AWS SQS

Collect logs from AWS SQS

status: beta role: aggregator delivery: at-least-once acknowledgements: yes egress: stream state: stateless output: log
Page source Edit this page

Configuration

Example configurations 

{
  "sources": {
    "my_source_id": {
      "type": "aws_sqs",
      "queue_url": "https://sqs.us-east-2.amazonaws.com/123456789012/MyQueue"
    }
  }
}
[sources.my_source_id]
type = "aws_sqs"
queue_url = "https://sqs.us-east-2.amazonaws.com/123456789012/MyQueue"

---
sources:
  my_source_id:
    type: aws_sqs
    queue_url: https://sqs.us-east-2.amazonaws.com/123456789012/MyQueue

{
  "sources": {
    "my_source_id": {
      "type": "aws_sqs",
      "delete_message": true,
      "endpoint": "http://127.0.0.0:5000/path/to/service",
      "poll_secs": 15,
      "queue_url": "https://sqs.us-east-2.amazonaws.com/123456789012/MyQueue",
      "region": "us-east-1",
      "visibility_timeout_secs": 300
    }
  }
}
[sources.my_source_id]
type = "aws_sqs"
delete_message = true
endpoint = "http://127.0.0.0:5000/path/to/service"
poll_secs = 15
queue_url = "https://sqs.us-east-2.amazonaws.com/123456789012/MyQueue"
region = "us-east-1"
visibility_timeout_secs = 300

---
sources:
  my_source_id:
    type: aws_sqs
    delete_message: true
    endpoint: http://127.0.0.0:5000/path/to/service
    poll_secs: 15
    queue_url: https://sqs.us-east-2.amazonaws.com/123456789012/MyQueue
    region: us-east-1
    visibility_timeout_secs: 300

acknowledgements

optional object

Deprecated

This field is deprecated.

Controls how acknowledgements are handled by this source.

This setting is deprecated in favor of enabling acknowledgements at the global or sink level.

Enabling or disabling acknowledgements at the source level has no effect on acknowledgement behavior.

See End-to-end Acknowledgements for more information on how event acknowledgement is handled.

acknowledgements.enabled

optional bool
Whether or not end-to-end acknowledgements are enabled for this source.

auth

optional object
Configuration of the authentication strategy for interacting with AWS services.

auth.access_key_id

required string literal
The AWS access key ID.
Examples 
"AKIAIOSFODNN7EXAMPLE"

auth.assume_role

required string literal
The ARN of an IAM role to assume.
Examples 
"arn:aws:iam::123456789098:role/my_role"

auth.credentials_file

required string literal
Path to the credentials file.
Examples 
"/my/aws/credentials"

auth.imds

optional object
Configuration for authenticating with AWS through IMDS.
auth.imds.connect_timeout_seconds
optional uint
Connect timeout for IMDS.
default: 1 (seconds)
auth.imds.max_attempts
optional uint
Number of IMDS retries for fetching tokens and metadata.
default: 4
auth.imds.read_timeout_seconds
optional uint
Read timeout for IMDS.
default: 1 (seconds)

auth.load_timeout_secs

optional uint

Timeout for successfully loading any credentials, in seconds.

Relevant when the default credentials chain is used or assume_role.

Examples 
30

auth.profile

optional string literal

The credentials profile to use.

Used to select AWS credentials from a provided credentials file.

Examples 
"develop"
default: default

auth.region

optional string literal

The AWS region to send STS requests to.

If not set, this will default to the configured region for the service itself.

Examples 
"us-west-2"

auth.secret_access_key

required string literal
The AWS secret access key.
Examples 
"wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY"

client_concurrency

optional uint

Number of concurrent tasks to create for polling the queue for messages.

Defaults to the number of available CPUs on the system.

Should not typically need to be changed, but it can sometimes be beneficial to raise this value when there is a high rate of messages being pushed into the queue and the messages being fetched are small. In these cases, system resources may not be fully utilized without fetching more messages per second, as it spends more time fetching the messages than processing them.

decoding

optional object
Configures how events are decoded from raw bytes.

decoding.codec

optional string literal enum
The codec to use for decoding events.
Enum options
OptionDescription
bytesUses the raw bytes as-is.
gelfDecodes the raw bytes as a GELF message.
jsonDecodes the raw bytes as JSON.
native

Decodes the raw bytes as Vector’s native Protocol Buffers format.

