AWS SQS integration
SQS integrations enable you to automatically forward events that occur in Ably to AWS SQS queues.
Create an SQS integration
To create an SQS integration in your dashboard:
- Login and select the application you wish to integrate with SQS.
- Click the Integrations tab.
- Click the New Integration Rule button.
- Choose Firehose.
- Choose AWS SQS.
- Configure the SQS settings.
- Click Create.
You can also create an SQS integration using the Control API.
Settings
The following settings are available when creating an SQS integration:
| Setting | Description |
|---|---|
| URL | Specifies the URL for the SQS queue, including credentials, region, and stream name. Only HTTPS is supported. |
| AWS Region | Specifies the AWS region of your SQS queue. |
| AWS authentication scheme | Choose the authentication method. Either AWS credentials or ARN of an assumable role. |
| AWS Credentials | If using AWS credentials, enter the values in key:value format. |
| ARN of an assumable role | If using ARN of an assumable role, enter the ARN of the role that Ably can assume to access your SQS queue. |
| Source | Specifies the event types being sent to SQS. |
| Channel filter | Filters the source channels based on a regular expression. |
| Encoding | Specifies the encoding format of messages. Either JSON or MsgPack. |
| Enveloped | Checkbox to set whether messages should be enveloped or not. Enveloped is the default. |
AWS authentication
Delegate access to your AWS resources by creating an IAM role that the Ably AWS account can assume.
This approach follows AWS best practices, as it avoids sharing access keys directly. Specify the role's ARN to grant Ably the necessary permissions in a secure manner.
Create an SQS policy
The following steps show you how to create a policy for AWS SQS.
- In the IAM console sidebar select Policies.
- Click Create Policy.
- Click the JSON tab and enter the following JSON to configure the policy:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AllowReadWriteSQS",
"Effect": "Allow",
"Action": [
"sqs:DeleteMessage",
"sqs:TagQueue",
"sqs:GetQueueUrl",
"sqs:ChangeMessageVisibility",
"sqs:DeleteMessageBatch",
"sqs:SendMessageBatch",
"sqs:UntagQueue",
"sqs:ReceiveMessage",
"sqs:SendMessage",
"sqs:ListQueueTags",
"sqs:ChangeMessageVisibilityBatch"
],
"Resource": [
"arn:aws:sqs:<YOUR_AWS_REGION>:<YOUR_AWS_ACCOUNT>:<YOUR_QUEUE_NAME>"
]
}
]
}- Click Next: Tags. You don't need to add any tags.
- Click Next: Review.
- Enter a suitable name for your policy.
- Click Create Policy.
You have created a policy that grants the permissions required to use an SQS queue.
Create a role
Create an IAM role as follows:
- In the AWS IAM console, click Roles in the sidebar and then click Create Role.
- For type of trusted entity select Another AWS account.
- For Account ID specify 203461409171. This is the Ably AWS account.
- Click the Require external ID checkbox and then enter an external ID of
<Your_Ably_Account_ID>.<Your_Ably_app_ID>. - Click Next: Permissions.
- Now select the policy you created earlier to attach to this role. You can type the name of your policy into the Filter policies search box.
Then ensure the checkbox for the policy is selected.
- Click Next: Tags.
- You don't need to add tags so click Next: Review.
- Enter a suitable name for your role.
- Click Create Role.