Useful Commands
- Inspect queue attributes:
aws sqs get-queue-attributes --attribute-names All --queue-url <url> - Get queue url:
aws sqs get-queue-url --queue-name <queue>
Permissions For Using Server-side Encryption
To enable use of a aliased KMS key:
{
Effect: "Allow",
Action: ["kms:Decrypt", "kms:Encrypt"],
Resource: "*",
Condition: {
// see https://docs.aws.amazon.com/kms/latest/developerguide/alias-authorization.html
"ForAnyValue:StringLike": {
"kms:ResourceAliases": "alias/SQS_ENCRYPTION_KEY",
},
},
},Aws Lambda Integration
Aws Lambda can be configured to process messages from SQS.
When configuring a lambda function to run on receipt of an SQS message, I ran into the following problems, these are useful things to check to troubleshoot the problem.
-
Check if the event source mapping got disabled. I had this happen to me even though at the code level it was enabled, so I am not sure why.
aws lambda list-event-source-mappings --function-name <function-name> # if the state shows as being disabled, re-enable it: aws lambda update-event-source-mapping --uuid <uuid from previous command> --enabled -
Check if the queue has the expected attributes set, especially if using encryption:
aws sqs get-queue-attributes --queue-url <url> --attribute-names All -
If the queue uses encryption, ensure that the lambda has the necessary permissions to encrypt / decrypt the messages. Otherwise, messages get dropped silently.