# Logging and monitoring in Amazon SQS Logging and monitoring Amazon Simple Queue Service is integrated with [AWS CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-user-guide.html), a service that provides a record of actions taken by a user, role, or an AWS service. CloudTrail captures all API calls for Amazon SQS as events. The calls captured include calls from the Amazon SQS console and code calls to the Amazon SQS API operations. Using the information collected by CloudTrail, you can determine the request that was made to Amazon SQS, the IP address from which the request was made, when it was made, and additional details. Every event or log entry contains information about who generated the request. The identity information helps you determine the following: + Whether the request was made with root user or user credentials. + Whether the request was made on behalf of an IAM Identity Center user. + Whether the request was made with temporary security credentials for a role or federated user. + Whether the request was made by another AWS service. CloudTrail is active in your AWS account when you create the account and you automatically have access to the CloudTrail **Event history**. The CloudTrail **Event history** provides a viewable, searchable, downloadable, and immutable record of the past 90 days of recorded management events in an AWS Region. For more information, see [Working with CloudTrail Event history](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html) in the *AWS CloudTrail User Guide*. There are no CloudTrail charges for viewing the **Event history**. For an ongoing record of events in your AWS account past 90 days, create a trail or a [CloudTrail Lake](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-lake.html) event data store. **Amazon CloudWatch Alarms** Monitor a single metric over a time period you specify, and take one or more actions based on the metric's value relative to a defined threshold over several periods. For example, you can configure a CloudWatch alarm to send a notification to an Amazon SNS topic or trigger an action to send a message to an Amazon SQS queue. CloudWatch alarms don't perform actions simply because they are in a specific state; the state must change and remain in that state for a defined number of periods. For more information, see [Creating CloudWatch alarms for Amazon SQS metrics](set-cloudwatch-alarms-for-metrics.md) and [Creating alarms for dead-letter queues using Amazon CloudWatch](dead-letter-queues-alarms-cloudwatch.md). **Amazon CloudWatch Logs** Monitor, store, and access log files related to Amazon SQS by configuring your applications or Lambda functions that process messages to send logs to CloudWatch Logs. You can use these logs to analyze message processing, debug issues, and monitor the performance of your Amazon SQS workflows. For more information, see [Logging Amazon Simple Queue Service API calls using AWS CloudTrail](logging-using-cloudtrail.md). **Amazon CloudWatch Events** Use Amazon CloudWatch Events to detect changes or specific events in your AWS environment and route them to an Amazon SQS queue. This allows you to capture event data, trigger workflows, or store events for processing later. For more information, see [Automating notifications from AWS services to Amazon SQS using Amazon EventBridge](sqs-automating-using-eventbridge.md) in this guide and [EventBridge is the evolution of Amazon CloudWatch Events](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-cwe-now-eb.html) in the *Amazon EventBridge User Guide*. **AWS CloudTrail Logs** CloudTrail captures a detailed record of actions performed on Amazon SQS by users, roles, or AWS services. These logs let you track API calls, such as [https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_SendMessage.html](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_SendMessage.html), [https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_ReceiveMessage.html](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_ReceiveMessage.html), or [https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_DeleteQueue.html](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_DeleteQueue.html), and provide key details such as who made the request, when it occurred, and the originating IP address. For more information, see [Logging Amazon Simple Queue Service API calls using AWS CloudTrail](logging-using-cloudtrail.md). **AWS Trusted Advisor** Trusted Advisor uses best practices developed from serving AWS customers to help optimize your Amazon SQS usage. It reviews your Amazon SQS queues and provides actionable recommendations to enhance security, improve message processing reliability, and reduce