Create SQS action
You must first configure AWS to have an Amazon SQS queue and an IAM role. If you've already done it, proceed to the Admin Portal configuration section.
Use Terraform
resource "aws_sqs_queue" "pubnub_queue" {
name = "pubnub-example"
fifo_queue = false
}
data "aws_iam_policy_document" "pubnub_sqs_role" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "AWS"
identifiers = ["arn:aws:iam::535363102202:root"]
}
Create a queue
-
Log into your Amazon SQS account and head to the Queues view.
-
To create a queue, click the top-right Create queue button and give the queue a meaningful name.
Supported queue type
Events & Actions only supports the standard queue type.
-
Click the Create queue bottom-right button to save the setup.
-
Copy the queue URL (URL field) to use it later in the Admin Portal.
Create an IAM role
Create an IAM role with write permissions to SQS.
-
Log into your AWS Identity and Access Management account and head to Roles under the Access Management section in the left navigation.
-
Click the top-right Create role button and give the role a meaningful name.
-
In Step 1 of the role configuration screen, mark
AWS accountas Trusted entity type. -
In the An AWS account section, select
Another AWS accountand put 535363102202 (PubNub account number) as the Account ID. This way, the role's trust relationship allows our service to assume your role to write to the queue. -
Under Options, mark Require external ID and paste your app's subscribe key from the Admin Portal in the External ID field.
This step is optional but recommended by the AWS best practices. This way, you assign the app's subscribe key as an external ID that would assume the newly created role in all PubNub calls. See the related Access policy details:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::535363102202:root"
},
"Action": "sts:AssumeRole",
"Condition": {
"StringEquals": {
"sts:ExternalId": "<PubNub subscribe key>"
}
}
}
Click Next to move to the second configuration step.
- In Step 2 of the role configuration screen, create a new permissions policy that gives write access to SQS (look for the
sqs:SendMessagepolicy permission). To do that, click the Create policy button and switch to the JSON tab. Paste the following snippet changing the Resource to your SQS queue ARN.
{
"Statement": [
{
"Action": [
"sqs:SendMessage"
],
"Effect": "Allow",
"Resource": "<ARN of customer's SQS queue>"
}
],
"Version": "2012-10-17"
}
Finish the policy configuration by following the wizard steps.
-
When you've created the policy, select it from the list and click Next to move to the third configuration step.
-
In Step 3 of the role configuration screen, name the role and click Create Role to confirm the changes.
-
Search for the role and copy its ARN (ARN field) to use it later in the Admin Portal.
Configure Admin Portal
-
In the Events & Actions view on the Admin Portal, create an action by clicking on the + Add Action button.
-
Click Amazon SQS to select it as the action type.
-
Paste both Amazon URL (queue) and ARN (role) values under the Queue URL and Role ARN fields.
-
Optionally, enable the SQS Retry option and set the expected number of action retry attempts (Number of Retries) and the time between them (Base retry interval (in seconds)). This feature follows jittered retry strategy, for more information refer to the Retry section.
-
Pair your action with an event listener without leaving the Actions view. To do this, click the Add event listener button and select an existing event listener or create a new one.
-
Save your newly created action by clicking the Save changes button.