Overview Pattern Construct Props Pattern Properties Default settings Architecture Github

aws-eventbridge-sqs

Reference Documentation:

https://docs.aws.amazon.com/solutions/latest/constructs/

Language	Package
Python	`aws_solutions_constructs.aws_eventbridge_sqs`
Typescript	`@aws-solutions-constructs/aws-eventbridge-sqs`
Java	`software.amazon.awsconstructs.services.eventbridgesqs`

Overview

This AWS Solutions Construct implements an Amazon EventBridge rule and an AWS SQS Queue.

Here is a minimal deployable pattern definition:

Typescript


import { Construct } from 'constructs';
import { Stack, StackProps, Duration } from 'aws-cdk-lib';
import * as events from 'aws-cdk-lib/aws-events';
import * as iam from 'aws-cdk-lib/aws-iam';
import { EventbridgeToSqsProps, EventbridgeToSqs } from "@aws-solutions-constructs/aws-eventbridge-sqs";

const constructProps: EventbridgeToSqsProps = {
  eventRuleProps: {
    schedule: events.Schedule.rate(Duration.minutes(5))
  }
};

const constructStack = new EventbridgeToSqs(this, 'test-construct', constructProps);

// Grant yourself permissions to use the Customer Managed KMS Key
const policyStatement = new iam.PolicyStatement({
  actions: ["kms:Encrypt", "kms:Decrypt"],
  effect: iam.Effect.ALLOW,
  principals: [new iam.AccountRootPrincipal()],
  resources: ["*"]
});

constructStack.encryptionKey?.addToResourcePolicy(policyStatement);

Python


from aws_solutions_constructs.aws_eventbridge_sqs import EventbridgeToSqsProps, EventbridgeToSqs
from aws_cdk import (
    aws_events as events,
    aws_iam as iam,
    Duration,
    Stack
)
from constructs import Construct

construct_stack = EventbridgeToSqs(self, 'test-construct',
                                    event_rule_props=events.RuleProps(
                                        schedule=events.Schedule.rate(
                                            Duration.minutes(5))
                                    ))

# Grant yourself permissions to use the Customer Managed KMS Key
policy_statement = iam.PolicyStatement(
    actions=["kms:Encrypt", "kms:Decrypt"],
    effect=iam.Effect.ALLOW,
    principals=[iam.AccountRootPrincipal()],
    resources=["*"]
)

construct_stack.encryption_key.add_to_resource_policy(policy_statement)

Java


import software.constructs.Construct;
import java.util.List;

import software.amazon.awscdk.Stack;
import software.amazon.awscdk.StackProps;
import software.amazon.awscdk.Duration;
import software.amazon.awscdk.services.events.*;
import software.amazon.awscdk.services.iam.*;
import software.amazon.awsconstructs.services.eventbridgesqs.*;

final EventbridgeToSqs constructStack = new EventbridgeToSqs(this, "test-construct",
        new EventbridgeToSqsProps.Builder()
                .eventRuleProps(new RuleProps.Builder()
                        .schedule(Schedule.rate(Duration.minutes(5)))
                        .build())
                .build());

// Grant yourself permissions to use the Customer Managed KMS Key
final PolicyStatement policyStatement = PolicyStatement.Builder.create()
        .actions(List.of("kms:Encrypt", "kms:Decrypt"))
        .effect(Effect.ALLOW)
        .principals(List.of(new AccountRootPrincipal()))
        .resources(List.of("*"))
        .build();

constructStack.getEncryptionKey().addToResourcePolicy(policyStatement);

