AWS SQS

Push events to Amazon SQS queues with IAM SigV4 authentication.

The aws_sqs provider pushes events into an Amazon SQS queue. Each event becomes an SQS message whose body is the event payload — standard and FIFO queues are both supported.

When to use this: you want queued, at-least-once processing downstream (Lambda consumers, ECS workers, Step Functions), or you need FIFO ordering on a per-key basis.

SigV4 signing runs entirely on crypto.subtle — no AWS SDK is bundled into the Worker. This keeps the delivery path fast and deploy artifacts small.

Configuration

queue_url string required

Full SQS queue URL, e.g. https://sqs.us-east-1.amazonaws.com/123456789/my-queue.

region string required

AWS region, e.g. us-east-1. Must match the queue's region.

access_key_id string required

IAM access key ID with sqs:SendMessage permission.

secret_access_key string required

IAM secret access key. Stored encrypted and masked in GET responses (only the last 4 characters are shown).

message_group_id string

For FIFO queues only. Sets MessageGroupId on every message and auto-generates MessageDeduplicationId from the event ID.

Authentication

Create an IAM user with an inline policy granting sqs:SendMessage on the target queue ARN, generate an access key, and paste both values into the config.

json
{
  "Version": "2012-10-17",
  "Statement": [{
    "Effect": "Allow",
    "Action": "sqs:SendMessage",
    "Resource": "arn:aws:sqs:us-east-1:123456789:my-queue"
  }]
}

Example

bash
curl -X POST https://hookstream.io/v1/destinations \
  -H "X-API-Key: $HOOKSTREAM_API_KEY" \
  -H "Content-Type: application/json" \
  -d '{
    "name": "Order Queue",
    "type": "aws_sqs",
    "config": {
      "queue_url": "https://sqs.us-east-1.amazonaws.com/123456789/my-queue",
      "region": "us-east-1",
      "access_key_id": "AKIA...",
      "secret_access_key": "wJal..."
    }
  }'

Gotchas

SQS rejects messages to FIFO queues without a MessageGroupId. Set message_group_id in the config, and hookstream will auto-generate deduplication IDs from event IDs.

Create a dedicated IAM user scoped only to sqs:SendMessage on the target queue ARN. Don't reuse broader credentials.

SQS caps message size at 256 KB. Larger events will fail delivery — use the AWS S3 provider for heavy payloads, or trim with a JSONata transform on the connection.

Next Steps

AWS S3

Archive events as JSON objects instead of queuing them.

Learn More
AWS EventBridge

Route through EventBridge for rule-based fan-out.

Learn More
Retry Strategies

Configure exponential, linear, or fixed retries per destination.

Learn More
Destinations API

Full API reference.

Learn More
Previous HTTP / Webhook
Next AWS S3
Ask a question... ⌘I