AWS SQS to receive message from outside of AWS

Question

my company has a messaging system which sends real-time messages in JSON format, and it's not built on AWS, and will not have any VPN connection with AWS.

our team is trying to use AWS SQS to receive these messages, which will then have DynamoDB process JSON messages to TSV, then load into RDS.

however, as per the FAQ, SQS can only receive message from within AWS. https://aws.amazon.com/sqs/faqs/

Q: Who can perform operations on a message queue?

Only an AWS account owner (or an AWS account that the account owner has delegated rights to can perform operations on an Amazon SQS message queue.

In order to use SQS, one way I can think of is to create a public-facing EC2 instance, which receives messages and passes over to SQS.

My questions here are:

1. is my idea correct?
2. if it's correct, can you share any details on how to build any applications on this EC2 instance to achieve the functionality (I have no experience on application development, your insights are really appreciated!)
3. is there any easier/better options in AWS that can achieve the goal to receive message in my use case?

Answer 1

1. is my idea correct?

No, it isn't.

You're misinterpreting the (admittedly somewhat unclear) information in the FAQ.

SQS is accessible and usable from anywhere on the Internet. Its only exposed interface is HTTP(S). In fact, from inside EC2, SQS is not accessible unless the EC2 instance actually has outbound access to the Internet.

The point being made in the documentation is not that you need to be "inside" AWS to use queues, but rather that you need to be in possession of an authorized set of AWS credentials in order to work with queues.¹

If you have an AWS account, you have credentials, and you can use SQS. There is no requirement that you access the queue from "inside" AWS.

Choose the endpoint closest to your servers (for lowest latency) and you should find it open and accessible, from anywhere.

---

¹Queues can be configured to allow anonymous acccess after they are created. (Don't do it, I'm just saying it is possible.) This section of the FAQ seems to be referring to a subset of operations, such as creating queues.

Answer 2

I was not able to write to SQS from an external service. I found some partial explanations but got stuck at the role creation.

The alternative I found is using AWS services Lambda + API Gateway to write to SQS.

This tutorial was extremely helpful, explaining all the steps in great details: https://startupnextdoor.com/adding-to-sqs-queue-using-aws-lambda-and-a-serverless-api-endpoint/