costs. For example, it may suggest enabling dead-letter queues or to improve your queue access policies to ensure secure operations. For more information, see [AWS Trusted Advisor](https://docs.aws.amazon.com/awssupport/latest/user/getting-started.html#trusted-advisor) in the *Support User Guide*. **CloudTrail trails** A *trail* enables CloudTrail to deliver log files to an Amazon S3 bucket. All trails created using the AWS Management Console are multi-Region. You can create a single-Region or a multi-Region trail by using the AWS CLI. Creating a multi-Region trail is recommended because you capture activity in all AWS Regions in your account. If you create a single-Region trail, you can view only the events logged in the trail's AWS Region. For more information about trails, see [Creating a trail for your AWS account](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html) and [Creating a trail for an organization](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/creating-trail-organization.html) in the *AWS CloudTrail User Guide*. You can deliver one copy of your ongoing management events to your Amazon S3 bucket at no charge from CloudTrail by creating a trail, however, there are Amazon S3 storage charges. For more information about CloudTrail pricing, see [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/). For information about Amazon S3 pricing, see [Amazon S3 Pricing](https://aws.amazon.com/s3/pricing/). **CloudTrail Lake event data stores** *CloudTrail Lake* lets you run SQL-based queries on your events. CloudTrail Lake converts existing events in row-based JSON format to [ Apache ORC](https://orc.apache.org/) format. ORC is a columnar storage format that is optimized for fast retrieval of data. Events are aggregated into *event data stores*, which are immutable collections of events based on criteria that you select by applying [advanced event selectors](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-lake-concepts.html#adv-event-selectors). The selectors that you apply to an event data store control which events persist and are available for you to query. For more information about CloudTrail Lake, see [Working with AWS CloudTrail Lake](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-lake.html) in the *AWS CloudTrail User Guide*. CloudTrail Lake event data stores and queries incur costs. When you create an event data store, you choose the [pricing option](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-lake-manage-costs.html#cloudtrail-lake-manage-costs-pricing-option) you want to use for the event data store. The pricing option determines the cost for ingesting and storing events, and the default and maximum retention period for the event data store. For more information about CloudTrail pricing, see [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/). # Logging Amazon Simple Queue Service API calls using AWS CloudTrail Logging API calls CloudTrail allows you to log and monitor Amazon SQS operations using two event types: data events and management events. This makes it easy to track and audit Amazon SQS activity in your account. ## Amazon SQS data events in CloudTrail [Data events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events) provide information about the resource operations performed on or in a resource (for example, sending messages to an Amazon SQS object). These are also known as data plane operations. Data events are often high-volume activities. By default, CloudTrail doesn’t log data events. The CloudTrail **Event history** doesn't record data events. Additional charges apply for data events. For more information about CloudTrail pricing, see [AWS CloudTrail Pricing](https://aws.amazon.com/cloudtrail/pricing/). You can log data events for the Amazon SQS resource types by using the CloudTrail console, AWS CLI, or CloudTrail API operations. For more information about how to log data events, see [Logging data events with the AWS Management Console](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#logging-data-events-console) and [Logging data events with the AWS Command Line Interface](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-data-events-with-cloudtrail.html#creating-data-event-selectors-with-the-AWS-CLI) in the *AWS CloudTrail User Guide*. To log Amazon SQS data events with CloudTrail, you must use advanced event selectors to configure the specific Amazon SQS resources or actions you want to log. Include the resource type [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queue.