aws-s3-sqs
| Reference Documentation: | https://docs.aws.amazon.com/solutions/latest/constructs/ |
| Language | Package |
|---|---|
|
|
|
|
|
|
|
|
|
Overview
This AWS Solutions Construct implements an Amazon S3 Bucket that is configured to send notifications to an Amazon SQS queue.
Here is a minimal deployable pattern definition:
Example
Pattern Construct Props
| Name | Type | Description |
|---|---|---|
|
existingBucketObj? |
Optional - existing instance of S3 Bucket. If this is provided, then also providing bucketProps causes an error. |
|
|
bucketProps? |
Optional user provided props to override the default props for the S3 Bucket, providing both this and |
|
|
s3EventTypes? |
The S3 event types that will trigger the notification. Defaults to s3.EventType.OBJECT_CREATED. |
|
|
s3EventFilters? |
S3 object key filter rules to determine which objects trigger this event. If not specified no filter rules will be applied. |
|
|
existingQueueObj? |
Existing SQS queue to be used instead of the default queue. Providing
both this and |
|
|
queueProps? |
Optional - user provided properties to override the default properties for the SQS queue. Providing both this and |
|
|
deadLetterQueueProps? |
Optional user provided props to override the default props for the dead letter SQS queue. |
|
|
deployDeadLetterQueue? |
|
Whether to create a secondary queue to be used as a dead letter queue. Defaults to true. |
|
maxReceiveCount? |
|
The number of times a message can be unsuccessfully dequeued before being moved to the dead letter queue. Defaults to 15. |
|
enableEncryptionWithCustomerManagedKey? |
|
If no key is provided, this flag determines whether the queue is encrypted with a new CMK or an AWS managed key. This flag is ignored if any of the following are defined: queueProps.encryptionMasterKey, encryptionKey or encryptionKeyProps. |
|
encryptionKey? |
An optional, imported encryption key to encrypt the SQS Queue with. |
|
|
encryptionKeyProps? |
Optional user provided properties to override the default properties for the KMS encryption key used to encrypt the SQS queue with. |
|
|
loggingBucketProps? |
Optional user provided props to override the default props for the S3 Logging Bucket. |
|
|
logS3AccessLogs? |
boolean |
Whether to turn on Access Logging for the S3 bucket. Creates an S3 bucket with associated storage costs for the logs. Enabling Access Logging is a best practice. default - true |
Pattern Properties
| Name | Type | Description |
|---|---|---|
|
sqsQueue |
Returns an instance of the SQS queue created by the pattern. |
|
|
deadLetterQueue? |
Returns an instance of the dead-letter SQS queue created by the pattern. |
|
|
encryptionKey |
Returns an instance of kms.Key used for the SQS queue. |
|
|
s3Bucket? |
Returns an instance of the s3.Bucket created by the construct |
|
|
s3LoggingBucket? |
Returns an instance of s3.Bucket created by the construct as the logging bucket for the primary bucket. |
|
|
s3BucketInterface |
Returns an instance of s3.IBucket created by the construct. |
Default settings
Out of the box implementation of the Construct without any override will set the following defaults:
Amazon S3 Bucket
-
Configure Access logging for S3 Bucket
-
Enable server-side encryption for S3 Bucket using AWS managed KMS Key
-
Enforce encryption of data in transit
-
Turn on the versioning for S3 Bucket
-
Don’t allow public access for S3 Bucket
-
Retain the S3 Bucket when deleting the CloudFormation stack
-
Applies Lifecycle rule to move noncurrent object versions to Glacier storage after 90 days
Amazon SQS Queue
-
Configure least privilege access permissions for SQS Queue
-
Deploy SQS dead-letter queue for the source SQS Queue
-
Enable server-side encryption for SQS Queue using Customer managed KMS Key
-
Enforce encryption of data in transit
Architecture
Github
Go to the Github repo
