Summary
The large messages utility resolves the S3 bucket to fetch from the incoming message pointer. We'd like to add an optional allowedBuckets configuration on LargeMessageConfig so customers can pin the utility to a known set of buckets. When configured, a message referencing any other bucket is rejected before the S3 call; when left unset, behavior is unchanged.
Why is this needed?
This gives customers fine-grained, in-application control over which buckets the utility will access, complementing IAM permissions with a defense-in-depth layer that lives alongside their handler configuration. It is opt-in and fully backward compatible.
Which area does this relate to?
SQS Large Message Handling
Solution
Add LargeMessageConfig.init().withAllowedBuckets(Set<String>). An empty allowlist (the default) applies no restriction. A non-empty allowlist causes the utility to reject messages whose pointer names a bucket outside the set. Works for both the @LargeMessage annotation and the functional API.
Summary
The large messages utility resolves the S3 bucket to fetch from the incoming message pointer. We'd like to add an optional
allowedBucketsconfiguration onLargeMessageConfigso customers can pin the utility to a known set of buckets. When configured, a message referencing any other bucket is rejected before the S3 call; when left unset, behavior is unchanged.Why is this needed?
This gives customers fine-grained, in-application control over which buckets the utility will access, complementing IAM permissions with a defense-in-depth layer that lives alongside their handler configuration. It is opt-in and fully backward compatible.
Which area does this relate to?
SQS Large Message Handling
Solution
Add
LargeMessageConfig.init().withAllowedBuckets(Set<String>). An empty allowlist (the default) applies no restriction. A non-empty allowlist causes the utility to reject messages whose pointer names a bucket outside the set. Works for both the@LargeMessageannotation and the functional API.