Skip to main content

AWS SQS Integration with Orkes Conductor

To use the Event task or enable Change Data Capture (CDC) in Orkes Conductor, you must integrate your Conductor cluster with the necessary message brokers. This guide explains how to integrate AWS SQS with Orkes Conductor to publish and receive messages from queues. Here’s an overview:

  1. Get the required credentials from AWS SQS.
  2. Configure a new AWS SQS integration in Orkes Conductor.
  3. Set access limits to the message broker to govern which applications or groups can use them.

Step 1: Get the AWS SQS credentials

To integrate AWS SQS with Orkes Conductor, retrieve the following credentials from your AWS account:

Step 2: Add an integration for AWS SQS

After obtaining the credentials, add an AWS SQS integration to your Conductor cluster.

To create an AWS SQS integration:

  1. Go to Integrations from the left navigation menu on your Conductor cluster.
  2. Select + New integration.
  3. In the Message Broker section, choose AWS SQS.
  4. Select + Add and enter the following parameters:
ParametersDescriptionRequired / Optional
NameA name for the integration.Required.
Connection TypeThe connection type, depending upon how to establish the connection. Supported values:
  • Current Conductor Role–Use the current Conductor role to establish the connection.
  • Assume External Role–Assume a role belonging to another AWS account to establish the connection. Learn more.
  • Access Key/Secret–Establish the connection using the access key and secret.
Required.
RegionThe valid AWS region where the SQS is located. For example, us-east-1.Required.
Account IDThe AWS account ID.Optional.
Note: Use the Account ID if an ARN is not specified for the "Sink" in workflow definitions containing an Event task.
Role ARNThe Amazon Resource Name (ARN) to set up the connection in the format arn:aws:sqs:region:account-id:queue-name.Required if Connection Type is Assume External Role.
External IDThe external ID that will assume the role, if applicable. External ID is used in an IAM role trust policy to designate the person who will assume the role.Required if Connection Type is Assume External Role.
Access KeyThe access key of the AWS account.Required if Connection Type is Access Key/Secret.
Access SecretThe access secret of the AWS account.Required if Connection Type is Access Key/Secret.
DescriptionA description of the integration.Required.

Integration configuration for AWS SQS

Step 3: Set access limits to integration

Once the integration is configured, set access controls to manage which applications or groups can use the message broker.

To provide access to an application or group:

  1. Go to Access Control > Applications or Groups from the left navigation menu on your Conductor cluster.
  2. Create a new group/application or select an existing one.
  3. In the Permissions section, select + Add Permission.
  4. In the Integration tab, select the required message broker and toggle the necessary permissions.

Configuring RBAC for AWS SQS Integration

The group or application can now access the message broker according to the configured permissions.

Next steps

With the integration in place, you can now: