward events that occur in Ably to AWS SQS queues.
Create an SQS integration
On the Integrations page of your app:
- Click New Integration Rule.
- Choose Firehose.
- Choose AWS SQS.
- Configure the SQS settings.
- Click Create.
Settings
The following settings are available when creating an SQS integration:
| Setting | Description |
|---|---|
| URL | Specifies the URL for the SQS queue, including credentials, region, and stream name. Only HTTPS is supported. |
| AWS Region | Specifies the AWS region of your SQS queue. |
| AWS authentication scheme | Choose the authentication method. Either AWS credentials or ARN of an assumable role. |
| AWS Credentials | If using AWS credentials, enter the values in key:value format. |
| ARN of an assumable role | If using ARN of an assumable role, enter the ARN of the role that Ably can assume to access your SQS queue. |
| Source | Specifies the event types being sent to SQS. |
| Channel filter | Filters the source channels based on a regular expression. |
| Encoding | Specifies the encoding format of messages. Either JSON or MsgPack. |
| Enveloped | Checkbox to set whether messages should be enveloped or not. Enveloped is the default. |
AWS authentication
Delegate access to your AWS resources by creating an IAM role that the Ably AWS account can assume.
This approach follows AWS best practices, as it avoids sharing access keys directly. Specify the role's ARN to grant Ably the necessary permissions in a secure manner.
Create an SQS policy
The following steps show you how to create a policy for AWS SQS.
- In the IAM console sidebar select Policies.
- Click Create Policy.
- Click the JSON tab and enter the following JSON to configure the policy:
JSON
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowReadWriteSQS",
"Effect": "Allow",
"Action": [
"sqs:DeleteMessage",
"sqs:TagQueue",
"sqs:GetQueueUrl",
"sqs:ChangeMessageVisibility",
"sqs:DeleteMessageBatch",
"sqs:SendMessageBatch",
"sqs:UntagQueue",
"sqs:ReceiveMessage",
"sqs:SendMessage",
"sqs:ListQueueTags",
"sqs:ChangeMessageVisibilityBatch"
],
"Resource": [
"arn:aws:sqs:<YOUR_AWS_REGION>:<YOUR_AWS_ACCOUNT>:<YOUR_QUEUE_NAME>"
]
}
]
}- Click Next: Tags. You don't need to add any tags.
- Click Next: Review.
- Enter a suitable name for your policy.
- Click Create Policy.
You have created a policy that grants the permissions required to use an SQS queue.
Create a role
Create an IAM role as follows:
- In the AWS IAM console, click Roles in the sidebar and then click Create Role.
- For type of trusted entity select Another AWS account.
- For Account ID specify 203461409171. This is the Ably AWS account.
- Click the Require external ID checkbox and then enter an external ID of
<Your_Ably_Account_ID>.<Your_Ably_app_ID>. - Click Next: Permissions.
- Now select the policy you created earlier to attach to this role. You can type the name of your policy into the Filter policies search box.
Then ensure the checkbox for the policy is selected.
- Click Next: Tags.
- You don't need to add tags so click Next: Review.
- Enter a suitable name for your role.
- Click Create Role.