MQ - AWS Serverless Application Model

MQ

The object describing an MQ event source type. For more information, see Using Lambda with Amazon MQ in the AWS Lambda Developer Guide.

AWS SAM generates an AWS::Lambda::EventSourceMapping resource when this event type is set.

Note: To have an Amazon MQ queue in a virtual private cloud (VPC) but your Lambda function in a public network, your function's execution role must include the following permissions: ec2:CreateNetworkInterface, ec2:DeleteNetworkInterface, ec2:DescribeNetworkInterfaces, ec2:DescribeSecurityGroups, ec2:DescribeSubnets, ec2:DescribeVpcs. For more information, see Execution role permissions in the AWS Lambda Developer Guide.

Syntax

To declare this entity in your AWS Serverless Application Model (AWS SAM) template, use the following syntax.

YAML

BatchSize: Integer Broker: String Enabled: Boolean Queues: List SecretsManagerKmsKeyId: String SourceAccessConfigurations: List

Properties

BatchSize

The maximum number of items to retrieve in a single batch.

Type: Integer

Required: No

Default: 100

AWS CloudFormation compatibility: This property is passed directly to the BatchSize property of an AWS::Lambda::EventSourceMapping resource.

Minimum: 1

Maximum: 10000

Broker

The Amazon Resource Name (ARN) of the Amazon MQ broker.

Type: String

Required: Yes

AWS CloudFormation compatibility: This property is passed directly to the EventSourceArn property of an AWS::Lambda::EventSourceMapping resource.

Enabled

If true, the event source mapping is active. To pause polling and invocation, set to false.

Type: Boolean

Required: No

AWS CloudFormation compatibility: This property is passed directly to the Enabled property of an AWS::Lambda::EventSourceMapping resource.

Queues

The name of the Amazon MQ broker destination queue to consume.

Type: List

Required: Yes

AWS CloudFormation compatibility: This property is passed directly to the Queues property of an AWS::Lambda::EventSourceMapping resource.

SecretsManagerKmsKeyId

The AWS Key Management Service (AWS KMS) key ID of a customer managed key from AWS Secrets Manager. This property is required if you use a customer managed key from Secrets Manager, but your Lambda execution role doesn't include the kms:Decrypt permission.

The value of this property is a UUID. For example: 1abc23d4-567f-8ab9-cde0-1fab234c5d67.

Type: String

Required: Conditional

AWS CloudFormation compatibility: This property is unique to AWS SAM and doesn't have an AWS CloudFormation equivalent.

SourceAccessConfigurations

An array of the authentication protocol or vitual host. Specify this using the SourceAccessConfigurations data type.

Note: For the MQ event source type, the only valid configuration types are BASIC_AUTH and VIRTUAL_HOST.

BASIC_AUTH - The Secrets Manager secret that stores your broker credentials. For this type, the credential must be in the following format: {"username": "your-username", "password": "your-password"}. Only one object of type BASIC_AUTH is allowed.

VIRTUAL_HOST - The name of the virtual host in your RabbitMQ broker. Lambda will use this Rabbit MQ's host as the event source. Only one object of type VIRTUAL_HOST is allowed.

Type: List

Required: Yes

AWS CloudFormation compatibility: This property is passed directly to the SourceAccessConfigurations property of an AWS::Lambda::EventSourceMapping resource.

Examples

Amazon MQ event source

The following is an example of an MQ event source type for an Amazon MQ broker.

YAML

Events: MQEvent: Type: MQ Properties: Broker: arn:aws:mq:us-east-2:123456789012:broker:MyBroker:b-1234a5b6-78cd-901e-2fgh-3i45j6k178l9 Queues: List of queues SourceAccessConfigurations: - Type: BASIC_AUTH URI: arn:aws:secretsmanager:us-east-1:01234567890:secret:MyBrokerSecretName BatchSize: 200 Enabled: true