Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Custom endpoint for SQS (VPC Endpoint) does not work. #2135

Open
hhk1989 opened this issue Oct 29, 2019 · 5 comments
Open

Custom endpoint for SQS (VPC Endpoint) does not work. #2135

hhk1989 opened this issue Oct 29, 2019 · 5 comments
Labels
bug

Comments

@hhk1989
Copy link

@hhk1989 hhk1989 commented Oct 29, 2019

Issue description

Please refer to aws/aws-sdk-ruby#2114 - this issue is the exact same as that one (for which a fix is being developed), but for Java.

QueueUrlHandler is the equivalent in Java that is causing SQS calls to not work when specifying a custom endpoint (such as an SQS VPC Endpoint). This is because, the custom endpoint is being replaced with the host in the queue URL, which happens to be sqs.<region>.amazonaws.com

@juaoose

This comment has been minimized.

Copy link

@juaoose juaoose commented Jan 7, 2020

Would it be appropiate to look at the incoming request, if such object already has an endpoint, then just use that endpoint instead of setting it from the QueueUrl? Are there other assumptions I might be overlooking?

@debora-ito

This comment has been minimized.

Copy link
Collaborator

@debora-ito debora-ito commented Jan 8, 2020

Hi @hhk1989, I just want to confirm the issue you're seeing with the SDK for Java, is the following code a good example of you're trying to do?

AmazonSQS sqsClient = AmazonSQSClientBuilder.standard()
    .withRegion(Regions.AP_SOUTH_1)
    .build();

SendMessageRequest sendMessageRequest = new SendMessageRequest()
    .withQueueUrl("https://vpce-<vpce-id>.sqs.us-west-2.vpce.amazonaws.com/<user-id>/<sqs-queue>")
    .withMessageBody("Hello");
SendMessageResult result = sqsClient.sendMessage(sendMessageRequest);

Could you share the stacktrace of the error?

@hhk1989

This comment has been minimized.

Copy link
Author

@hhk1989 hhk1989 commented Jan 13, 2020

@debora-ito apologies for the late response.

The code snippet we have would be something like the following (similar to the Ruby code in the linked issue above).

AwsClientBuilder.EndpointConfiguration endpointConfiguration = new AwsClientBuild.EndpointConfiguration(
  "https://vpce-<vpce-id>.sqs.us-west-2.vpce.amazonaws.com",
   Regions.US_WEST_2
)

AmazonSQS sqsClient = AmazonSQSClientBuilder.standard()
    .withRegion(Regions.US_WEST_2)
    .withEndpointConfiguration(endpointConfiguration)
    .build();

SendMessageRequest sendMessageRequest = new SendMessageRequest()
    .withQueueUrl("https://sqs.us-west-2.amazonaws.com/<account_id>/<queue_name>")
    .withMessageBody("Hello");
SendMessageResult result = sqsClient.sendMessage(sendMessageRequest);

The issue is that the above makes a request to https://sqs.us-west-2.amazonaws.com origin, rather than the VPC Endpoint specified in the endpoint configuration.

The error we get in our applications in the DC is a 403, because the application has not whitelisted the above SQS public API path in our internal squid proxy that selectively allows only whitelisted public paths.

@debora-ito

This comment has been minimized.

Copy link
Collaborator

@debora-ito debora-ito commented Jan 16, 2020

The issue is that the above makes a request to https://sqs.us-west-2.amazonaws.com origin, rather than the VPC Endpoint specified in the endpoint configuration.

I understand it now. We may not be able to change this behavior, but a possible solution would be specifying the vpc endpoint url directly in the queue url as I did in my code example.

Anyway, we are investigating.

@debora-ito

This comment has been minimized.

Copy link
Collaborator

@debora-ito debora-ito commented Jan 22, 2020

I can reproduce the issue, marking as a bug.

The issue is in our backlog, pending prioritization.

@debora-ito debora-ito added bug and removed investigating labels Jan 22, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.