Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions,
see Getting Started with Amazon Web Services in China
(PDF).
Logging Amazon SQS API calls using
Amazon CloudTrail
Amazon SQS is integrated with Amazon CloudTrail to record the Amazon SQS calls from a user, role, or
Amazon service. CloudTrail captures API calls related to Amazon SQS standard and FIFO queues as
events, including interactions initiated through the Amazon SQS
console as well as programmatically via calls to the Amazon SQS APIs.
CloudTrail is turned on by default when you create your Amazon account. When a supported
Amazon SQS event activity occurs, it is recorded in a CloudTrail event, along with other Amazon
service events, in the event history. You can view, search, and download recent
events for your Amazon account. For more information, see Viewing Events with CloudTrail Event
History in the Amazon CloudTrail User Guide.
Amazon SQS APIs that call queue management operations, such as
AddPermission
are categorized as management events and are logged
in CloudTrail by default. Amazon SQS APIs that are high volume operations performed on an
Amazon SQS queue, such as SendMessage
are categorized as data events and are
logged after you opt-in with CloudTrail.
Using the information that CloudTrail collects, you can identify a specific request to
an Amazon SQS API, the IP address or identity of the requester, and the date and time of
the request. If you configure a CloudTrail trail, you can
continuously deliver CloudTrail events to an Amazon S3 bucket with an optional delivery to
Amazon CloudWatch Logs and Amazon EventBridge. If you do not configure a trail, you can only
view the event history of management events in events in the CloudTrail console. For more
information, see Overview for Creating a Trail in the Amazon CloudTrail User Guide.
Management events in CloudTrail
Amazon SQS logs the following API actions as management events:
The following Amazon SQS APIs are not supported for CloudTrail
logging:
Data events in CloudTrail
Data events provide information about the resource operations
performed on or in a resource, such as sending or receiving an Amazon SQS message to and
from an Amazon SQS queue. Data events are high-volume activities that CloudTrail does not log
by default. You can enable data events API action logging for your SQS queue by
using CloudTrail APIs. For more information, see Logging data
events in the Amazon CloudTrail User Guide.
With CloudTrail, you can use advanced event selectors to decide which Amazon SQS API
activities are logged and recorded. To log Amazon SQS data events, you must include the
resource type AWS::SQS::Queue
. Once this is set, you can refine your
logging preferences further by selecting specific data events for recording, such as
using the eventName
filter to track SendMessage
events.
For more information, see AdvancedEventSelector
in the
Amazon CloudTrail API Reference.
Amazon SQS data events:
Additional charges apply for data events. For more information, see Amazon CloudTrail
Pricing.
Examples: CloudTrail management
events for Amazon SQS
The following examples show CloudTrail log entries for supported APIs:
- AddPermission
-
The following example shows a CloudTrail log entry for an
AddPermission
API call.
{
"Records": [
{
"eventVersion": "1.06",
"userIdentity": {
"type": "IAMUser",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws-cn:iam::123456789012:user/Alice",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName": "Alice"
},
"eventTime": "2018-06-28T22:23:46Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "AddPermission",
"awsRegion": "us-east-2",
"sourceIPAddress": "203.0.113.0",
"userAgent": "Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0",
"requestParameters": {
"actions": [
"SendMessage"
],
"AWSAccountIds": [
"123456789012"
],
"label": "MyLabel",
"queueUrl": "https://sqs.us-east-2.amazon.com/123456789012/MyQueue"
},
"responseElements": null,
"requestID": "123abcde-f4gh-50ij-klmn-60o789012p30",
"eventID": "0987g654-32f1-09e8-d765-c4f3fb2109fa"
}
]
}
- CreateQueue
-
The following example shows a CloudTrail log entry for a
CreateQueue
API call.
{
"Records": [
{
"eventVersion": "1.06",
"userIdentity": {
"type": "IAMUser",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws-cn:iam::123456789012:user/Alejandro",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName": "Alejandro"
},
"eventTime": "2018-06-28T22:23:46Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "CreateQueue",
"awsRegion": "us-east-2",
"sourceIPAddress": "203.0.113.1",
"userAgent": "Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0",
"requestParameters": {
"queueName": "MyQueue"
},
"responseElements": {
"queueUrl": "https://sqs.us-east-2.amazon.com/123456789012/MyQueue"
},
"requestID": "123abcde-f4gh-50ij-klmn-60o789012p30",
"eventID": "0987g654-32f1-09e8-d765-c4f3fb2109fa"
}
]
}
- DeleteQueue
-
The following example shows a CloudTrail log entry for a
DeleteQueue
API call.