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queue.html) to capture queue-related actions. You can refine your logging preferences even further with using filters like `eventName` (such as [https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_SendMessage.html](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_SendMessage.html) events). For more information, see [AdvancedEventSelector](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedEventSelector.html) in the *CloudTrail API Reference*. | Data event type (console) | resources.type value | Data APIs logged to CloudTrail | | --- | --- | --- | | Amazon SQS queue | [https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queue.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-sqs-queue.html) | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/logging-using-cloudtrail.html) | Use advanced event selectors to filter fields and log only important events. For more information about these fields, see [https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html](https://docs.aws.amazon.com/awscloudtrail/latest/APIReference/API_AdvancedFieldSelector.html) in the *AWS CloudTrail API Reference*. ## Amazon SQS management events in CloudTrail [Management events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/logging-management-events-with-cloudtrail.html#logging-management-events) provide information about management operations that are performed on resources in your AWS account. These are also known as control plane operations. By default, CloudTrail logs management events. Amazon SQS logs the following control plane operations to CloudTrail as *management events*. + [AddPermission](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_AddPermission.html) + [CancelMessageMoveTask](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_CancelMessageMoveTask.html) + [CreateQueue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_CreateQueue.html) + [DeleteQueue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_DeleteQueue.html) + [ListMessageMoveTasks](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_ListMessageMoveTasks.html) + [PurgeQueue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_PurgeQueue.html) + [RemovePermission](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_RemovePermission.html) + [SetQueueAttributes](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_SetQueueAttributes.html) + [StartMessageMoveTask](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_StartlMessageMoveTask.html) + [TagQueue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_TagQueue.html) + [UntagQueue](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_UntagQueue.html) ## Amazon SQS event example An event represents a single request from any source and includes information about the requested API operation, the date and time of the operation, request parameters, and so on. CloudTrail log files aren't an ordered stack trace of the public API calls, so events don't appear in any specific order. The following example shows a CloudTrail event that demonstrates the `SendMessage` operation. ``` { "eventVersion": "1.09", "userIdentity": { "type": "AssumedRole", "principalId": "EXAMPLE_PRINCIPAL_ID", "arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed/SessionName", "accountId": "123456789012", "accessKeyId": "ACCESS_KEY_ID", "sessionContext": { "sessionIssuer": { "type": "Role", "principalId": "AKIAI44QH8DHBEXAMPLE", "arn": "arn:aws:sts::123456789012:assumed-role/RoleToBeAssumed", "accountId": "123456789012", "userName": "RoleToBeAssumed" }, "attributes": { "creationDate": "2023-11-07T22:13:06Z", "mfaAuthenticated": "false" } } }, "eventTime": "2023-11-07T23:59:11Z", "eventSource": "sqs.amazonaws.com", "eventName": "SendMessage", "awsRegion": "ap-southeast-4", "sourceIPAddress": "10.0.118.80", "userAgent": "aws-cli/1.29.16 md/Botocore#1.31.16 ua/2.0 os/linux#5.4.250-173.369.amzn2int.x86_64 md/arch#x86_64 lang/python#3.8.17 md/pyimpl#CPython cfg/retry-mode#legacy botocore/1.31.16", "requestParameters": { "queueUrl": "https://sqs.ap-southeast-4.amazonaws.com/123456789012/MyQueue", "messageBody": "HIDDEN_DUE_TO_SECURITY_REASONS", "messageDeduplicationId": "MsgDedupIdSdk1ae1958f2-bbe8-4442-83e7-4916e3b035aa", "messageGroupId": "MsgGroupIdSdk16" }, "responseElements": { "mD5OfMessageBody": "9a4e3f7a614d9dd9f8722092dbda17a2", "mD5OfMessageSystemAttributes": "f88f0587f951b7f5551f18ae699c3a9d", "messageId": "93bb6e2d-1090-416c-81b0-31eb1faa8cd8", "sequenceNumber": "18881790870905840128" }, "requestID": "c4584600-fe8a-5aa3-a5ba-1bc42f055fae", "eventID": "98c735d8-70e0-4644-9432-b6ced4d791b1", "readOnly": false, "resources": [ { "accountId": "123456789012", "type": "AWS::SQS::Queue", "ARN": "arn:aws:sqs:ap-southeast-4:123456789012:MyQueue" } ], "eventType": "AwsApiCall", "managementEvent": false, "recipientAccountId": "123456789012", "eventCategory": "Data", "tlsDetails": { "tlsVersion": "TLSv1.2", "cipherSuite": "ECDHE-RSA-AES128-GCM-SHA256", "clientProvidedHostHeader": "sqs.ap-southeast-4.amazonaws.com" } ``` **Note** The `ListQueues` operation is a unique case because it doesn’t act on a specific resource. As a result, the ARN field doesn’t include a queue name and uses a wildcard (\$1) instead. For information about CloudTrail record contents, see [CloudTrail record contents](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-record-contents.html) in the *AWS CloudTrail User Guide*. # Monitoring Amazon SQS queues using CloudWatch Monitoring queues Amazon SQS and Amazon CloudWatch are integrated so you can use CloudWatch to view and analyze metrics for your Amazon SQS queues. You can view and analyze your queues' metrics from the [Amazon SQS console](sqs-access-metrics.md#access-cloudwatch-metrics-sqs-console), the [CloudWatch console](sqs-access-metrics.md#access-metrics-cloudwatch-console), using the [AWS CLI](sqs-access-metrics.md#access-cloudwatch-metrics-cli), or using the [CloudWatch API](sqs-access-metrics.md#access-metrics-cloudwatch-api). You can also [set CloudWatch alarms](set-cloudwatch-alarms-for-metrics.md) for Amazon SQS metrics. CloudWatch metrics for your Amazon SQS queues are automatically collected and pushed to CloudWatch at one-minute intervals. These metrics are gathered on all queues that meet the CloudWatch guidelines for being *active*. CloudWatch considers a queue to be active for up to six hours if it contains any messages, or if any action accesses it. When an Amazon SQS queue is inactive for more than six hours, the Amazon SQS service is considered asleep and stops delivering metrics to the CloudWatch service. Missing data, or data representing zero, can't be visualized in the CloudWatch metrics for Amazon SQS for the time period that your Amazon SQS queue was inactive. **Note** An Amazon SQS queue can be activated when the user calling an API against the queue is not authorized, and the request fails. The Amazon SQS console performs a [https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_GetQueueAttributes.html](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_GetQueueAttributes.html) API call when the queue’s page is opened. The `GetQueueAttributes` API request activates the queue. A delay of up to 15 minutes occurs in CloudWatch metrics when a queue is activated from an inactive state. There is no charge for the Amazon SQS metrics reported in CloudWatch. They're provided as part of the Amazon SQS service. CloudWatch metrics are supported for both standard and FIFO queues. # Accessing CloudWatch metrics for Amazon SQS Amazon SQS and Amazon CloudWatch are integrated so you can use CloudWatch to view and analyze metrics for your Amazon SQS queues. You can view and analyze your queues' metrics from the [Amazon SQS console](#access-cloudwatch-metrics-sqs-console), the [CloudWatch console](#access-metrics-cloudwatch-console), using the [AWS CLI](#access-cloudwatch-metrics-cli), or using the [CloudWatch API](#access-metrics-cloudwatch-api). You can also [set CloudWatch alarms](set-cloudwatch-alarms-for-metrics.md) for Amazon SQS metrics. ## Using the Amazon SQS console Use the Amazon SQS console to access and analyze metrics for up to 10 Amazon SQS queues. 1. Sign in to the [Amazon SQS console](https://console.aws.amazon.com/sqs/). 1. In the list of queues, choose (check) the boxes for the queues that you want to access metrics for. You can show metrics for up to 10 queues. 1. Choose the **Monitoring** tab. Various graphs are displayed in the **SQS metrics** section. 1. To understand what a particular graph represents, hover over ![\[Information icon.\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/images/information.png) next to the desired graph, or see [Available CloudWatch metrics for Amazon SQS](sqs-available-cloudwatch-metrics.md). 1. To change the time range for all of the graphs at the same time, for **Time Range**, choose the desired time range (for example, **Last Hour**). 1. To view additional statistics for an individual graph, choose the graph. 1. In the **CloudWatch Monitoring Details** dialog box, select a **Statistic**, (for example, **Sum**). For a list of supported statistics, see [Available CloudWatch metrics for Amazon SQS](sqs-available-cloudwatch-metrics.md). 1. To change the time range and time interval that an individual graph displays (for example, to show a time range of the last 24 hours instead of the last 5 minutes, or to show a time period of every hour instead of every 5 minutes), with the graph's dialog box still displayed, for **Time Range**, choose the desired time range (for example, **Last 24 Hours**). For **Period**, choose the desired time period within the specified time range (for example, **1 Hour**). When you're finished looking at the graph, choose **Close**. 