This codec is experimental.

native_json

Decodes the raw bytes as Vector’s native JSON format.

This codec is experimental.

syslog

Decodes the raw bytes as a Syslog message.

Will decode either as the RFC 3164-style format (“old” style) or the more modern RFC 5424-style format (“new” style, includes structured data).

default: bytes

delete_message

optional bool

Whether to delete the message once it is processed.

It can be useful to set this to false for debugging or during the initial setup.

default: true

endpoint

optional string literal
Custom endpoint for use with AWS-compatible services.
Examples 
"http://127.0.0.0:5000/path/to/service"

framing

optional object

Framing configuration.

Framing deals with how events are separated when encoded in a raw byte form, where each event is a “frame” that must be prefixed, or delimited, in a way that marks where an event begins and ends within the byte stream.

framing.character_delimited

required object
Options for the character delimited decoder.
Relevant when: method = "character_delimited"
framing.character_delimited.delimiter
required uint
The character that delimits byte sequences.
framing.character_delimited.max_length
optional uint

The maximum length of the byte buffer.

This length does not include the trailing delimiter.

By default, there is no maximum length enforced. If events are malformed, this can lead to additional resource usage as events continue to be buffered in memory, and can potentially lead to memory exhaustion in extreme cases.

If there is a risk of processing malformed data, such as logs with user-controlled input, consider setting the maximum length to a reasonably large value as a safety net. This will ensure that processing is not truly unbounded.

framing.method

optional string literal enum
The framing method.
Enum options
OptionDescription
bytesByte frames are passed through as-is according to the underlying I/O boundaries (e.g. split between messages or stream segments).
character_delimitedByte frames which are delimited by a chosen character.
length_delimitedByte frames which are prefixed by an unsigned big-endian 32-bit integer indicating the length.
newline_delimitedByte frames which are delimited by a newline character.
octet_countingByte frames according to the octet counting format.
default: bytes

framing.newline_delimited

optional object
Options for the newline delimited decoder.
Relevant when: method = "newline_delimited"
framing.newline_delimited.max_length
optional uint

The maximum length of the byte buffer.

This length does not include the trailing delimiter.

By default, there is no maximum length enforced. If events are malformed, this can lead to additional resource usage as events continue to be buffered in memory, and can potentially lead to memory exhaustion in extreme cases.

If there is a risk of processing malformed data, such as logs with user-controlled input, consider setting the maximum length to a reasonably large value as a safety net. This will ensure that processing is not truly unbounded.

framing.octet_counting

optional object
Options for the octet counting decoder.
Relevant when: method = "octet_counting"
framing.octet_counting.max_length
optional uint
The maximum length of the byte buffer.

poll_secs

optional uint

How long to wait while polling the queue for new messages, in seconds.

Generally should not be changed unless instructed to do so, as if messages are available, they will always be consumed, regardless of the value of poll_secs.

default: 15 (seconds)

proxy

optional object

Proxy configuration.

Configure to proxy traffic through an HTTP(S) proxy when making external requests.

Similar to common proxy configuration convention, users can set different proxies to use based on the type of traffic being proxied, as well as set specific hosts that should not be proxied.

proxy.enabled

optional bool
Enables proxying support.
default: true

proxy.http

optional string literal

Proxy endpoint to use when proxying HTTP traffic.

Must be a valid URI string.

Examples 
"http://foo.bar:3128"

proxy.https

optional string literal

Proxy endpoint to use when proxying HTTPS traffic.

Must be a valid URI string.

Examples 
"http://foo.bar:3128"

proxy.no_proxy

optional [string]

A list of hosts to avoid proxying.

