Posted On: Nov 20, 2023

Today, Amazon Simple Queue Service (SQS) announces support for logging data event SQS APIs using Amazon CloudTrail, enabling customers to have greater visibility into SQS activity in their Amazon Web Services account for best practices in security and operational troubleshooting. Amazon SQS is a fully managed message queuing service that enables you to decouple and scale microservices, distributed systems, and serverless applications.

CloudTrail captures API activities related to Amazon SQS queues as events, including calls from the Amazon SQS console and code calls from Amazon SQS APIs. Using the information that CloudTrail collects, you can identify a specific request to an Amazon SQS API, the IP address of the requester, the requester's identity, and the date and time of the request. Logging SQS APIs using CloudTrail helps you enable operational and risk auditing, governance, and compliance of your Amazon Web Services account. SQS APIs that are now supported for CloudTrail logging are:

           o ChangeMessageVisibility
           o ChangeMessageVisibilityBatch
           o DeleteMessage
           o DeleteMessageBatch
           o ReceiveMessage
           o SendMessage
           o SendMessageBatch

To opt-in for CloudTrail logging of the above mentioned data event SQS APIs, you can simply configure logging on your SQS queue using the Amazon CloudTrail Console or by using CloudTrail APIs.

Logging data event SQS APIs using Amazon CloudTrail is now available in both Amazon Web Services China (Beijing) Region, operated by Sinnet and Amazon Web Services China (Ningxia) Region, operated by NWCD.

To learn more about logging SQS APIs using Amazon CloudTrail, see Documentation. For more information about CloudTrail, see the Amazon CloudTrail User Guide.