Posted On: Nov 16, 2023
Today, Amazon Simple Queue Service (SQS) announces support for logging data event SQS APIs using AWS CloudTrail, enabling customers to have greater visibility into SQS activity in their AWS account for best practices in security and operational troubleshooting. Amazon SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
CloudTrail captures API activities related to Amazon SQS queues as events, including calls from the Amazon SQS console and code calls from Amazon SQS APIs. Using the information that CloudTrail collects, you can identify a specific request to an Amazon SQS API, the IP address of the requester, the requester's identity, and the date and time of the request. Logging SQS APIs using CloudTrail helps you enable operational and risk auditing, governance, and compliance of your AWS account. SQS APIs that are now supported for CloudTrail logging are:
- ChangeMessageVisibility
- ChangeMessageVisibilityBatch
- DeleteMessage
- DeleteMessageBatch
- ReceiveMessage
- SendMessage
- SendMessageBatch
To opt-in for CloudTrail logging of the above mentioned data event SQS APIs, you can simply configure logging on your SQS queue using the AWS CloudTrail Console or by using CloudTrail APIs.
Logging data event SQS APIs using AWS CloudTrail is now available in all commercial AWS Regions where Amazon SQS is available.
To learn more about logging SQS APIs using AWS CloudTrail, see AWS Documentation. For more information about CloudTrail, see the AWS CloudTrail User Guide.