Pattern Construct Props

Name	Type	Description
existingEventBusInterface?	`events.IEventBus`	Optional user-provided custom EventBus for construct to use. Providing both this and `eventBusProps` results an error.
eventBusProps?	`events.EventBusProps`	Optional user-provided properties to override the default properties when creating a custom EventBus. Setting this value to `{}` will create a custom EventBus using all default properties. If neither this nor `existingEventBusInterface` is provided the construct will use the `default` EventBus. Providing both this and `existingEventBusInterface` results an error.
eventRuleProps	`events.RuleProps`	User provided eventRuleProps to override the defaults.
targetProps?	`eventtargets.SqsQueueProps`	Optional user provided properties to define the SQS target on the Event Rule. If you specify a deadLetterQueue for the rule here, you are responsible for adding a resource policy to the queue allowing events.amazonaws.com permission to SendMessage, GetQueueUrl and GetQueueAttributes. You cannot send a DLQ in this property and set deployEventRuleDlq to true. Default is undefined and all system defaults are used.
eventRuleDlqKeyProps	kms.KeyProps	Optional properties to define the key created to protect the ruleDlq. Only valid if deployRuleDlq is set to true. Defaults to CloudFormation defaults.
deployEventRuleDlq?	boolean	Whether to deploy a DLQ for the Event Rule. If set to `true`, this DLQ will receive any messages that can’t be delivered to the target SQS queue. Defaults to `false`.
existingQueueObj?	`sqs.Queue`	An optional, existing SQS queue to be used instead of the default queue. Providing both this and `queueProps` will cause an error.
queueProps?	`sqs.QueueProps`	User provided props to override the default props for the SQS Queue.
enableQueuePurging?	`boolean`	Whether to grant additional permissions to the Lambda function enabling it to purge the SQS queue. Defaults to `false`.
deployDeadLetterQueue?	`boolean`	Whether to create a secondary queue to be used as a dead letter queue. Defaults to `true`.
deadLetterQueueProps?	`sqs.QueueProps`	Optional user-provided props to override the default props for the dead letter queue. Only used if the `deployDeadLetterQueue` property is set to true.
maxReceiveCount?	`number`	The number of times a message can be unsuccessfully dequeued before being moved to the dead letter queue. Defaults to `15`.
enableEncryptionWithCustomerManagedKey?	`boolean`	If no key is provided, this flag determines whether the queue is encrypted with a new CMK or an AWS managed key. This flag is ignored if any of the following are defined: queueProps.encryptionMasterKey, encryptionKey or encryptionKeyProps.
encryptionKey?	`kms.Key`	An optional, imported encryption key to encrypt the SQS Queue with.
encryptionKeyProps?	`kms.KeyProps`	Optional user provided properties to override the default properties for the KMS encryption key used to encrypt the SQS queue with.

Pattern Properties

Name	Type	Description
eventBus?	`events.IEventBus`	Returns the instance of events.IEventBus used by the construct
eventsRule	`events.Rule`	Returns an instance of events.Rule created by the construct
eventRuleDlq?	`sqs.Queue`](https://docs.aws.amazon.com/cdk/api/v2/docs/aws-cdk-lib.aws_sqs.Queue.html)	If the client sets deployEventRuleDlq to "true", then this value will contain the DLQ set up for the rule.
eventRuleDlqKey	kms.IKey	The key created to encrypt the eventRuleDlq.
sqsQueue	`sqs.Queue`	Returns an instance of sqs.Queue created by the construct
encryptionKey?	`kms.Key`	Returns an instance of kms Key used for the SQS queue.
deadLetterQueue?	`sqs.Queue`	Returns an instance of the dead-letter SQS queue created by the pattern.

Default settings

Out of the box implementation of the Construct without any override will set the following defaults:

Amazon EventBridge Rule

Grant least privilege permissions to EventBridge rule to publish to the SQS Queue.

Amazon SQS Queue

Deploy SQS dead-letter queue for the source SQS Queue.
Enable server-side encryption for source SQS Queue using Customer managed KMS Key.
Enforce encryption of data in transit.

Architecture

Diagram showing the EventBridge rule, SQS queue and IAM role created by the construct

Github

Go to the Github repo for this pattern to view the code, read/create issues and pull requests and more.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

aws-eventbridge-sns

aws-eventbridge-stepfunctions