Multiple patterns are allowed:

PatternExample match
Domain namesexample.com matches requests to example.com
Wildcard domains.example.com matches requests to example.com and its subdomains
IP addresses127.0.0.1 matches requests to 127.0.0.1
CIDR blocks192.168.0.0/16 matches requests to any IP addresses in this range
Splat* matches all hosts

queue_url

required string literal
The URL of the SQS queue to poll for messages.
Examples 
"https://sqs.us-east-2.amazonaws.com/123456789012/MyQueue"

region

optional string literal
The AWS region of the target service.
Examples 
"us-east-1"

tls

optional object
TLS configuration.

tls.alpn_protocols

optional [string]

Sets the list of supported ALPN protocols.

Declare the supported ALPN protocols, which are used during negotiation with peer. Prioritized in the order they are defined.

tls.ca_file

optional string literal

Absolute path to an additional CA certificate file.

The certificate must be in the DER or PEM (X.509) format. Additionally, the certificate can be provided as an inline string in PEM format.

Examples 
"/path/to/certificate_authority.crt"

tls.crt_file

optional string literal

Absolute path to a certificate file used to identify this server.

The certificate must be in DER, PEM (X.509), or PKCS#12 format. Additionally, the certificate can be provided as an inline string in PEM format.

If this is set, and is not a PKCS#12 archive, key_file must also be set.

Examples 
"/path/to/host_certificate.crt"

tls.key_file

optional string literal

Absolute path to a private key file used to identify this server.

The key must be in DER or PEM (PKCS#8) format. Additionally, the key can be provided as an inline string in PEM format.

Examples 
"/path/to/host_certificate.key"

tls.key_pass

optional string literal

Passphrase used to unlock the encrypted key file.

This has no effect unless key_file is set.

Examples 
"${KEY_PASS_ENV_VAR}"
"PassWord1"

tls.verify_certificate

optional bool

Enables certificate verification.

If enabled, certificates must be valid in terms of not being expired, as well as being issued by a trusted issuer. This verification operates in a hierarchical manner, checking that not only the leaf certificate (the certificate presented by the client/server) is valid, but also that the issuer of that certificate is valid, and so on until reaching a root certificate.

Relevant for both incoming and outgoing connections.

Do NOT set this to false unless you understand the risks of not verifying the validity of certificates.

tls.verify_hostname

optional bool

Enables hostname verification.

If enabled, the hostname used to connect to the remote host must be present in the TLS certificate presented by the remote host, either as the Common Name or as an entry in the Subject Alternative Name extension.

Only relevant for outgoing connections.

Do NOT set this to false unless you understand the risks of not verifying the remote hostname.

visibility_timeout_secs

optional uint

The visibility timeout to use for messages, in seconds.

This controls how long a message is left unavailable after it is received. If a message is received, and takes longer than visibility_timeout_secs to process and delete the message from the queue, it is made available again for another consumer.

This can happen if there is an issue between consuming a message and deleting it.

default: 300 (seconds)

Environment variables

AWS_ACCESS_KEY_ID

common optional string literal
The AWS access key id. Used for AWS authentication when communicating with AWS services.
Examples
AKIAIOSFODNN7EXAMPLE

AWS_CONFIG_FILE

common optional string literal
Specifies the location of the file that the AWS CLI uses to store configuration profiles.
Default: ~/.aws/config

AWS_DEFAULT_REGION

common optional string literal
The default AWS region.
Examples
/path/to/credentials.json

AWS_PROFILE

common optional string literal
Specifies the name of the CLI profile with the credentials and options to use. This can be the name of a profile stored in a credentials or config file.
Default: default
Examples
my-custom-profile

AWS_ROLE_SESSION_NAME

common optional string literal
Specifies a name to associate with the role session. This value appears in CloudTrail logs for commands performed by the user of this profile.
Examples
vector-session

AWS_SECRET_ACCESS_KEY

common optional string literal
The AWS secret access key. Used for AWS authentication when communicating with AWS services.
Examples
wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY

AWS_SESSION_TOKEN

common optional string literal
The AWS session token. Used for AWS authentication when communicating with AWS services.
Examples
AQoEXAMPLEH4aoAH0gNCAPy...truncated...zrkuWJOgQs8IZZaIv2BXIa2R4Olgk

AWS_SHARED_CREDENTIALS_FILE

common optional string literal
Specifies the location of the file that the AWS CLI uses to store access keys.
Default: ~/.aws/credentials

HTTPS_PROXY

common optional string literal

The global URL to proxy HTTPS requests through.

