Reputation: 57
SQS queue integration architecture
I have some systems and I want to integrate with aws sqs queue. Basically, the architecture I would like to implement would be the one in the image (high level). At the end are the questions:
- what is the simplest way to perform these integrations?
- as my consumer 1 asks for oAuth2, is there any aws service that would solve this, or would I need to do it by hand with Lambda or something?
- Is it possible for producers to send messages directly to the sqs only with token/api key, or do I need to use an intermediary service to deal with requests?
any tip is welcome, guys. Thanks!
Upvotes: 0
Views: 444
Answers (1)
Reputation: 1428
what is the simplest way to perform these integrations?
the simplest way would be that you use aws sdk in application code for producers and they directly publish the message to the queue. However, you would need permission to do so. If your producer application already assumes an IAM role, you could add this permission to the role.
as my consumer 1 asks for oAuth2, is there any aws service that would solve this, or would I need to do it by hand with Lambda or something?
You would need to define event source mapping in Lambda to check new messages (or an application that polls). Your Lambda (or application) then needs to authenticate itself with the identity provider/service which the 3rd party application is using to get a bearer token and pass this bearer token to the consumer API request.
Is it possible for producers to send messages directly to the sqs only with token/api key, or do I need to use an intermediary service to deal with requests?
If I have understood your question correctly, I think it's not good idea
- Your producers would authenticate with the identity provider/service and pass their token as the message for SQS. That means your tokens are there visible in the queue to anyone who has read access to this SQS. It can be a security issue for example someone with just read access to SQS can, can take this token, impersonating producer applicaiton and push data to consumer applications even though they are not authorized to do so.
- Ofcourse, you have to consider that the ttl of the token & if the messages sit in SQS for too long that can expire. And picking up the token from the message and making a valid request that the consumer can authenticate.
better its offloaded to the application/lambda function which is reading messages out of SQS does this work.
Upvotes: 1
Related Questions
- Priority queue with AWS SQS and Lambda as consumer
- SQS Lambda Integration - Lambda does not process the queue message
- AWS Lambda integration with SQS
- SQS to Lambda + SES
- SQS and AWS Lambda Integration
- AWS SQS + API Gateway + Lambda + DB
- Read SQS queue from AWS Lambda
- AWS Lambda to read from SQS queue
- Creating SQS Queues with lambda
- Nodejs sqs queue processor