Skip to content

Consume messages from SQS

A downstream application can consume the lifecycle, shadow, error and device messages from SQS queues.

Prerequisites:

  1. Create a group in the Profiles/IAM service and activate groups in IoT. Lifecycle, Shadow and Error SQS endpoints will be returned in the response.

    "deliveryEndpoints": {
         "lifecycle": "https://sqs.us-west-2.amazonaws.com/198397651313/iot-00637b20-c4a1-4475-aeb5-adc3435fcce8-lifecycle",
         "shadow": "https://sqs.us-west-2.amazonaws.com/198397651313/iot-00637b20-c4a1-4475-aeb5-adc3435fcce8-shadow",
         "error": "https://sqs.us-west-2.amazonaws.com/198397651313/iot-00637b20-c4a1-4475-aeb5-adc3435fcce8-error"
     }
  2. Create devices in Profiles/ IAM and activate devices in IoT.

  3. Create rules. An SQS endpoint will be returned in the response.

     "sqsQueueUrl": "https://sqs.us-west-2.amazonaws.com/198397651313/iot-00637b20-c4a1-4475-aeb5-adc3435fcce8-TestRule80052",
  4. Alternatively, the Endpoints API can be used to get the list of lifecycle, shadow, error and telemetry SQS endpoints.

  5. Fetch Access Keys : To consume messages from SQS, credentials can be obtained from the Access Keys API. The AccessKeys API allows to retrieve credentials for accessing the delivery endpoints.

     {
     "sessionToken": "FwoGZXIvYXdzEDgaDELJRr6HHMA0MlEgIyKKAxLj8bhlneTdcysrmy6RWQbEQPXgZxmMS4kylRzyt+OyD2piTqSnTIj57PJI4KHoZ1C/fOqJoBb97u517T8/uDgEhofSNq8zANCq+EA3UFuIPUq7x7ROri4dx1bl7fuuIVH5YyZpWRb/BaesJ+FLSAK9Aro105z/LnnBFV5GodYbGXndgjJeUxeQ3wuwPgPmcShWGJHbfyseqfoVd7NFLDj6moq+l+XktNtSJgwZjzmuaAh1lmD78auQAczrDLcPpEhDlfmKT7nZLajBosSMnJXCEEgvYo7LBRmlHCw+ysWICTONuVq5aQNRvBIlrsG9m7E9ec/233M7NjR03aD5I182jRt+T7ZoIlTAJvDlMesjAZfsXaDKPfCKNNNnPPm+x86zmLoOgDNSmhARCQQ09SsrerLjpXCQfAeVZaQ5XslHQD7g146DfHtQxim+QEkQxwpdhkQsgrYzlEK7K19sa6D6cF6cLYbc3iSVHGaZNaEL7zBy04R7xivWITHEZbJcDiuFfhPJ8J0IOTEosa60oQYyLSKTJXdhOrLtkIZwNAtx67zvSWmktSBTivmQyiqeV7uH4Ka6wBrm8sUbo0CJzg=",
     "expiryUtc": "2023-04-05T07:37:37Z",
     "accessKey": "ASIAS4MLL5FYZI4AQD7",
     "secretKey": "sjSOg5ThJ8TgFxX2D3QIs72bKxxam+QbA5EAYI8"
     }

Steps:

  1. Once credentials are retrieved, it can be used to consume messages from SQS by making requests to the above SQS URL. An example is given below. Session Token is the token obtained from the Access Keys API.

    curl --location 'https://sqs.us-west-2.amazonaws.com/198397651313/iot-00637b20-c4a1-4475-aeb5-adc3435fcce8-TestRule80052?Action=ReceiveMessage' \
     --header 'Content-Type: application/json' \
     --header 'X-Amz-Security-Token: <Session Token>' \
     --header 'X-Amz-Date: 20230405T113620Z' \
     --header 'Authorization: AWS4-HMAC-SHA256 Credential=ASIAS4MLL5FYV5F2FC5/20230405/us-west-2/sqs/aws4_request, SignedHeaders=content-type;host;x-amz-date;x-amz-security-token, Signature=489f095a355dad7a6ced5b03e41dc5d30aba6d06976e4e0afedf4be6b5db2f'

Consuming messages during a disaster

IoT supports disaster recovery (DR) by creating two sets of SQS endpoints for each group and rule: one in the primary region and one in the secondary region (for use during a disaster). The Endpoints API returns the SQS endpoints for the currently active region (primary or secondary).

During a disaster event, applications must consume messages from the secondary region’s SQS endpoints. The usePrimary flag in the Access Keys API indicates whether to use the primary or secondary region.

After DR is complete and failback returns to the primary region, any pending messages in the secondary region can still be consumed. To do this, use the optional mode parameter in the Access Keys API. The mode parameter accepts either primary or secondary, and returns access keys specific to the selected region. By default, access keys for the active region are returned.