{
"Records": [
{
"eventVersion": "1.06",
"userIdentity": {
"type": "IAMUser",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws-cn:iam::123456789012:user/Carlos",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName": "Carlos"
},
"eventTime": "2018-06-28T22:23:46Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "DeleteQueue",
"awsRegion": "us-east-2",
"sourceIPAddress": "203.0.113.2",
"userAgent": "Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0",
"requestParameters": {
"queueUrl": "https://sqs.us-east-2.amazon.com/123456789012/MyQueue"
},
"responseElements": null,
"requestID": "123abcde-f4gh-50ij-klmn-60o789012p30",
"eventID": "0987g654-32f1-09e8-d765-c4f3fb2109fa"
}
]
}
- RemovePermission
-
The following example shows a CloudTrail log entry for a
RemovePermission
API call.
{
"Records": [
{
"eventVersion": "1.06",
"userIdentity": {
"type": "IAMUser",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws-cn:iam::123456789012:user/Jane",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName": "Jane"
},
"eventTime": "2018-06-28T22:23:46Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "RemovePermission",
"awsRegion": "us-east-2",
"sourceIPAddress": "203.0.113.3",
"userAgent": "Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0",
"requestParameters": {
"label": "label",
"queueUrl": "https://sqs.us-east-2.amazon.com/123456789012/MyQueue"
},
"responseElements": null,
"requestID": "123abcde-f4gh-50ij-klmn-60o789012p30",
"eventID": "0987g654-32f1-09e8-d765-c4f3fb2109fa"
}
]
}
- SetQueueAttributes
-
The following example shows a CloudTrail log entry for
SetQueueAttributes
:
{
"Records": [
{
"eventVersion": "1.06",
"userIdentity": {
"type": "IAMUser",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws-cn:iam::123456789012:user/Maria",
"accountId": "123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName": "Maria"
},
"eventTime": "2018-06-28T22:23:46Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "SetQueueAttributes",
"awsRegion": "us-east-2",
"sourceIPAddress": "203.0.113.4",
"userAgent": "Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0",
"requestParameters": {
"attributes": {
"VisibilityTimeout": "100"
},
"queueUrl": "https://sqs.us-east-2.amazon.com/123456789012/MyQueue"
},
"responseElements": null,
"requestID": "123abcde-f4gh-50ij-klmn-60o789012p30",
"eventID": "0987g654-32f1-09e8-d765-c4f3fb2109fa"
}
]
}
Examples: CloudTrail data events for
Amazon SQS
The following are examples of CloudTrail events specific to Amazon SQS data event APIs:
- SendMessage
-
The following example shows a CloudTrail data event for
SendMessage
.
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EXAMPLE_PRINCIPAL_ID",
"arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed/SessionName",
"accountId": "123456789012",
"accessKeyId": "ACCESS_KEY_ID",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed",
"accountId": "123456789012",
"userName": "RoleToBeAssumed"
},
"attributes": {
"creationDate": "2023-11-07T22:13:06Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-11-07T23:59:11Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "SendMessage",
"awsRegion": "ap-southeast-4",
"sourceIPAddress": "10.0.118.80",
"userAgent": "aws-cli/1.29.16 md/Botocore#1.31.16 ua/2.0 os/linux#5.4.250-173.369.amzn2int.x86_64 md/arch#x86_64 lang/python#3.8.17 md/pyimpl#CPython cfg/retry-mode#legacy botocore/1.31.16",
"requestParameters": {
"queueUrl": "https://sqs.ap-southeast-4.amazonaws.com/123456789012/MyQueue",
"messageBody": "HIDDEN_DUE_TO_SECURITY_REASONS",
"messageDeduplicationId": "MsgDedupIdSdk1ae1958f2-bbe8-4442-83e7-4916e3b035aa",
"messageGroupId": "MsgGroupIdSdk16"
},
"responseElements": {
"mD5OfMessageBody": "9a4e3f7a614d9dd9f8722092dbda17a2",
"mD5OfMessageSystemAttributes": "f88f0587f951b7f5551f18ae699c3a9d",
"messageId": "93bb6e2d-1090-416c-81b0-31eb1faa8cd8",
"sequenceNumber": "18881790870905840128"
},
"requestID": "c4584600-fe8a-5aa3-a5ba-1bc42f055fae",
"eventID": "98c735d8-70e0-4644-9432-b6ced4d791b1",
"readOnly": false,
"resources": [
{
"accountId": "123456789012",
"type": "AWS::SQS::Queue",
"ARN": "arn:aws:sqs:ap-southeast-4:123456789012:MyQueue"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "123456789012",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.2",
"cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"clientProvidedHostHeader": "sqs.ap-southeast-4.amazonaws.com"
}
- ReceiveMessage
-
The following example shows a CloudTrail data event for
ReceiveMessage
.
