Overview

The AmazonSQS Provider facilitates Consuming SQS messages as alerts Notifying/Pushing messages to SQS Queue

Authentication

This provider requires authentication.

  • region_name: Region name (required: True, sensitive: False)
  • sqs_queue_url: SQS Queue URL (required: True, sensitive: False)
  • access_key_id: Access Key Id (Leave empty if using IAM role at EC2) (required: False, sensitive: False)
  • secret_access_key: Secret access key (Leave empty if using IAM role at EC2) (required: False, sensitive: False)

Certain scopes may be required to perform specific actions or queries via the provider. Below is a summary of relevant scopes and their use cases:

  • authenticated: Key-Id pair is valid and working (mandatory)
  • sqs::read: Required privileges to receive alert from SQS. If you only want to give read scope to your key-secret pair the permission policy: AmazonSQSReadOnlyAccess. (mandatory)
  • sqs::write: Required privileges to push messages to SQS. If you only want to give read & write scope to your key-secret pair the permission policy: AmazonSQSFullAccess.

In workflows

This provider can be used in workflows.

As “action” to make changes or update data, example:

actions:
    - name: Query amazonsqs
      provider: amazonsqs
      config: "{{ provider.my_provider_name }}"
      with:
        message: {value}  
        group_id: {value}  
        dedup_id: {value}

If you need workflow examples with this provider, please raise a GitHub issue.

Inputs for AmazonSQS Action

  • message: str: Body/Message for the notification
  • group_id: str | None: Mandatory only if Queue is of type FIFO, ignored incase of a normal Queue.
  • dedup_id: str | None: Mandatory only if Queue is of type FIFO, ignored incase of a normal Queue.
  • **kwargs: dict | None: You can pass additional key-value pairs, that will be sent as MessageAttributes in the notification.

Output for AmazonSQS Action

For more detail, visit sqs-documentation.

{
     'MD5OfMessageBody': 'string',
     'MD5OfMessageAttributes': 'string',
     'MD5OfMessageSystemAttributes': 'string',
     'MessageId': 'string',
     'SequenceNumber': 'string'
}
  • When using the AmazonSQS action, if your queue is fifo, then it is mandatory to pass a dedup_id & group_id.
  • All the extra fields present in the MessageAttribute is stored in alert.label as a key-value pair dictionary.
  • You can pass these attributes in the SQS Queue message and keep will extract and use these field for the alert
    • name
    • status: Possible values ‘firing’ | ‘resolved’ | ‘acknowledged’ | ‘suppressed’ | ‘pending’ defaults to ‘firing’.
    • severity: Possible values ‘critical’ | ‘high’ | ‘warning’ | ‘info’ | ‘low’ defaults to ‘high’
    • description

Permissions needed for the key-id pair are:

  1. AmazonSQSFullAccess: If you want to notify + receive, this is sqs::read + sqs::write scope.
  2. AmazonSQSReadOnlyAccess: If you want to just receive, this is the sqs::read scope.

You can find these under: IAM > Users > [YOUR_USER] > Permission > Add Permissions > Add Permissions > Attach policies directly > Search for SQS.

To create key-id pair, follow this:

  1. Search IAM in AWS console, press enter.
  2. Go to users
  3. Select the user that you want to
  4. Click on Create access key
  5. Select Third party service, Click Next
  6. Add Description Tag click Next
  7. Copy/Download the key-id pair.