About the connector
Amazon Simple Queue Service (SQS) is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.
This document provides information about the AWS SQS connector, which facilitates automated interactions, with a AWS SQS server using FortiSOAR™ playbooks. Add the AWS SQS connector as a step in FortiSOAR™ playbooks and perform automated operations such as, sending and receiving messages, and creating, updating, and deleting message queues.
Version information
Connector Version: 1.0.0
FortiSOAR™ Version Tested on: 4.11.0-1161
AWS SQS Version Tested on: 2
Authored By: Fortinet
Certified: Yes
Installing the connector
All connectors provided by FortiSOAR™ are delivered using a FortiSOAR™ repository. Therefore, you must set up your FortiSOAR™ repository and use the yum command to install connectors:
yum install cyops-connector-aws-sqs
For the detailed procedure to install a connector, click here.
Prerequisites to configuring the connector
- You must know the AWS region of your account that you use to access the AWS services and have the AWS access key ID and the AWS secret access key to access AWS services.
- To access the FortiSOAR™ UI, ensure that port 443 is open through the firewall for the FortiSOAR™ instance.
Configuring the connector
For the procedure to configure a connector, click here.
Configuration parameters
In FortiSOAR™, on the Connectors page, click the AWS SQS connector row, and in the Configuration tab enter the required configuration details.
| Parameter |
Description |
| AWS Region |
AWS region of your account that you use to access the AWS services. |
| AWS Access Key ID |
ID of the AWS Access Key to access AWS services. |
| AWS Secret Access Key |
Key of the AWS Secret Access to access AWS services. |
| Verify SSL |
Specifies whether the SSL certificate for the server is to be verified or not.
By default, this option is set as True. |
Actions supported by the connector
The following automated operations can be included in playbooks, and you can also use the annotations to access operations from FortiSOAR™ release 4.10.0 onwards:
| Function |
Description |
Annotation and Category |
| Create Queue |
Creates a new FIFO, or standard, message queue based on the inputs parameters you have specified, in your AWS account. |
create_queue
Investigation |
| Get List of Queues |
Retrieves a list and details of all queues (or a list of queues based on the queue name prefix you have specified) associated with your AWS account. |
list_queues
Investigation |
| Get Queue Attributes |
Retrieves attributes for a queue that you have specified, from your AWS account. |
get_queue_attributes
Investigation |
| Get Queue URL |
Retrieves the URL for an existing queue that you have specified, from your AWS account. |
get_queue_url
Investigation |
| Get Dead-Letter Queues |
Retrieves a list and details of queues from your AWS account that have the Redrive Policy queue attribute configured with a dead-letter queue. |
list_dead_letter_source_queues
Investigation |
| Get Queue Tags |
Retrieves a list all cost allocation tags added to the Amazon SQS queue that you have specified. |
list_queue_tags
Investigation |
| Add Permission to Queue |
Adds a permission to an existing queue for a principal that you have specified in your AWS account. |
add_permission
Containment |
| Send Message |
Delivers a message to a queue that you have specified in your AWS account. |
send_message
Containment |
| Receive Message |
Retrieves one or more messages (up to 10 messages) from a specified queue in your AWS account. |
purge_queue
Investigation |
| Update Queue |
Updates a FIFO, or standard, message queue based on the inputs parameters you have specified, in your AWS account. |
update_queue
Containment |
| Add Tag to Queue |
Adds a cost allocation tag to the Amazon SQS queue that you have specified. |
add_tag_queue
Investigation |
| Remove Tag to Queue |
Removes a cost allocation tag from the Amazon SQS queue that you have specified. |
untag_queue
Investigation |
| Delete Message |
Deletes a message from the queue, based on the input parameters that you have specified from your AWS account. |
delete_message
Investigation |
| Delete Queue |
Deletes the queue that you have specified from your AWS account. |
delete_queue
Investigation |
| Purge Queue |
Deletes all the messages from the queue that you have specified in your AWS account. |
purge_queue
Investigation |
| Add Permission to Queue |
Revokes any permissions in the queue policy that matches the Label parameter that you have specified from your AWS account. |
remove_permission
Containment |
operation: Create Queue
Input parameters
| Parameter |
Description |
| Queue Name |
Name of the new queue that you want to create in your AWS account.
A queue name can have up to 80 characters. Valid values include: alphanumeric characters, hyphens (-), and underscores (_). A FIFO queue name must end with the .fifo suffix. Queue names are case-sensitive. |
| Delay Duration (Seconds) |
(Optional) Wait time (in seconds) for which the delivery of all messages in the queue will be delayed.