1. (Optional) To work with additional CloudWatch features, on the **Monitoring** tab, choose **View all CloudWatch metrics**, and then follow the instructions in the [Using the Amazon CloudWatch console](#access-metrics-cloudwatch-console) procedure. ## Using the Amazon CloudWatch console Use the CloudWatch console to access and analyze Amazon SQS metrics. 1. Sign in to the [CloudWatch console](https://console.aws.amazon.com/cloudwatch/). 1. On the navigation panel, choose **Metrics**. 1. Select the **SQS** metric namespace. ![\[The CloudWatch console displaying the All Metrics tab with Amazon SQS highlighted.\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/images/sqs-cloudwatch-queue-metrics-namespace.png) 1. Select the **Queue Metrics** metric dimension. ![\[The CloudWatch console displaying the All Metrics tab with Queue Metrics highlighted.\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/images/sqs-cloudwatch-queue-metrics-dimension.png) 1. You can now examine your Amazon SQS metrics: + To sort the metrics, use the column heading. + To graph a metric, select the check box next to the metric. + To filter by metric, choose the metric name and then choose **Add to search**. ![\[The CloudWatch console displaying the with Add to search highlighted in the metric name menu.\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/images/sqs-cloudwatch-queue-metrics-examine.png) For more information and additional options, see [Graph Metrics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/graph_metrics.html) and [Using Amazon CloudWatch Dashboards](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/CloudWatch_Dashboards.html) in the *Amazon CloudWatch User Guide*. ## Using the AWS Command Line Interface To access Amazon SQS metrics using the AWS CLI, run the `[get-metric-statistics](https://docs.aws.amazon.com/cli/latest/reference/cloudwatch/get-metric-statistics.html)` command. For more information, see [Get Statistics for a Metric](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/getting-metric-statistics.html) in the *Amazon CloudWatch User Guide*. ## Using the CloudWatch API To access Amazon SQS metrics using the CloudWatch API, use the `[GetMetricStatistics](https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_GetMetricStatistics.html)` action. For more information, see [Get Statistics for a Metric](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/getting-metric-statistics.html) in the *Amazon CloudWatch User Guide*. # Creating CloudWatch alarms for Amazon SQS metrics CloudWatch allows you trigger alarms when a metric reaches a specified threshold. For example, you can create an alarm for the `NumberOfMessagesSent` metric. For example, if more than 100 messages are sent to the `MyQueue` queue in 1 hour, an email notification is sent out. For more information, see [Creating Amazon CloudWatch Alarms](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html) in the *Amazon CloudWatch User Guide*. 1. Sign in to the AWS Management Console and open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/). 1. Choose **Alarms**, and then choose **Create Alarm**. 1. In the **Select Metric** section of the **Create Alarm** dialog box, choose **Browse Metrics**, **SQS**. 1. For **SQS > Queue Metrics**, choose the **QueueName** and **Metric Name** for which to set an alarm, and then choose **Next**. For a list of available metrics, see [Available CloudWatch metrics for Amazon SQS](sqs-available-cloudwatch-metrics.md). In the following example, the selection is for an alarm for the `NumberOfMessagesSent` metric for the `MyQueue` queue. The alarm triggers when the number of sent messages exceeds 100. 1. In the **Define Alarm** section of the **Create Alarm** dialog box, do the following: 1. Under **Alarm Threshold**, type the **Name** and **Description** for the alarm. 1. Set **is** to **> 100**. 1. Set **for** to **1 out of 1 datapoints**. 1. Under **Alarm preview**, set **Period** to **1 Hour**. 1. Set **Statistic** to **Standard**, **Sum**. 1. Under **Actions**, set **Whenever this alarm** to **State is ALARM**. If you want CloudWatch to send a notification when the alarm is triggered, select an existing Amazon SNS topic or choose **New list** and enter email addresses separated by commas. **Note** If you create a new Amazon SNS topic, the email addresses must be verified before they receive any notifications. If the alarm state changes before the email addresses are verified, the notifications aren't delivered. 