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EXAMPLE_PRINCIPAL_ID",
"arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed/SessionName",
"accountId": "123456789012",
"accessKeyId": "ACCESS_KEY_ID",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed",
"accountId": "123456789012",
"userName": "RoleToBeAssumed"
},
"attributes": {
"creationDate": "2023-11-07T22:13:06Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-11-07T23:59:24Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "ReceiveMessage",
"awsRegion": "ap-southeast-4",
"sourceIPAddress": "10.0.118.80",
"userAgent": "aws-cli/1.29.16 md/Botocore#1.31.16 ua/2.0 os/linux#5.4.250-173.369.amzn2int.x86_64 md/arch#x86_64 lang/python#3.8.17 md/pyimpl#CPython cfg/retry-mode#legacy botocore/1.31.16",
"requestParameters": {
"queueUrl": "https://sqs.ap-southeast-4.amazonaws.com/123456789012/MyQueue",
"maxNumberOfMessages": 10
},
"responseElements": null,
"requestID": "8b4d4643-8f49-52cd-a6e8-1b875ed54b99",
"eventID": "f3f23ab7-b0a4-4b71-afc0-141209c49206",
"readOnly": true,
"resources": [
{
"accountId": "123456789012",
"type": "AWS::SQS::Queue",
"ARN": "arn:aws:sqs:ap-southeast-4:123456789012:MyQueue"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "123456789012",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.2",
"cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"clientProvidedHostHeader": "sqs.ap-southeast-4.amazonaws.com"
}
}
- DeleteMessageBatch
-
The following example shows a CloudTrail data event for
DeleteMessageBatch
.
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EXAMPLE_PRINCIPAL_ID",
"arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed/SessionName",
"accountId": "123456789012",
"accessKeyId": "ACCESS_KEY_ID",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed",
"accountId": "123456789012",
"userName": "RoleToBeAssumed"
},
"attributes": {
"creationDate": "2023-11-07T22:13:06Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-11-07T23:59:24Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "DeleteMessageBatch",
"awsRegion": "ap-southeast-4",
"sourceIPAddress": "10.0.118.80",
"userAgent": "aws-cli/1.29.16 md/Botocore#1.31.16 ua/2.0 os/linux#5.4.250-173.369.amzn2int.x86_64 md/arch#x86_64 lang/python#3.8.17 md/pyimpl#CPython cfg/retry-mode#legacy botocore/1.31.16",
"requestParameters": {
"queueUrl": "https://sqs.ap-southeast-4.amazonaws.com/123456789012/MyQueue",
"entries": [
{
"id": "0",
"receiptHandle": "AQEBefxM1O4zyZGF87DehbRbmri91w2W7mMdD0GrBjQa8e/hpb4RbXHPZ9tLBVleECbChQIE5NtaDuoZhZPOkTy0eN46EyRR4jXDzE3AlkbPlX1mA9f2fUuTrXx8aeCoCA3I3woNg3fXXAoo5ctLgci0Z/hlLS94tjAZqV2krc4BaC2pYgjyHWcW019HwIV8T/bjNMIeZoQwOM5V+o9vHPfewz5QGr5SKpDo7uE7Umyk5n5CJZvcn1efp/mrwtaCIb9M7cCQUYcZm2ZmZDnIO9XpGTAi3m2dQ0M83pnNh0nvDfpkHpoa+hX1TrUmxCupCWHJwA8HFJ1O/CCJsodMNFthLBA9S57dkBZCsw41G8jAmgQ0MkvZ0UL5mg0OFQQd1Yrw0zvthjCgiwdzn0yXoMzxIZMBxkY14E4nVVZ7N5XEMtMmgxsI1XF/h8oRk2C7gByzg2kYJ0LnUvLJFT8DQE28JZppEC9klvrdR/BWiPT7asc="
}
]
},
"responseElements": {
"successful": [
{
"id": "0"
}
],
"failed": []
},
"requestID": "fe423091-5642-5ba5-9256-6d5587de52f1",
"eventID": "88c8020d-d769-4985-8ecb-ee0b59acc418",
"readOnly": false,
"resources": [
{
"accountId": "123456789012",
"type": "AWS::SQS::Queue",
"ARN": "arn:aws:sqs:ap-southeast-4:123456789012:MyQueue"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "123456789012",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.2",
"cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"clientProvidedHostHeader": "sqs.ap-southeast-4.amazonaws.com"
}
}
- ChangeMessageVisibilityBatch
-
The following example shows a CloudTrail data event for
ChangeMessageVisibilityBatch
.
