Skip to content

feat(mqconfig): support IAM role auth for SQS MQ provider#996

Open
ambroziepaval wants to merge 1 commit into
hookdeck:mainfrom
ambroziepaval:feat/sqs-iam-role-credentials
Open

feat(mqconfig): support IAM role auth for SQS MQ provider#996
ambroziepaval wants to merge 1 commit into
hookdeck:mainfrom
ambroziepaval:feat/sqs-iam-role-credentials

Conversation

@ambroziepaval

Copy link
Copy Markdown
Contributor

The AWS SQS message-queue provider previously required static IAM user keys (AWS_SQS_ACCESS_KEY_ID / AWS_SQS_SECRET_ACCESS_KEY) and always passed them explicitly to the SDK, which suppressed the default credential chain. This made role-based auth (ECS/EKS task role, EC2 instance profile) impossible.

When no static credentials are configured, ToCredentials now returns (nil, nil) and the client builders omit WithCredentialsProvider, letting the AWS SDK default credential chain resolve credentials. IsConfigured selects SQS on region alone so the keys can be omitted. Existing static-key configs are unchanged. Mirrors the GCP Pub/Sub provider's implicit-credential behavior.

Refs #463

The AWS SQS message-queue provider previously required static IAM user
keys (AWS_SQS_ACCESS_KEY_ID / AWS_SQS_SECRET_ACCESS_KEY) and always passed
them explicitly to the SDK, which suppressed the default credential chain.
This made role-based auth (ECS/EKS task role, EC2 instance profile)
impossible.

When no static credentials are configured, ToCredentials now returns
(nil, nil) and the client builders omit WithCredentialsProvider, letting
the AWS SDK default credential chain resolve credentials. IsConfigured
selects SQS on region alone so the keys can be omitted. Existing static-key
configs are unchanged. Mirrors the GCP Pub/Sub provider's implicit-credential
behavior.

Refs hookdeck#463

Generated with AI

Co-Authored-By: Claude <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant