Amazon SQS

You can configure Amazon SQS as either a source or a target. The parameters are described in the following tables:

For message headers, see Amazon SQS Message Headers.

Amazon SQS Source Parameters

The following table describes the parameters for configuring Amazon SQS as a source.

Field Description
AWS Region The AWS region for this SNS topic.
Authentication Scheme

The authentication scheme to use when connecting to Amazon SNS. One of:

  • AWS Access Key—Additional configuration is required. For more information, see AWS Access Key.

  • AWS Chained IAM Role Assumption—Additional configuration is required. For more information, see AWS Chained IAM Role Assumption.

Authentication using AWS Chained IAM Role Assumption is supported only for event brokers hosted on AWS.

Queue Name The source SQS queue name.

Amazon SQS Target Parameters

The following table describes the parameters for configuring Amazon SQS as a target.

Field Description
AWS Region The AWS region for this SNS topic.
Authentication Scheme

The authentication scheme to use when connecting to Amazon SNS. One of:

  • AWS Access Key—Additional configuration is required. For more information, see AWS Access Key.

  • AWS Chained IAM Role Assumption—Additional configuration is required. For more information, see AWS Chained IAM Role Assumption.

Authentication using AWS Chained IAM Role Assumption is supported only for event brokers hosted on AWS.

Queue Name The target SQS queue name.

Amazon SQS Authentication Parameters

AWS Access Key

Field Description
AWS Access Key An access key identifier.
AWS Secret Key The secret key associated with the AWS Access Key.

AWS Chained IAM Role Assumption

Chained IAM role assumption allows Micro-Integrations to securely access AWS resources across different AWS accounts without requiring direct credential exchange. Chained IAM role assumption works through a trust relationship between AWS accounts:

  • The resource owner creates an IAM role (solace-mi-workload-role) in their AWS account, and configures it with the specific permissions required.

  • This role is configured to trust the Solace AWS account's role (single-pod-identity-role in account 718462147973).

  • When a Micro-Integration needs to access the resource, it uses the trust chain to temporarily assume the necessary permissions, as follows:

    [Assume single-pod-identity-role] → [Get credentials to assume solace-mi-workload-role] → 
[Assume solace-mi-workload-role] → [Get credentials to access the target vendor resource] → 
[Access the resource]

The resource owner must do the following:

  1. Create a role called solace-mi-workload-role in the resource owner's AWS account and attach the following trust policy:

    {
  "Version":"2012-10-17",
  "Statement":[{
    "Effect":"Allow",
    "Principal":{
      "AWS":"arn:aws:iam::718462147973:role/single-pod-identity-role"
     },
    "Action":[
     "sts:TagSession",
     "sts:AssumeRole"
     ]
  }]
}

  2. Attach the required resource permissions to the solace-mi-workload-role. The minimum required permissions are:

    • sqs:GetQueueAttributes

    • sqs:GetQueueUrl

    • sqs:SendMessage

    • sqs:ReceiveMessage

    • sqs:DeleteMessage

The following table describes the parameters for configuring authentication using chained IAM role assumption.

Field Description
AWS Account ID? The 12-digit AWS Account ID to be used for IAM role assumption. This is the account where the solace-mi-workload-role exists.
Session Name

The session name to use for the assumed role session (defaults to solace-mi-workload-session if not provided)
External ID

An optional external ID to use if the resource owner's trust policy requires it.

To configure it, the resource owner must separate the sts:TagSession and sts:AssumeRole into different statements in the solace-mi-workload-role trust policy and add the following condition to the sts:AssumeRole statement:

"Condition":{
  "StringEquals":{
    "sts:ExternalId":"<your_external_id_string>"
   }
 }