Skip to main content

AWS SQS/SNS

For SQS, you can use either dedicated queues per sandbox (via ResourcePlugins) or a shared queue with message-level routing. For the latter, the consumer logic is as follows:

Consumer Logic

  1. Receive: Consumer polls and receives a message.
  2. Inspect: Consumer checks message attributes for the routing key.
  3. Decision:
    • If the message matches the sandbox's routing key, process and delete it.
    • If not, immediately call the SQS ChangeMessageVisibility API for that message with VisibilityTimeout=0 to make it instantly visible again for other consumers.

This approach avoids the need for separate queues for each consumer and enables efficient message isolation.

SQS with SNS

If SQS is used together with SNS, a more efficient approach is to create a separate SQS queue for each sandboxed consumer and subscribe it to the same SNS topic. This ensures the sandboxed consumer receives all messages published to the topic, but does require creating a new queue for each sandboxed consumer.

Summary

  • Use message attributes for routing key propagation.
  • Consumers filter and process only relevant messages.
  • Use ChangeMessageVisibility to return unmatched messages to the queue.
  • If using SNS, another option is to create a separate queue per sandboxed consumer for efficient isolation.