Valid range is 0 - 900 seconds. |
| Maximum Message Size |
(Optional) Maximum limit (in bytes) a message to this queue can contain, after which Amazon SQS will reject the message.
Valid range is 1,024 - 262,144 bytes. |
| Message Retention Period |
(Optional) Wait time (in seconds) for which Amazon SQS retains a message.
Valid range is 60 - 1,209,600 seconds. |
| Policy |
(Optional) Name of the AWS Policy with which this newly created queue will be associated. |
| Message Sync Timeout |
(Optional) Wait time (in seconds) that Amazon SQS waits for a message to arrive or to synchronize messages.
Valid range is 0 - 20 seconds. |
| Visibility Timeout |
(Optional) Visibility timeout for the newly created queue.
Valid range is 0 - 43,200 seconds. |
| KmsMaster Key ID |
(Optional) ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK. |
| Kms Data Key Reuse Period Seconds |
(Optional) Time (in seconds) for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. For information on data keys, see AWS documentation.
Valid range is 60 - 86,400 seconds. |
| Create Queue as a FIFO |
If selected, then the new queue created is designated as a FIFO queue. If you select this option, then you must also specify the Message Group ID.
By default, this is set to False. |
| Content Based Deduplication |
If selected, then content-based deduplication is enabled.
By default, this is set to False. |
Output
The JSON output contains the status of whether or not the queue is created in your AWS account and the URL of the newly created queue.
Following image displays a sample output:
operation: Get List of Queues
Input parameters
| Parameter |
Description |
| Queue Name Prefix |
(Optional) Queue name prefix based on which you want to return a list of queues from your AWS account.
If you do not specify this value, then this operation will return the list of all queues associated with your AWS account. |
Output
The JSON output contains a list and details of all queues (or a list of queues based on the queue name prefix you have specified) associated with your AWS account.
Following image displays a sample output:
operation: Get Queue Attributes
Input parameters
| Parameter |
Description |
| Queue URL |
URL of the queue based on which you want to return a list of attributes for the specified queue from your AWS account. |
Output
The JSON output contains a list and details of all attributes, based on the queue URL you have specified, retrieved from your AWS account.
Following image displays a sample output:
operation: Get Queue URL
Input parameters
| Parameter |
Description |
| Queue Name |
Name of the queue based on which you want to return the URL of the specified queue from your AWS account. |
| AWS Account ID of Queue Owner |
(Optional) Owner ID of the queue based on which you want to return the URL of the specified queue from your AWS account. |
Output
The JSON output contains the URL of the queue you have specified retrieved from your AWS account.
Following image displays a sample output:
operation: Get Dead-Letter Queues
Input parameters
| Parameter |
Description |
| Queue URL |
URL of the queue based on which you want to return details of dead-letter queues from your AWS account. |
Output
The JSON output contains a list and details of dead-letter queues, based on the queue URL you have specified, retrieved from your AWS account.
Following image displays a sample output:
operation: Get Queue Tags
Input parameters
| Parameter |
Description |
| Queue URL |
URL of the queue based on which you want to return details of queue tags from your AWS account. |
Output
The JSON output contains a list and details of all queue tags, associated with the queue URL you have specified, retrieved from your AWS account.
Following image displays a sample output:
operation: Add Permission to Queue
Input parameters
| Parameter |
Description |
| Queue URL |
URL of the queue in your AWS account to which you want add permissions. |
| Label |
Unique identification of the permission you want to set for the specified queue. |
| AWS Account IDs |
AWS account number of the principal to whom you want to assign permission. |
| Actions |
Actions that you want to allow the principal to perform. |
Output
The JSON output contains the status of whether or not the specified permissions have been added to the specified queue.
Following image displays a sample output:
operation: Send Message
Input parameters
| Parameter |
Description |
| Queue URL |
URL of the queue in your AWS account from which you want to send the message. |
| Message Body |
Content of the message that you want to send. |
| Message Group ID/Name |
Message Group ID/Name is a tag that specifies that a message belongs to a specific message group. |
| Message Deduplication ID/Name |
Message Deduplication ID/Name is the token that is used for deduplication of sent messages.
Note: Message deduplication applies to the entire queue, and not to individual message groups. |
Output
The JSON output contains the status of whether or not the message has been sent from the specified queue in your AWS account.
