Amazon Simple Queue Service Construct Library

Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications. SQS eliminates the complexity and overhead associated with managing and operating message oriented middleware, and empowers developers to focus on differentiating work. Using SQS, you can send, store, and receive messages between software components at any volume, without losing messages or requiring other services to be available.

Installation

Import to your project:

import aws_cdk.aws_sqs as sqs

Basic usage

Here’s how to add a basic queue to your application:

sqs.Queue(self, "Queue")

Encryption

By default queues are encrypted using SSE-SQS. If you want to change the encryption mode, set the encryption property. The following encryption modes are supported:

  • KMS key that SQS manages for you

  • KMS key that you can managed yourself

  • Server-side encryption managed by SQS (SSE-SQS)

  • Unencrypted

To learn more about SSE-SQS on Amazon SQS, please visit the Amazon SQS documentation.

# Use managed key
sqs.Queue(self, "Queue",
    encryption=sqs.QueueEncryption.KMS_MANAGED
)

# Use custom key
my_key = kms.Key(self, "Key")

sqs.Queue(self, "Queue",
    encryption=sqs.QueueEncryption.KMS,
    encryption_master_key=my_key
)

# Use SQS managed server side encryption (SSE-SQS)
sqs.Queue(self, "Queue",
    encryption=sqs.QueueEncryption.SQS_MANAGED
)

# Unencrypted queue
sqs.Queue(self, "Queue",
    encryption=sqs.QueueEncryption.UNENCRYPTED
)

Encryption in transit

If you want to enforce encryption of data in transit, set the enforceSSL property to true. A resource policy statement that allows only encrypted connections over HTTPS (TLS) will be added to the queue.

sqs.Queue(self, "Queue",
    enforce_sSL=True
)

First-In-First-Out (FIFO) queues

FIFO queues give guarantees on the order in which messages are dequeued, and have additional features in order to help guarantee exactly-once processing. For more information, see the SQS manual. Note that FIFO queues are not available in all AWS regions.

A queue can be made a FIFO queue by either setting fifo: true, giving it a name which ends in ".fifo", or by enabling a FIFO specific feature such as: content-based deduplication, deduplication scope or fifo throughput limit.

Dead letter source queues permission

You can configure the permission settings for queues that can designate the created queue as their dead-letter queue using the redriveAllowPolicy attribute.

By default, all queues within the same account and region are permitted as source queues.

# source_queue: sqs.IQueue


# Only the sourceQueue can specify this queue as the dead-letter queue.
queue1 = sqs.Queue(self, "Queue2",
    redrive_allow_policy=sqs.RedriveAllowPolicy(
        source_queues=[source_queue]
    )
)

# No source queues can specify this queue as the dead-letter queue.
queue2 = sqs.Queue(self, "Queue",
    redrive_allow_policy=sqs.RedriveAllowPolicy(
        redrive_permission=sqs.RedrivePermission.DENY_ALL
    )
)