This topic provides reference information about the CSB AWS SQS (csb-aws-sqs) service. It details the service instance configuration parameters and binding credentials.
Plan Configuration Parameters
When configuring Cloud Service Broker for AWS you can add additional plans. For instructions on how to configure plans, see Configure Services with Cloud Service Broker for AWS.
The following table outlines parameters that can be configured for additional plans:
| Parameter name | Description | Default | Required |
|---|---|---|---|
name |
The plan name. | n/a | Yes |
id |
A unique GUID. | n/a | Yes |
description |
Description of the new plan. | n/a | Yes |
free |
When false, service instances of this service plan have a cost. | true | No |
bindable |
Specifies whether service instances of the service plan can bind to applications. | true | No |
plan_updateable |
Whether the plan supports upgrading, downgrading, or sidegrading to another version. | true | No |
metadata.displayName |
Name to use when displaying the plan in the Marketplace. | n/a | No |
metadata.bullets |
List of bullet points to display in Apps Manager. | n/a | No |
You can also add any of the parameters listed in the Configuration Parameters section to your plan.
NoteIf you set a parameter at plan level, developers cannot change the value when creating or updating service instances.
Configuration Parameters
You can provision an SQS service by executing:
cf create-service csb-aws-sqs PLAN-NAME SERVICE-INSTANCE-NAME -c '{"PARAMETER-NAME": "PARAMETER-VALUE"}'
And update the configuration parameters for an existing service instance with:
cf update-service SERVICE-INSTANCE-NAME -c '{"PARAMETER-NAME": "PARAMETER-VALUE"}'
The following table lists the parameters that you can configure, by using the -c flag, when provisioning or updating a csb-aws-sqs service. The Operation column displays whether a parameter is supported for both provision and update, or for provision only:
| Parameter Name | Type | Description | Default | Operation |
|---|---|---|---|---|
region |
String | The AWS region where the SQS queue is created. | The value the operator entered for region in Ops Manager. | provision |
fifo |
Boolean | Specifies whether to create a FIFO queue. This cannot be altered once the queue is created. | false |
provision |
visibility_timeout_seconds |
Integer | The visibility timeout for the queue, in seconds. Ranges from 0 to 43200 (12 hours). | 30 |
provision and update |
message_retention_seconds |
Integer | The duration Amazon SQS retains a message, in seconds. Ranges from 60 (1 minute) to 1209600 (14 days). | 345600 (4 days) |
provision and update |
max_message_size |
Integer | The maximum message size in bytes. Ranges from 1024 bytes (1 KiB) to 262144 bytes (256 KiB). | 262144 (256 KiB) |
provision and update |
delay_seconds |
Integer | The delay in seconds for message delivery to the queue. Ranges from 0 to 900 (15 minutes). | 0 |
provision and update |
receive_wait_time_seconds |
Integer | The duration for the ReceiveMessage call to wait for a message to arrive before returning, in seconds. | 0 |
provision and update |
aws_access_key_id |
String | Your AWS access key for authentication. | The value the operator entered for AWS Access Key in Ops Manager. | provision and update |
aws_secret_access_key |
String | Your AWS secret key for authentication. | The value the operator entered for AWS Secret Access Key in Ops Manager. | provision and update |
dlq_arn |
String | ARN of the Dead Letter Queue. Configures redrive policy for the queue if provided. | "" |
provision and update |
max_receive_count |
Integer | The number of times a message is delivered to the source queue before being moved to the DLQ. | 5 |
provision and update |
content_based_deduplication |
Boolean | Enables content-based deduplication for FIFO queues. | false |
provision and update |
deduplication_scope |
String | Determines the scope of deduplication for messages within the FIFO queue. Values are messageGroup or queue. |
null |
provision and update |
fifo_throughput_limit |
String | Manages the throughput limit for the FIFO queue. Values are perQueue or perMessageGroupId. When High throughput Mode is ON, the value for deduplication_scope must be messageGroup or the operation fails. If not defined for a FIFO queue it defaults to perQueue. |
null |
provision and update |
sqs_managed_sse_enabled |
Boolean | Enable SQS-managed encryption keys for encrypting messages. | true |
provision and update |
kms_master_key_id |
String | Specify the AWS KMS customer master key (CMK) for encryption. Overrides the sqs_managed_sse_enabled property. E.g: alias/aws/sqs |
"" |
provision and update |
kms_data_key_reuse_period_seconds |
Integer | Duration in seconds for the reuse of a data key for encrypting messages. Ranges from 60 (1 minute) to 86400 (24 hours). | 300 (5 minutes) |
provision and update |
kms_extra_key_ids |
String | A comma-separated list of AWS KMS key IDs used for SSE-KMS operations. Since a DLQ can receive messages from multiple sources, all the KMS key IDs used as sources must be included. | "" |
provision and update |
Binding
The binding operation creates the credentials to access the service and binds the service with an app on Cloud Foundry.
You can bind a service by running:
cf bind-service APP-NAME SERVICE-INSTANCE-NAME --binding-name BINDING-NAME
Binding Parameters
For the CSB AWS SQS service, there are no user-configurable parameters required during the bind operation.
Binding Credentials
When you bind an application to a CSB AWS SQS service instance, the credentials provided includes necessary information and permissions for interacting with the SQS queue. This includes standard and FIFO queues, as well as any associated Dead Letter Queues (DLQs).
The binding credentials format for Amazon SQS is as follows:
{
"arn": "QUEUE-ARN",
"region": "QUEUE-REGION",
"queue_name": "QUEUE-NAME",
"queue_url": "QUEUE-URL",
"access_key_id": "ACCESS-KEY-ID",
"secret_access_key": "SECRET-ACCESS-KEY",
"dlq_arn": "DLQ-ARN",
"kms_all_key_ids": "KMS-KEY-IDS"
}
Key Details:
- ARN: Amazon Resource Name for the queue.
- Region: AWS region where the queue is hosted.
- Queue Name: The name of the SQS queue.
- Queue URL: The URL for accessing the SQS queue.
- Access Key ID & Secret Access Key: User credentials to authenticate API requests to AWS SQS.
- DLQ ARN: Amazon Resource Name for the Dead Letter Queue, if configured.
- KMS Key IDs: The AWS KMS key IDs used for server-side encryption (SSE) operations.
Permissions:
- The binding has permissions necessary for standard operations on the queue, for example, send, receive, delete messages.
- If the SQS instance has an associated DLQ, the binding also has permissions to trigger redrive operations.
- This allows messages to be moved back from the DLQ to the original queue, facilitating message reprocessing after failures.
- These permissions ensure that applications bound to the SQS service instance can fully manage message life cycle within both the main queue and any associated DLQs.
By utilizing the provided credentials, applications can securely and efficiently interact with the SQS service, leveraging powerful messaging capabilities for building resilient and scalable cloud-native applications.