If another HTTPS proxy is set in the configuration file or at a component level, this one will be overridden.

The lowercase variant has priority over the uppercase one.

Examples
http://foo.bar:3128

HTTP_PROXY

common optional string literal

The global URL to proxy HTTP requests through.

If another HTTP proxy is set in the configuration file or at a component level, this one will be overridden.

The lowercase variant has priority over the uppercase one.

Examples
http://foo.bar:3128

NO_PROXY

common optional string literal

List of hosts to avoid proxying globally.

Allowed patterns here include:

PatternExample match
Domain namesexample.com matches requests to example.com
Wildcard domains.example.come matches requests to example.com and its subdomains
IP addresses127.0.0.1 matches requests to 127.0.0.1
CIDR blocks192.168.0.0./16 matches requests to any IP addresses in this range
Splat* matches all hosts

If another no_proxy value is set in the configuration file or at a component level, this one is overridden.

The lowercase variant has priority over the uppercase one.

Examples
localhost,.example.com,192.168.0.0./16
*

http_proxy

common optional string literal

The global URL to proxy HTTP requests through.

If another HTTP proxy is set in the configuration file or at a component level, this one will be overridden.

The lowercase variant has priority over the uppercase one.

Examples
http://foo.bar:3128

https_proxy

common optional string literal

The global URL to proxy HTTPS requests through.

If another HTTPS proxy is set in the configuration file or at a component level, this one will be overridden.

The lowercase variant has priority over the uppercase one.

Examples
http://foo.bar:3128

no_proxy

common optional string literal

List of hosts to avoid proxying globally.

Allowed patterns here include:

PatternExample match
Domain namesexample.com matches requests to example.com
Wildcard domains.example.come matches requests to example.com and its subdomains
IP addresses127.0.0.1 matches requests to 127.0.0.1
CIDR blocks192.168.0.0./16 matches requests to any IP addresses in this range
Splat* matches all hosts

If another no_proxy value is set in the configuration file or at a component level, this one is overridden.

The lowercase variant has priority over the uppercase one.

Examples
localhost,.example.com,192.168.0.0./16
*

Outputs

<component_id>

Default output stream of the component. Use this component’s ID as an input to downstream transforms and sinks.

Output Data

Logs

Record

An individual SQS record
Fields
message required string literal
The raw message from the SQS record.
Examples
53.126.150.246 - - [01/Oct/2020:11:25:58 -0400] "GET /disintermediate HTTP/2.0" 401 20308
source_type required string literal
The name of the source type.
Examples
aws_sqs
timestamp required timestamp
The time this message was sent to SQS.
Examples
2020-10-10T17:07:36.452332Z

Telemetry

Metrics

link

component_received_bytes_total

counter
The number of raw bytes accepted by this component from source origins.
component_id
The Vector component ID.
component_kind
The Vector component kind.
component_name
Deprecated, use component_id instead. The value is the same as component_id.
component_type
The Vector component type.
container_name optional
The name of the container from which the data originated.
file optional
The file from which the data originated.
host optional
The hostname of the system Vector is running on.
mode optional
The connection mode used by the component.
peer_addr optional
The IP from which the data originated.
peer_path optional
The pathname from which the data originated.
pid optional
The process ID of the Vector instance.
pod_name optional
The name of the pod from which the data originated.
uri optional
The sanitized URI from which the data originated.

component_received_event_bytes_total

counter
The number of event bytes accepted by this component either from tagged origins like file and uri, or cumulatively from other origins.
component_id
The Vector component ID.
component_kind
The Vector component kind.
component_name
Deprecated, use component_id instead. The value is the same as component_id.
component_type
The Vector component type.
container_name optional
The name of the container from which the data originated.
file optional
The file from which the data originated.
host optional
The hostname of the system Vector is running on.
mode optional
The connection mode used by the component.
peer_addr optional
The IP from which the data originated.
peer_path optional
The pathname from which the data originated.
pid optional
The process ID of the Vector instance.
pod_name optional
The name of the pod from which the data originated.
uri optional
The sanitized URI from which the data originated.

component_received_events_total

counter
The number of events accepted by this component either from tagged origins like file and uri, or cumulatively from other origins.
component_id
The Vector component ID.
component_kind
The Vector component kind.
component_name
Deprecated, use component_id instead. The value is the same as component_id.
component_type
The Vector component type.
container_name optional
The name of the container from which the data originated.
file optional
The file from which the data originated.
host optional
The hostname of the system Vector is running on.
mode optional
The connection mode used by the component.
peer_addr optional
The IP from which the data originated.
peer_path optional
The pathname from which the data originated.
pid optional
The process ID of the Vector instance.
pod_name optional
The name of the pod from which the data originated.
uri optional
The sanitized URI from which the data originated.

component_sent_event_bytes_total

counter
The total number of event bytes emitted by this component.
component_id
The Vector component ID.
component_kind
The Vector component kind.
component_name
Deprecated, use component_id instead. The value is the same as component_id.
component_type
The Vector component type.
host optional
The hostname of the system Vector is running on.
output optional
The specific output of the component.
pid optional
The process ID of the Vector instance.

component_sent_events_total

counter
The total number of events emitted by this component.
component_id
The Vector component ID.
component_kind
The Vector component kind.
component_name
Deprecated, use component_id instead. The value is the same as component_id.
component_type
The Vector component type.
host optional
The hostname of the system Vector is running on.
output optional
The specific output of the component.
pid optional
The process ID of the Vector instance.

events_out_total

counter
The total number of events emitted by this component. This metric is deprecated and will be removed in a future version. Use component_sent_events_total instead.
component_id
The Vector component ID.
component_kind
The Vector component kind.
component_name
Deprecated, use component_id instead. The value is the same as component_id.
component_type
The Vector component type.
host optional
The hostname of the system Vector is running on.
output optional
The specific output of the component.
pid optional
The process ID of the Vector instance.

source_lag_time_seconds

histogram
The difference between the timestamp recorded in each event and the time when it was ingested, expressed as fractional seconds.
component_id
The Vector component ID.
component_kind
The Vector component kind.
component_name
Deprecated, use component_id instead. The value is the same as component_id.
component_type
The Vector component type.
host optional
The hostname of the system Vector is running on.
pid optional
The process ID of the Vector instance.

sqs_message_delete_failed_total

counter
The total number of failures to delete SQS messages.
component_id
The Vector component ID.
component_kind
The Vector component kind.
component_name
Deprecated, use component_id instead. The value is the same as component_id.
component_type
The Vector component type.
host optional
The hostname of the system Vector is running on.
pid optional
The process ID of the Vector instance.

How it works

AWS authentication

Vector checks for AWS credentials in the following order:

  1. The auth.access_key_id and auth.secret_access_key options.
  2. The AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables.
  3. The AWS credentials file (usually located at ~/.aws/credentials).
  4. The IAM instance profile (only works if running on an EC2 instance with an instance profile/role). Requires IMDSv2 to be enabled. For EKS, you may need to increase the metadata token response hop limit to 2.

If no credentials are found, Vector’s health check fails and an error is logged. If your AWS credentials expire, Vector will automatically search for up-to-date credentials in the places (and order) described above.

Obtaining an access key

In general, we recommend using instance profiles/roles whenever possible. In cases where this is not possible you can generate an AWS access key for any user within your AWS account. AWS provides a detailed guide on how to do this. Such created AWS access keys can be used via auth.access_key_id and auth.secret_access_key options.

Assuming roles

Vector can assume an AWS IAM role via the auth.assume_role option. This is an optional setting that is helpful for a variety of use cases, such as cross account access.

AWS SQS

The aws_sqs source receives messages from AWS SQS (Simple Queue Service). This is a highly scalable / durable queueing system with at-least-once queuing semantics. Messages are received in batches (up to 10 at a time), and then deleted in batches (again up to 10). Messages are either deleted immediately after receiving, or after it has been fully processed by the sinks, depending on the acknowledgements setting.

Context

By default, the aws_sqs source augments events with helpful context keys.

State

This component is stateless, meaning its behavior is consistent across each input.

Transport Layer Security (TLS)

Vector uses OpenSSL for TLS protocols. You can adjust TLS behavior via the tls.* options.
Sidebar