Comment on page
Setting up an SQS message integration
Below are the steps to set up a new AWS SQS message integration with Rightsline:
- 1.
- 2.Contact Rightsline Support to request an SQS queue with your AWS Account ID number and the Rightsline environment(s) where you would like messages.
- 3.Rightsline will provide the AWS
SQS queue ARN(s)
, theIAM role ARN(s)
you will need to assume in order to access the queue, and theexternal ID(s)
you will use to assume those roles. - 4.To configure an AWS profile for your new IAM role, you can use AWS CLI and run the following commands. Remember to replace
<ROLE_ARN>
,<EXTERNAL_ID>
, and<REGION>
with the values provided in step 3.aws configure --profile rl-sqs-profile set role_arn <ROLE_ARN>aws configure --profile rl-sqs-profile set external_id <EXTERNAL_ID>aws configure --profile rl-sqs-profile set role_session_name rl-sqs-sessionaws configure --profile rl-sqs-profile set source_profile defaultaws configure --profile rl-sqs-profile set region <REGION> - 5.To test your SQS access, run the following command. Replace
<QUEUE_NAME>
with the queue name provided in step 3.aws sqs get-queue-url --queue-name <QUEUE_NAME> --queue-owner-aws-account-id 013474081760 --profile rl-sqs-profile - 6.If you receive a successful response, you are all set to start receiving messages from your SQS queue. If you receive a permissions error, reach out to Rightsline Support.
public static async Task ReceiveSqsMessages()
{
var roleArnToAssume = "<ROLE_ARN>";
var externalId = "<EXTERNAL_ID>";
var queueName = "<QUEUE_NAME>";
RegionEndpoint region = RegionEndpoint.USWest2;
var client = new Amazon.SecurityToken.AmazonSecurityTokenServiceClient(region);
// Create the request to use with the AssumeRoleAsync call.
var assumeRoleRequest = new AssumeRoleRequest()
{
RoleSessionName = "rl-sqs-session",
RoleArn = roleArnToAssume,
ExternalId = externalId
};
var assumeRoleResponse = await client.AssumeRoleAsync(assumeRoleRequest);
// Now create a new client based on the credentials of the caller assuming the role.
var sqsClient = new Amazon.SQS.AmazonSQSClient(credentials: assumeRoleResponse.Credentials);
var queueUrlResponse = await sqsClient.GetQueueUrlAsync(new GetQueueUrlRequest
{
QueueName = queueName,
QueueOwnerAWSAccountId = "013474081760"
});
// Receive the messages from the SQS queue.
var receiveMessageResponse = await sqsClient.ReceiveMessageAsync(new ReceiveMessageRequest
{
QueueUrl = queueUrlResponse.QueueUrl,
MaxNumberOfMessages = 10,
WaitTimeSeconds = 10
});
var messages = receiveMessageResponse.Messages;
}
For examples of how to assume the IAM role with other programming languages, see the AWS documentation here.
Last modified 6mo ago