Setting up an SQS message integration

Below are the steps to set up a new AWS SQS message integration with Rightsline:

  1. If you do not already have an AWS Account, you will need to create one.

  2. Contact Rightsline Support to request an SQS queue with your AWS Account ID number and the Rightsline environment(s) where you would like messages.

  3. Rightsline will provide the AWS SQS queue ARN(s), the IAM role ARN(s) you will need to assume in order to access the queue, and the external ID(s) you will use to assume those roles.

  4. To configure an AWS profile for your new IAM role, you can use AWS CLI and run the following commands. Remember to replace <ROLE_ARN>, <EXTERNAL_ID>, and <REGION> with the values provided in step 3.

    aws configure --profile rl-sqs-profile set role_arn <ROLE_ARN>
    aws configure --profile rl-sqs-profile set external_id <EXTERNAL_ID>
    aws configure --profile rl-sqs-profile set role_session_name rl-sqs-session
    aws configure --profile rl-sqs-profile set source_profile default
    aws configure --profile rl-sqs-profile set region <REGION>
  5. To test your SQS access, run the following command. Replace <QUEUE_NAME> with the queue name provided in step 3.

    aws sqs get-queue-url --queue-name <QUEUE_NAME> --queue-owner-aws-account-id 013474081760 --profile rl-sqs-profile
  6. If you receive a successful response, you are all set to start receiving messages from your SQS queue. If you receive a permissions error, reach out to Rightsline Support.

Receiving messages from the SQS queue using .NET SDK

public static async Task ReceiveSqsMessages()
	var roleArnToAssume = "<ROLE_ARN>";
	var externalId = "<EXTERNAL_ID>";
	var queueName = "<QUEUE_NAME>";
	RegionEndpoint region = RegionEndpoint.USWest2;

	var client = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient(region);

	// Create the request to use with the AssumeRoleAsync call.
	var assumeRoleRequest = new AssumeRoleRequest()
		RoleSessionName = "rl-sqs-session",
		RoleArn = roleArnToAssume,
		ExternalId = externalId

	var assumeRoleResponse = await client.AssumeRoleAsync(assumeRoleRequest);

	// Now create a new client based on the credentials of the caller assuming the role.
	var sqsClient = new Amazon.SQS.AmazonSQSClient(credentials: assumeRoleResponse.Credentials);

	var queueUrlResponse = await sqsClient.GetQueueUrlAsync(new GetQueueUrlRequest
		QueueName = queueName,
		QueueOwnerAWSAccountId = "013474081760"

	// Receive the messages from the SQS queue.
	var receiveMessageResponse = await sqsClient.ReceiveMessageAsync(new ReceiveMessageRequest
		QueueUrl = queueUrlResponse.QueueUrl,
		MaxNumberOfMessages = 10,
		WaitTimeSeconds = 10

	var messages = receiveMessageResponse.Messages;

For examples of how to assume the IAM role with other programming languages, see the AWS documentation here.

Last updated