Skip to main content
Version: 8.6

Amazon Simple Queue Service Connector

The Amazon SQS Connector is an outbound Connector that allows you to connect your BPMN service with Amazon Simple Queue Service (SQS) to send messages.

Prerequisites​

To use the Amazon SQS Connector, you need to have an SQS Queue, IAM key, and secret pair with the sqs:SendMessage policy relative to your SQS.

note

Use Camunda secrets to avoid exposing your AWS IAM credentials as plain text. Refer to an appendix entry and the SQS Developer Guide to learn more.

Create an Amazon SQS Connector task​

You can apply a Connector to a task or event via the append menu. For example:

  • From the canvas: Select an element and click the Change element icon to change an existing element, or use the append feature to add a new element to the diagram.
  • From the properties panel: Navigate to the Template section and click Select.
  • From the side palette: Click the Create element icon.

change element

After you have applied a Connector to your element, follow the configuration steps or see using Connectors to learn more.

Make your Amazon SQS Connector for sending messages executable​

To make your Amazon SQS Connector for sending messages executable, take the following steps:

  1. Choose an applicable authentication type from the Authentication dropdown. Learn more about authentication types in the related appendix entry.
  2. Set the relevant IAM key and secret pair in the Authentication section. For example, {{secrets.MY_AWS_ACCESS_KEY}}. The value can be plain text, but this is not recommended due to security concerns.
  3. In the Queue Properties section, set the URL of your SQS queue, its region, and its type.
  4. In the Input message data section, fill the Message body with the data you would like to submit to the queue. The field requires FEEL input.
  5. (Optional) In the Input message data section, fill out the field Message attributes to set optional message metadata. This field requires FEEL input. Refer to the relevant appendix section to find out more about this field.
  6. (FIFO only) If you are using a queue of type FIFO, a Message Group ID must be provided. An optional Message Deduplication ID can be provided as well, depending on how you configured the message deduplication of the queue.

Amazon SQS Connector response​

The Amazon SQS Connector returns the SQS message identifier of a newly created message. The response contains a messageId variable.

You can use an output mapping to map the response:

  1. Use Result Variable to store the response in a process variable. For example, myResultVariable.
  2. Use Result Expression to map fields from the response into process variables. For example:
= {
"createdMessageID": response.messageId
}

Appendix & FAQ​

What are the message attributes and how can I set them?​

Amazon SQS lets you include structured metadata (such as timestamps, geospatial data, signatures, and identifiers) with messages using message attributes. The Amazon SQS Connector allows you to include non-binary message attributes in the section Input message data. The message attribute value must be composed to be compliant with Amazon SQS message attribute data format.

Example of a valid message attribute as a FEEL value:

= {
"timestamp":{
"StringValue":today(),
"DataType":"String"
},
"messageSubmittedBy":{
"StringValue":"user12345",
"DataType":"String"
}
}

How do I store AWS IAM Secrets for my SQS Connector?​

Store your AWS IAM credentials as Camunda secrets to avoid exposing sensitive information. Follow our documentation on managing secrets to learn more.

AWS authentication types​

There are two options to authenticate the Connector with AWS:

  • Choose Credentials in the Authentication dropdown if you have a valid pair of access and secret keys provided by your AWS account administrator. This option is applicable for both SaaS and Self-Managed users.
  • Choose Default Credentials Chain (Hybrid/Self-Managed only) in the Authentication dropdown if your system is configured as an implicit authentication mechanism, such as role-based authentication, credentials supplied via environment variables, or files on target host. This option is applicable only for Self-Managed or hybrid distribution. This approach uses the Default Credential Provider Chain to resolve required credentials.