Skip to main content
Amazon SQS (Simple Queue Service) is a fully managed message queuing service provided by AWS that enables decoupling and scaling of microservices, distributed systems, and serverless applications. It provides reliable, scalable message delivery for asynchronous communication between application components.

1. Setting up permissions for sending messages to your SQS queue

You need to define some permissions to allow Nekt to send messages to your Amazon SQS queue. Check the instructions below:
Create role and add custom policy
  • Open the AWS Console using the account that hosts the SQS queue you’d like to send data to.
  • Enter the IAM (Identity and Access Management) service page.
  • In the left panel under Access management, select Roles.
  • Click Create role.
  • In Trusted entity type, select Custom trust policy.
  • Change the Principal value to:
{
    "AWS": "arn:aws:iam::{AWS_ACCOUNT_ID}:role/nekt-ecs-task-role"
}
The variable must be replaced by the ID of the AWS account where the Nekt workspace is deployed. In order to find this information, click the dropdown in the top-right corner of the AWS console page after you log in with your account, then click on the “copy” icon to the right of your Account ID.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "Statement1",
            "Effect": "Allow",
            "Principal": {
                "AWS": "arn:aws:iam::{AWS_ACCOUNT_ID}:role/nekt-ecs-task-role"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}
  • Click Next.
  • Click Next again without adding any permission. We’ll create an inline policy further on.
  • Under Role details, you can type any Role name as you want. Example: nekt-sqs-destination.
  • Optionally, type a Description. Example: Used by Nekt to send data to Amazon SQS.
  • Click Create role .
You should get redirected back to the IAM roles page and a message of success should appear at the top.Add permissions to role
  • Open the role you just created by clicking View role in the right end of the green banner that appeared at the top of the page. If you dismissed it already, you can type the given Role name in the search field and then select it when it appears in the list.
  • Within Permission policies (0), click the Add permissions.
  • Select Create inline policy.
  • Within Policy editor, select JSON.
  • Paste the following policy in the Policy editor:
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "sqs:SendMessage",
                "sqs:GetQueueUrl",
                "sqs:GetQueueAttributes"
            ],
            "Resource": "{SQS_QUEUE_ARN}"
        }
    ]
}
  • Replace the {SQS_QUEUE_ARN} part with the ARN of the SQS queue you’d like to send data to.
    • If you don’t know it, open a new tab in your browser and enter the Amazon SQS service page.
    • In the left panel, click Queues.
    • Open the desired queue by clicking on its name in the list.
    • The ARN is displayed under Details. Click the “copy” icon next to it.
    • Go back to the IAM policy editor that you left open in the previous tab and paste the ARN you just copied over {SQS_QUEUE_ARN}.
{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Sid": "VisualEditor0",
            "Effect": "Allow",
            "Action": [
                "sqs:SendMessage",
                "sqs:GetQueueUrl",
                "sqs:GetQueueAttributes"
            ],
            "Resource": "arn:aws:sqs:{AWS_REGION}:{AWS_ACCOUNT_ID}:{QUEUE_NAME}"
        }
    ]
}
  • Click Next.
  • Under Policy details type any Policy name as you want. Example: nekt-sqs-destination-policy.
  • Click Create policy.
You should get redirected back to the role you just created and a message of success should appear at the top.
When setting up the connector at Nekt, you will use the ARN of the role you’ve just created.
Get in touch with us if you face any problem setting up this permission.

2. Add your Amazon SQS access

  1. In the Destinations tab, click on the “Add destination” button located on the top right of your screen. Then, select the Amazon SQS option from the list of connectors.
  2. Click Next and you’ll be prompted to add your access:
  • Queue name: Specify the queue name you want to send data to.
  • AWS region name: The region name from the respective Amazon SQS account.
  • Assume IAM Role ARN: the ARN of the role you’ve just created from Step 1 - Setting up permissions.
  • Convert payload keys: Set this property if you want to convert the payload keys to a specific format (snake_case, camelCase or PascalCase). If set to ‘None’, the keys will be sent as is.
  1. Click Next.

3. Select your catalog data to send

  1. The next step is letting us know which data you want to send to the queue. Select the layer and then the desired table.
    Tip: The table can be found more easily by typing its name.
  2. Click Next.

4. Configure your Amazon SQS data destination

  1. Describe your destination for easy identification within your organization. You can inform things like what data it brings, to which team it belongs, etc.
  2. To define your Trigger, consider how often you want data to be extracted from this source. This decision usually depends on how frequently you need to have the data updated on the destination (every day, once a week, only at specific times, etc.).
  3. Click Done.

Check your new destination!

  1. Once completed, you’ll receive confirmation that your new destination is set up!
  2. You can view your new destination on the Destinations page. Now, for you to be able to see it on your Amazon SQS, you have to wait for the pipeline to run. You can monitor it on the Destinations page to see its execution and completion. If needed, manually trigger the pipeline by clicking on the refresh icon. Once executed, your data should be seen on the Amazon SQS.
If you encounter any issues, reach out to us via Slack, and we’ll gladly assist you!