We believe your privacy is very important. We use cookies to track your behaviour and provide a better experience
Backend Helpers | Automation and Software Development for Cloud Applicationses
Introduction to AWS Simple Queue Service SQS
Amazon Simple Queue Service (Amazon SQS) is a distributed queue messaging that supports programmatic sending of messages via web service applications as a way to communicate over the Internet. This post is about how to use this service.
Creating Admin Security group and User
It is a good security practice create an admin group and a user associated to this group. this user will be responsible for administrative task such as create or delete queues.
Creating Admins group
aws iam create-group --group-name Admins
Setting admin access rule for Admin group
We must define a policy that contains a set of permissions and then assign the policy to a certain group, to create admin policy first at all, we must create a file named admin-policy.json:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": ["*"],
"Resource": ["*"]
}]
}
Now we can asign the policy definied in the json file to Admins group:
aws iam put-group-policy --group-name Admins \ --policy-document file://AdminPolicy.json \ --policy-name AdminRoot
Creating Admin User
After create Admins group is good idea to create an admin user and associate this user to Admins group, is not recommended use AWS with your main aws access keys.
aws iam create-user --user-name mycloudadmin aws iam add-user-to-group --user-name mycloudadmin \ --group-name Admins
SQS and aws-cli
By typing aws sqs help We can see all options available for this service, We can create a queue with the command below:
aws sqs create-queue --queue-name MyQueue \ --region us-west-2
We can verify the queue creation with the command aws sqs list-queues
Creating an User with limited access to the queue
First at all We need to create a group named webapp:
aws iam create-group --group-name webapp
Setting SQS access rule for webapp group
We will set up an access policy to allow webapp group read, put and delete messages from MyQueue, we will create a sqs-policy.json file:
{
"Version":"2012-10-17",
"Statement" : [
{
"Effect":"Allow",
"Action":["SQS:SendMessage",
"SQS:ReceiveMessage", "SQS:DeleteMessage"],
"Resource":"arn:aws:sqs:*:123456789012:MyQueue"
}
]
}
You must change the resource arn according your own data ,the format is arn:aws:sqs:region:account_ID:queue_name
aws iam put-group-policy --group-name webapp \
--policy-document file://sqs-policy.json \
--policy-name webappSQS
Creating the user
aws iam create-user --user-name myweb
aws iam create-access-key --user-name myweb
aws iam add-user-to-group --user-name myweb \
--group-name webapp
Sending a message to the queue
aws sqs send-message \
--queue-url https://us-west-2.queue.amazonaws.com/123456789012/MyQueue \
--message-body '{"msg": "hello world"}'
Reading a message from the queue
aws sqs receive-message \
--queue-url https://us-west-2.queue.amazonaws.com/123456789012/MyQueue \
--max-number-of-messages 10