1. Choose **Create Alarm**. The alarm is created. # Available CloudWatch metrics for Amazon SQS Amazon SQS sends the following metrics to CloudWatch. **Note** For some metrics, the result is approximate because of the distributed architecture of Amazon SQS. In most cases, the count should be close to the actual number of messages in the queue. ## Amazon SQS metrics Amazon SQS automatically publishes operational metrics to [Amazon CloudWatch](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/WhatIsCloudWatch.html) under the `AWS/SQS` namespace. These metrics help you monitor queue health and performance. Due to SQS’s distributed nature, many values are approximate, but accurate enough for most operational decisions. **Note** All metrics emit non-negative values only when the queue is active. Some metrics (such as `SentMessageSize`) are not emitted until at least one message is sent. | Metric | Description | Units | Reporting behavior | Key notes | | --- | --- | --- | --- | --- | | ApproximateAgeOfOldestMessage | The age of the oldest unprocessed message in the queue. | Seconds | Reported if the queue contains at least one active message. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-available-cloudwatch-metrics.html) | | ApproximateNumberOfGroupsWithInflightMessages | For FIFO only. The number of message groups with one or more in-flight messages. | Count | Reported if the FIFO queue is active. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-available-cloudwatch-metrics.html) | | ApproximateNumberOfMessagesDelayed | The number of messages in the queue that are delayed and not immediately available for retrieval. | Count | Reported if delayed messages exist in the queue. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-available-cloudwatch-metrics.html) | | ApproximateNumberOfMessagesNotVisible | The number of in-flight messages that have been received but not yet deleted or expired. | Count | Reported if in-flight messages exist. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-available-cloudwatch-metrics.html) | | ApproximateNumberOfMessagesVisible | The number of messages currently available for retrieval and processing. | Count | Reported if the queue is active. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-available-cloudwatch-metrics.html) | | NumberOfEmptyReceives¹ | The number of [ReceiveMessage](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_ReceiveMessage.html) API calls that returned no messages. | Count | Reported during receive operations. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-available-cloudwatch-metrics.html) | | NumberOfDeduplicatedSentMessages | For FIFO only. The number of sent messages that were deduplicated and not added to the queue. | Count | Reported if duplicate MessageDeduplicationId values or content are detected. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-available-cloudwatch-metrics.html) | | NumberOfMessagesDeleted¹ | The number of messages successfully deleted from the queue. | Count | Reported for each delete request with a valid receipt handle. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-available-cloudwatch-metrics.html) | | NumberOfMessagesReceived¹ | The number of messages returned by the [ReceiveMessage](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_ReceiveMessage.html) API. | Count | Reported during receive operations. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-available-cloudwatch-metrics.html) | | NumberOfMessagesSent¹ | The number of messages successfully added to a queue. | Count | Reported for each successful manual send. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-available-cloudwatch-metrics.html) | | SentMessageSize¹ | The size of messages successfully sent to the queue. | Bytes | Not emitted until at least one message is sent. | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-available-cloudwatch-metrics.html) | | ApproximateNumberOfNoisyGroups | The number of message groups that are considered noisy in a fair queue. A noisy message group represents a noisy neighbor tenant of a multi-tenant queue. | Count | A non-negative value is reported [if the queue is active](monitoring-using-cloudwatch.md). | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-available-cloudwatch-metrics.html) | | ApproximateNumberOfMessagesVisibleInQuietGroups | The number of messages visible excluding messages from noisy message groups. | Count | A non-negative value is reported [if the queue is active](monitoring-using-cloudwatch.md). | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-available-cloudwatch-metrics.html) | | ApproximateNumberOfMessagesNotVisibleInQuietGroups | The number of messages in-flight excluding messages from noisy