How can I find out who consumed my Amazon SQS queue messages?

1 minute read
0

I want to know who polled my Amazon Simple Queue Service (Amazon SQS) queue. -or- I want to identify who consumed my Amazon SQS queue messages.

Resolution

It isn't possible to directly identify who consumes messages from Amazon SQS. However, client-side logging can provide some insight.

  • Review the Amazon SQS resource policy. It's a best practice to implement least-privilege access and to verify that SQS queues aren't publicly accessible. Restrict the SQS queue ReceiveMessage action to specific AWS Identity and Access Management (IAM) users or roles. For more information, see Amazon SQS security best practices.
  • Review all AWS Lambda function triggers for the SQS queue. If a Lambda function is configured with an active SQS event source, then it's possible that the Lambda function consumed the message.

To confirm who polled an SQS queue, contact AWS Support and provide a list of the following:

  • Message IDs
  • Request IDs
  • Corresponding sent and received timestamps

Related information

Logging Amazon SQS API calls using AWS CloudTrail

AWS OFFICIAL
AWS OFFICIALUpdated 3 years ago