Read messages from different AWS account using @SqsListener

[mateohi]

Type: Bug

Component: "SQS"

Describe the bug

I have an SQS standard queue that is provided by a third party vendor who has given access to our IAM user to read messages from there. So the AWS account ID for the queue is different than the one of my user.

I'm trying to use spring's @SqsListener annotation to consume these messages but I'm having trouble specifying the accountId that should be consumed from.

My bean configuration for the client looks like this:

@Bean
fun amazonSQSAsyncClient(): AmazonSQSAsync = AmazonSQSAsyncClientBuilder.standard()
    .withCredentials(AWSStaticCredentialsProvider(BasicAWSCredentials(awsProperties.accessKey, awsProperties.secretKey)))                
    .withEndpointConfiguration(AwsClientBuilder.EndpointConfiguration(awsProperties.url, awsProperties.region))                
    .build()

I see no way of specifying the account Id in the credentials, and I also could not find any properties that can be used to define an accountId.

I tried setting the awsProperties.url shown above to something like https://sqs.us-east-1.amazonaws.com/<accountId> but this does not seem to be working. It is still trying to look for the queue in my own account Id and throwing a queue not found error.

Any ideas how to fix this and force the Spring AWS bean to consume from a specific AwsAccount?

[neiljbrown]

Hi Mateo,

Every SQS is assigned a unique URL which includes the AWS account number. (See the AWS SQS dev guide).

The @SqsListener annotation accepts a list of queues to consume from. As described in the Javadoc, the specified queue can be either a logical queue name, physical queue name, or the queue URL. If the queue is not in the same AWS account as your AWS identity I believe you need to specify the full queue URL.

Regards.

[mateohi]

Hi Neil,

Thank you so much, that worked. I thought I could only use the queue name there, my bad.