{
"eventVersion": "1.09",
"userIdentity": {
"type": "AssumedRole",
"principalId": "EXAMPLE_PRINCIPAL_ID",
"arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed/SessionName",
"accountId": "123456789012",
"accessKeyId": "ACCESS_KEY_ID",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AKIAI44QH8DHBEXAMPLE",
"arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed",
"accountId": "123456789012",
"userName": "RoleToBeAssumed"
},
"attributes": {
"creationDate": "2023-11-07T22:13:06Z",
"mfaAuthenticated": "false"
}
}
},
"eventTime": "2023-11-07T23:59:01Z",
"eventSource": "sqs.amazonaws.com",
"eventName": "ChangeMessageVisibilityBatch",
"awsRegion": "ap-southeast-4",
"sourceIPAddress": "10.0.118.80",
"userAgent": "aws-cli/1.29.16 md/Botocore#1.31.16 ua/2.0 os/linux#5.4.250-173.369.amzn2int.x86_64 md/arch#x86_64 lang/python#3.8.17 md/pyimpl#CPython cfg/retry-mode#legacy botocore/1.31.16",
"requestParameters": {
"visibilityTimeout": 0,
"entries": [
{
"id": "0",
"receiptHandle": "AQEB2M5cVYg5gslhWME6537hdjcaPnOYPA5M0W460TTb0DzPle631yPWm8qxd4O1hDj/B4ntTMnsgBTa95t14tNx7Vn96jKJ5rIoZ7iI8TRmkT1caKodKIPs8w9yndZq50c2FPQxtyH+2L3UHf/abV3szqVWXOLZR4PwX8zZkWVQGNCNnY2q2lGCG586F8QwvrOFYoXNwB8ymd1t77e1PDPknq1Io3JFuzkEsndkkETy4fV1QqVCSTR1izaTKF44f/l5PHX17nXxaC+DURVlMPXOuSFACGmWqAoyk50HKwGOjLQgpySL/TcnQXClvFq8kNXGwyVzJsbwHpOHxI7oce69vaD6DaWFP75d3hx+PJeG9pauQCKzVP3skt3Hw/zDC7YfKcALD3aCwMmeNDwT3w0BUG6XZdG5lYhtFtTQYV7YuS3i/Jh3HShGbtm07JKOEFiPkxv2+XNaAX3gFEpbng6zamTanfyMXCJIiglAEqiyWHQ=",
"visibilityTimeout": 2271
}
],
"queueUrl": "https://sqs.ap-southeast-4.amazonaws.com/123456789012/MyQueue"
},
"responseElements": {
"successful": [
{
"id": "0"
}
]
},
"requestID": "d49ab65f-9dc7-54b8-875c-eb9b4c42988b",
"eventID": "ca16c8c2-c4ba-4eb5-a54c-e650a10266d4",
"readOnly": false,
"resources": [
{
"accountId": "123456789012",
"type": "AWS::SQS::Queue",
"ARN": "arn:aws:sqs:ap-southeast-4:123456789012:MyQueue"
}
],
"eventType": "AwsApiCall",
"managementEvent": false,
"recipientAccountId": "123456789012",
"eventCategory": "Data",
"tlsDetails": {
"tlsVersion": "TLSv1.2",
"cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256",
"clientProvidedHostHeader": "sqs.ap-southeast-4.amazonaws.com"
}
}