Accessing AWS SQS

Both sls invoke and an http event are both synchronous calls so lambda invoked by a SQS event my be synchronous.  However, lambda that writes to an SQS has to be asynchronous.

Typically it will attempt to deliver the message three times (the initial plus two retries) and then the message will be put onto the DLQ.

When you access Amazon SQS using the Query API, you must provide the following items to authenticate your request:

  • The AWS Access Key ID that identifies your AWS account, which AWS uses to look up your Secret Access Key.
  • The HMAC-SHA request signature, calculated using your Secret Access Key (a shared secret known only to you and AWS

Identity and access management in AWS SQS

  • Example of IAM policy
      • For Allowing Twilio applications to access AWS SQS, it is probably with this example: Allow a partner to send messages to a specific queue.  You can accomplish this task using an Amazon SQS policy or an IAM policy. If your partner has an AWS account, it might be easier to use an Amazon SQS policy. However, any user in the partner’s company who possesses the AWS security credentials can send messages to the queue. If you want to limit access to a particular user or application, you must treat the partner like a user in your own company and use an IAM policy instead of an Amazon SQS policy.
      • This example performs the following actions:
        1. Create a group called WidgetCo to represent the partner company.
        2. Create a user for the specific user or application at the partner’s company who needs access.
        3. Add the user to the group.
        4. Attach a policy that gives the group access only to the SendMessage action for only the queue named WidgetPartnerQueue.
             "Version": "2012-10-17",
             "Statement": [{
                   "Effect": "Allow",
                   "Action": "sqs:SendMessage",
                   "Resource": "arn:aws:sqs:*:123456789012:WidgetPartnerQueue"

Basic examples of Amazon SQS policies

Dead letter queue blog

Filtering Policy from subscribing to an SNS topic