message groups. | Count | A non-negative value is reported [if the queue is active](monitoring-using-cloudwatch.md). | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-available-cloudwatch-metrics.html) | | ApproximateNumberOfMessagesDelayedInQuietGroups | The number of messages excluding messages from noisy message groups that are delayed and not available for reading immediately. Delayed messages occur when the queue is configured as a [delay queue](sqs-delay-queues.md) or when a message has been sent with a delay parameter. | Count | A non-negative value is reported [if the queue is active](monitoring-using-cloudwatch.md). | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-available-cloudwatch-metrics.html) | | ApproximateAgeOfOldestMessageInQuietGroups | The age of the oldest non-deleted message in the queue excluding messages from noisy message groups. | Seconds | A non-negative value is reported [if the queue is active](monitoring-using-cloudwatch.md). | [\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-available-cloudwatch-metrics.html) | ¹ These metrics reflect system-level activity and may include retries, duplicates, or delayed messages. Don’t use raw counts to estimate real-time queue state without factoring in message lifecycle behavior. ## Dead-letter queues (DLQs) and CloudWatch metrics When working with DLQs, it's important to understand how Amazon SQS metrics behave: + **`NumberOfMessagesSent`** – This metric behaves differently for DLQs: + **Manual Sending** – Messages manually sent to a DLQ are captured by this metric. + **Automatic Redrive** – Messages automatically moved to a DLQ due to processing failures are **not** captured by this metric. As a result, the `NumberOfMessagesSent` and `NumberOfMessagesReceived` metrics may show discrepancies for DLQs. + **Recommended Metric for DLQs** – To monitor the state of a DLQ, use the `ApproximateNumberOfMessagesVisible` metric. This metric indicates the number of messages currently available for processing in the DLQ. ## Fair queues and CloudWatch metrics When you use [fair queues](sqs-fair-queues.md), Amazon SQS emits the following additional metrics: + `ApproximateNumberOfNoisyGroups` + `ApproximateNumberOfMessagesVisibleInQuietGroups` + `ApproximateNumberOfMessagesNotVisibleInQuietGroups` + `ApproximateNumberOfMessagesDelayedInQuietGroups` + `ApproximateAgeOfOldestMessageInQuietGroups` **Note** Each `QuietGroup` metric is a subset of the equivalent standard queue-level `Approximate` metric, but excludes messages from noisy neighbor groups. **Noisy groups** A noisy message group represents a noisy neighbor tenant of a multi-tenant queue. **Quiet groups** Message groups excluding noisy groups. **Observing SQS fair queues behavior** To monitor the effect of Amazon SQS fair queues, you can compare `Approximate..InQuietGroups` metrics with standard queue-level metrics. During traffic surges for a specific tenant, the general queue-level metrics may reveal increasing backlogs or older message ages. However, looking at the quiet groups in isolation, you can identify that most non-noisy message groups or tenants are not impacted, and provide an estimate of the total number of impacted message groups. While these new metrics provide a good overview of Amazon SQS fair queues behavior, it can be beneficial to understand which specific tenant is causing the load. [Amazon CloudWatch contributor insights](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ContributorInsights.html) allows you to see metrics about the top-N contributors, the total number of unique contributors, and their usage. This is especially helpful in scenarios where you are dealing with thousands of tenants that would otherwise lead to high-cardinality data (and cost) when emitting traditional metrics. For an example of monitoring configuration for fair queues, see the sample on [GitHub](https://github.com/aws-samples/sample-amazon-sqs-fair-queues). ## Dimensions for Amazon SQS metrics Amazon SQS metrics in CloudWatch use a single dimension: **`QueueName`**. All metric data is grouped and filtered by the name of the queue. ## Monitoring tips Monitor SQS effectively using key metrics and CloudWatch alarms to detect queue backlogs, optimize performance, and stay within service limits. + Set [CloudWatch alarms](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html) based on `ApproximateNumberOfMessagesVisible` to catch backlog growth. + Monitor `NumberOfEmptyReceives` to tune poll frequency and reduce API cost. + Use `ApproximateNumberOfGroupsWithInflightMessages` in FIFO queues to diagnose throughput limits. + Review [SQS quotas](sqs-quotas.md) to understand metric thresholds and service limits.