Following image displays a sample output:
operation: Receive Message
Input parameters
| Parameter |
Description |
| Queue URL |
URL of the queue in your AWS account from which you want retrieve messages. |
Output
The JSON output contains a list and details of all messages that are received by the specified queue in your AWS account.
Following image displays a sample output:
operation: Update Queue
Input parameters
| Parameter |
Description |
| Queue URL |
URL of the queue in your AWS account whose information you want to update. |
| Delay Duration (Seconds) |
(Optional) Wait time (in seconds) for which the delivery of all messages in the queue will be delayed.
Valid range is 0 - 900 seconds. |
| Maximum Message Size |
(Optional) Maximum limit (in bytes) a message to this queue can contain, after which Amazon SQS will reject the message.
Valid range is 1,024 - 262,144 bytes. |
| Message Retention Period |
(Optional) Wait time (in seconds) for which Amazon SQS retains a message.
Valid range is 60 - 1,209,600 seconds. |
| Policy |
(Optional) Name of the AWS Policy with which this newly created queue will be associated. |
| Message Sync Timeout |
(Optional) Wait time (in seconds) that Amazon SQS waits for a message to arrive or to synchronize messages.
Valid range is 0 - 20 seconds. |
| Visibility Timeout |
(Optional) Visibility timeout for the newly created queue.
Valid range is 0 - 43,200 seconds. |
| KmsMaster Key ID |
(Optional) ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK. |
| Kms Data Key Reuse Period Seconds |
(Optional) Time (in seconds) for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. For information on data keys, see AWS documentation.
Valid range is 60 - 86,400 seconds. |
Output
The JSON output contains the status of whether or not the queue is updated in your AWS account.
Following image displays a sample output:
operation: Add Tag to Queue
Input parameters
| Parameter |
Description |
| Queue URL |
URL of the queue in your AWS account in which you want to add the tag. |
| Tag Key |
Key of the tag to be added to the specified queue. |
| Tag Value |
Value of the tag to be added for the given tag key. |
Output
The JSON output contains the status of whether or not the tag has been added to the specified queue in your AWS account.
Following image displays a sample output:
operation: Remove Tag from Queue
Input parameters
| Parameter |
Description |
| Queue URL |
URL of the queue in your AWS account from which you want to remove the tag. |
| Tag Key |
Key of the tag to be removed from the specified queue. |
| Tag Value |
Value of the tag to be added for the given tag key. |
Output
The JSON output contains the status of whether or not the tag has been removed from the specified queue in your AWS account.
Following image displays a sample output:
operation: Delete Message
Input parameters
| Parameter |
Description |
| Queue URL |
URL of the queue in your AWS account from which you want to delete the specific message. |
| Receipt Handle |
Receipt handle associated with the message to be deleted. |
Output
The JSON output contains the status of whether or not the message has been deleted from the specified queue in your AWS account.
Following image displays a sample output:
operation: Delete Queue
Input parameters
| Parameter |
Description |
| Queue URL |
URL of the queue that you want to delete from your AWS account. |
Output
The JSON output contains the status of whether or not the queue has been deleted from your AWS account.
Following image displays a sample output:
operation: Purge Queue
Input parameters
| Parameter |
Description |
| Queue URL |
URL of the queue, in your AWS account, from which you want to delete all messages. |
Output
The JSON output contains the status of whether or not the specified queue, in your AWS account, has been purged.
Following image displays a sample output:
operation: Remove Permission
Input parameters
| Parameter |
Description |
| Queue URL |
URL of the queue, in your AWS account, for which you want to remove permission. |
| Label |
Unique identification of the permission you want to remove from the specified queue. |
Output
The JSON output contains the status of whether or not the specified permissions have been removed from the specified queue.
Following image displays a sample output:
Included playbooks
The Sample - AWS SQS - 1.0.0 playbook collection comes bundled with the AWS SQS connector. This playbook contains steps using which you can perform all supported actions. You can see the bundled playbooks in the Automation > Playbooks section in FortiSOAR™ after importing the AWS SQS connector.
- Add Permission to Queue
- Add Tag to Queue
- Create Queue
- Delete Message
- Delete Queue
- Get Dead_Letter Queues
- Get List of Queues
- Get Queue Attributes
- Get Queue Tags
- Get Queue URL
- Purge Queue
- Receive Message
- Remove Permission
- Remove Tag from Queue
- Send Message
- Update Queue
Note: If you are planning to use any of the sample playbooks in your environment, ensure that you clone those playbooks and move them to a different collection since the sample playbook collection gets deleted during connector upgrade and delete.
