AWS SQS Integration with Orkes Conductor

To use the Event task, Event Handler, or enable Change Data Capture (CDC) in Orkes Conductor, you must integrate your Conductor cluster with the necessary message brokers. This guide explains how to integrate AWS SQS with Orkes Conductor to publish and receive messages from queues. Here’s an overview:

1. Get the required credentials from AWS SQS.
2. Configure a new AWS SQS integration in Orkes Conductor.
3. Set access limits to the message broker to govern which applications or groups can use them.

Step 1: Get the AWS SQS credentials

To integrate AWS SQS with Orkes Conductor, retrieve the following credentials from your AWS account:

• AWS account ID and region
• (If assuming a role from another AWS account) Amazon Resource Name (ARN) and External ID
• (If the connection is established using the access key and secret from the AWS account) Access key and secret from AWS account.

Step 2: Add an integration for AWS SQS

After obtaining the credentials, add an AWS SQS integration to your Conductor cluster.

To create an AWS SQS integration:

1. Go to Integrations from the left navigation menu on your Conductor cluster.
2. Select + New integration.
3. In the Message Broker section, choose AWS SQS.
4. Select + Add and enter the following parameters:

Parameters	Description	Required / Optional
Name	A name for the integration.	Required.
Connection Type	The connection type, depending upon how to establish the connection. Supported values: Current Conductor Role–Use the current Conductor role to establish the connection. Assume External Role–Assume a role belonging to another AWS account to establish the connection. Learn more. Access Key/Secret–Establish the connection using the access key and secret.	Required.
Region	The valid AWS region where the SQS is located. For example, us-east-1.	Required.
Account ID	The AWS account ID.	Optional. Note: Use the Account ID if an ARN is not specified for the "Sink" in workflow definitions containing an Event task.
Role ARN	The Amazon Resource Name (ARN) to set up the connection in the format arn:aws:sqs:region:account-id:queue-name.	Required if Connection Type is Assume External Role.
External ID	The external ID that will assume the role, if applicable. External ID is used in an IAM role trust policy to designate the person who will assume the role.	Required if Connection Type is Assume External Role.
Access Key	The access key of the AWS account.	Required if Connection Type is Access Key/Secret.
Access Secret	The access secret of the AWS account.	Required if Connection Type is Access Key/Secret.
Description	A description of the integration.	Required.

5. (Optional) Toggle the Active button off if you don’t want to activate the integration instantly.
6. Select Save.

Step 3: Set access limits to integration

Once the integration is configured, set access controls to manage which applications or groups can use the message broker.

To provide access to an application or group:

1. Go to Access Control > Applications or Groups from the left navigation menu on your Conductor cluster.
2. Create a new group/application or select an existing one.
3. In the Permissions section, select + Add Permission.
4. In the Integration tab, select the required message broker and toggle the necessary permissions.

The group or application can now access the message broker according to the configured permissions.

Next steps

With the integration in place, you can now:

• Create Event Handlers.
• Configure Event tasks.
• Enable Change Data Capture (CDC) to send workflow state changes to message brokers.