BT

Facilitating the Spread of Knowledge and Innovation in Professional Software Development

Write for InfoQ

Topics

Choose your language

InfoQ Homepage News Amazon Updates SQS to Support Amazon VPC Endpoints Using AWS PrivateLink

Amazon Updates SQS to Support Amazon VPC Endpoints Using AWS PrivateLink

Leia em Português

This item in japanese

Bookmarks

Amazon announced last month that its fully managed message queuing service Simple Queue Service (SQS) supports Virtual Private Cloud (VPC) Endpoints using AWS PrivateLink. This enables customers to implement private access to SQS, and not have to use public IPs and traverse the public internet.

The support for VPC Endpoint is the latest update for SQS after it received several others in 2018, such as the ability to trigger an AWS Lambda function with an SQS message. In an AWS Cloud Cover article on TechTarget, Trevor Jones wrote:

The Amazon SQS update, in particular, is a "meat and potato" item that's more important to some users than flashier services that debuted at re:Invent.

Amazon powers the VPC endpoints for SQS through AWS PrivateLink, a highly available, scalable technology that enables customers to connect their VPC to supported AWS services privately. Already various services in AWS are accessible by VPC Endpoint powered PrivateLink such as Amazon CloudWatch, Amazon Kinesis Data Streams, and Amazon API Gateway reported by InfoQ earlier in June 2018.

With AWS PrivateLink customers can access the SQS service without sharing their VPC with the public internet. Moreover, the VPC endpoints provide reliable connectivity to Amazon SQS without requiring an internet gateway, Network Address Translation (NAT) instance, VPN connection, or AWS Direct Connect connection. Furthermore, the data between the customers Amazon VPC and SQS queue is transferred within the Amazon network - thus protected from traversing the public internet.

To connect an Amazon VPC to SQS, a user must first define an interface VPC endpoint using the Amazon VPC Console, AWS CLI, AWS Tools for Windows PowerShell or API. During the creation, the user selects the intended VPC and can configure subnets (availability zones) in which to create the endpoint network interfaces and security groups to associate with those interfaces. Once the endpoint is available, the VPC can connect to AWS SQS. Finally, the user can start sending messages from the VPC to an SQS queue


Other queuing services provided by other public cloud providers, such as Microsoft Azure Service Bus and Google Cloud Pub/Sub, have similar support for private access. By providing VNET support for the Service Bus Microsoft allows only access to queues through the authorized virtual network(s). Furthermore, Google offers private access through a Virtual Private Cloud Network

More information about pricing and availability of VPC endpoints is available on the AWS PrivateLink pricing page.

Rate this Article

Adoption
Style

BT