Forwarding to Amazon SQS
Prerequisites
To set up this integration you will need:
- An SQS queue
- An IAM user
- Permission for the user to write messages on the target queue
- Access Key for Sysdig to be authenticated as that IAM user
Create a New AWS IAM User
Creating a new IAM user is not required, but for security reasons, it is recommended. You will need to create an access key and an SQS queue.
Create or identify a target AWS IAM User you want to give Sysdig access to.
Creating a user is not required, but it is recommended for security reasons. See the AWS documentation to perform that. Finally, take note of the ARN for the IAM User (similar to
arn:aws:iam::12345:user/sysdig-efo-user
)Create an Access key for the user:
- Open the target IAM User.
- Create an access key, selecting “Third-party service” as the use case.
- Save the Access key and the Secret access key. You will need to input these later in the Sysdig UI. See the AWS documentation.
Create or identify a target SQS Queue.
See the AWS documentation for details.
Take note of the ARN for the SQS Queue (similar to
arn:aws:sqs:us-west-2:12345:sysdig-efo-queue
).Configure the Access Policy for the queue, allowing the target user to perform
SQS:SendMessage
,sqs:ListQueues
andsqs:GetQueueUrl
on that queue.Here is an example of the policy change:
{ "Version": "2012-10-17", "Id": "__default_policy_ID", "Statement": [ ...existing statements... { "Sid": "sysdig_efo_statement", "Effect": "Allow", "Principal": { "AWS": "arn:aws:iam::12345:user/sysdig-efo-user" }, "Action": [ "sqs:ListQueues", "sqs:GetQueueUrl", "sqs:SendMessage" ], "Resource": "arn:aws:sqs:us-west-2:12345:sysdig-efo-queue" } ] }
Configure a Standard Integration
- Log in to Sysdig Secure as Admin and go to Profile > Settings > Event Forwarding.
- Click +Add Integration and choose Amazon SQS from the drop-down.
- Configure the required options:
- Integration Name: Define an integration name
sysdig-efo-queue
- Access Key and Access Secret: Enter your AWS access key and secret.
- Token: Enter the AWS token used.
- Region: Enter the AWS region where you created you Amazon SQS
us-west-2
. - Delay Optional: Enter a value (in seconds) between 0 and 900 that a message delivery should be delayed.
- Metadata Optional: Set up to 10 10 key value headers with which the messages should be tagged. Entries can be string values.
- Queue: Enter your Amazon SQS queue name, not the full URL. For example:
sysdig-efo-queue
. - Data to Send: Select from the drop-down the types of Sysdig data that should be forwarded. The available list depends on the Sysdig features and products you have enabled.
- Toggle the enable switch as necessary. Remember that you will need to “Test Integration” with the button below before enabling the integration.
- Click Save.
Configure Agent Local Forwarding
Review the configuration steps and use the following parameters for this integration.
Type | Attribute | Required? | Type | Allowed values | Default | Description |
---|---|---|---|---|---|---|
SQS | accessKey | yes | string | Access Key for authenticating on AWS to send data on the queue | ||
SQS | accessSecret | yes | string | Access Secret for authenticating on AWS to send data on the queue | ||
SQS | token | no | string | Session token for authenticating on AWS to send data on the queue | ||
SQS | region | yes | string | Region in which the SQS queue is hosted | ||
SQS | queue | yes | string | SQS queue name | ||
SQS | delay | no | int | 0-900 | 0 | Delay, in seconds, applied to the data |
SQS | headers | no | sequence of mappings | Extra headers to add to the payload. Each header mapping requires 2 keys: “key” for the header key and “value” for its value |
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.