Enter your AWS Access Key ID and Secret Access Key.
- Standard Queue - Messages may not be delivered in the order they are added to the queue and there may be duplicates. Messages can be processed directly be a Lambda Function using a push approach. Provides higher throughput than FIFO queues.
- FIFO Queue - Messages are delivered in the order they are added and there are no duplicates. An EC2 instance or Docker container running a Windows Service or Linux daemon needs to pull messages from the queue.
Standard queues require less infrastructure, but more application design consideration. An audit message should only be logged once even though a duplicate could be pushed to the Lambda. The queue message object includes a unique message id that can be used as a unique index in a DynamoDB table or a relational database table.
 
Message order is also a challenge. Adding a date time property to the message and set it before sending it to the queue. This provides a column that can be used to present the messages in a report in the order they were created even if they were received out of sequence.
- [DynamoDBTable("AuditMessages")]  
- [JsonObject]  
- public class AuditMessage  
- {  
-     [DynamoDBHashKey]  
-     [DynamoDBProperty(AttributeName = "messageId")]  
-     [JsonProperty(PropertyName = "messageId", NullValueHandling = NullValueHandling.Ignore)]  
-     public string MessageId { get; set; }  
-   
-     [DynamoDBProperty(AttributeName = "auditText")]  
-     [JsonProperty(PropertyName = "auditText", NullValueHandling = NullValueHandling.Ignore)]  
-     public string AuditText { get; set; }  
-   
-     [DynamoDBRangeKey]         
-     [DynamoDBProperty(AttributeName = "auditTime")]  
-     [JsonProperty(PropertyName ="auditTime")]  
-     public DateTime AuditTime { get; set; }  
- }  
 The 
AuditMessage class attributes are decorated with attributes that bind it the 
AuditMessages DynamoDB table. While this uses DynamoDB, another implementation could use the EntityFramework to bind the class definition to a relational table. 
 
- public class FunctionTest  
-   {  
-         
-       private string AWS_REGION = "us-east-1";  
-   
-       [Fact]  
-       public async Task CreateTable()  
-       {  
-           using (var client = new AmazonDynamoDBClient(Amazon.RegionEndpoint.GetBySystemName(AWS_REGION)))  
-           {  
-               string tableName = "AuditMessages";  
-   
-                 
-               var attributeDefinitions = new List<AttributeDefinition>()  
-               {  
-                   {new AttributeDefinition{  
-                       AttributeName = "messageId",  
-                       AttributeType = "S"}},  
-                   {new AttributeDefinition(){  
-                       AttributeName = "auditTime",  
-                       AttributeType = "S"}  
-                   }  
-               };  
-   
-                 
-               var tableKeySchema = new List<KeySchemaElement>()  
-               {  
-                   {new KeySchemaElement {  
-                       AttributeName = "messageId",  
-                       KeyType = "HASH"}},  
-                   {new KeySchemaElement {  
-                       AttributeName = "auditTime",  
-                       KeyType = "RANGE"}}  
-               };  
-   
-               CreateTableRequest createTableRequest = new CreateTableRequest  
-               {  
-                   TableName = tableName,  
-                   ProvisionedThroughput = new ProvisionedThroughput  
-                   {  
-                       ReadCapacityUnits = (long)5,  
-                       WriteCapacityUnits = (long)1  
-                   },  
-                   AttributeDefinitions = attributeDefinitions,  
-                   KeySchema = tableKeySchema  
-               };  
-   
-               CreateTableResponse response = await client.CreateTableAsync(createTableRequest);  
-           }  
-       }  
 This unit test scaffolds the 
AuditMessages DynamoDB table to store the 
AuditMessage property values. Replace the AWS_REGION constant with the name of the AWS region in which you created your AWS account.
 
- [assembly: LambdaSerializer(typeof(Amazon.Lambda.Serialization.Json.JsonSerializer))]  
- namespace SampleSqs.AuditReceiver  
- {  
-     public class Function  
-     {  
-         private RegionEndpoint _awsRegion = null;  
-   
-         public Function()  
-         {  
-             _awsRegion = Amazon.RegionEndpoint.GetBySystemName(System.Environment.GetEnvironmentVariable("AWS_REGION"));     
-         }  
-   
-         public async Task FunctionHandler(SQSEvent evnt, ILambdaContext context)  
-         {  
-             List<Exception> errors = new List<Exception>();  
-             context.Logger.LogLine($"Retrieved {evnt.Records.Count} message(s)");  
-   
-             foreach(var message in evnt.Records)  
-             {  
-                 try  
-                 {  
-                     context.Logger.LogLine($"Processing message {message.MessageId}");  
-                     await ProcessMessageAsync(message, context);  
-                 }  
-                 catch(Exception ex)  
-                 {  
-                     string errMsg = $"Error processing message {message.MessageId}";  
-                     errors.Add(new Exception(errMsg, ex));  
-                 }  
-             }  
-   
-             if (errors.Any())  
-                 throw new AggregateException(errors);  
-         }  
-   
-         private async Task ProcessMessageAsync(SQSEvent.SQSMessage message, ILambdaContext context)  
-         {  
-             context.Logger.LogLine($"Processed message body {message.Body}");  
-   
-             AuditMessage auditMessage = JsonConvert.DeserializeObject<AuditMessage>(message.Body);  
-             auditMessage.MessageId = message.MessageId;  
-   
-             using (var dynamoContext = new DynamoDBContext(new AmazonDynamoDBClient(_awsRegion)))  
-             {  
-                 await dynamoContext.SaveAsync<AuditMessage>(auditMessage);  
-                 context.Logger.LogLine($"New audit message {message.MessageId}");  
-             }  
-         }  
-     }  
- }  
 This is the code of the Lambda function that processes messages from the SQS queue. The AWS_REGION environment attribute is provided by Amazon. It contains the name of the AWS region in which the Lambda is deployed. Note that it's used when creating the DynamoDBContext on line 45. The 
AuditMessage DynamoDBTable property saves having to provide another configuration entry. It supplies the name of the DynamoDB table to the dynamoContext instance.
 
 
The SaveAsync method on line 45 will handle duplicate requests. If the message has already been written to the table, then it is updated.
 
After executing this code, open the AWS console and navigate to the DynamoDB dashboard. Select the AuditMessages table and copy the Amazon Resource Number (ARN) to Notepad. You'll need it later when configuring role permissions.
 
Lambda Error Management
 
If you're dealing with a relational table, you'll need to handle the exception and not rethrow it. If you're using node.js or Python to create Lambdas that process SQS messages, then you need to explicitly delete the message after handling it. Otherwise, the message remains in the queue. The opposite applies to .NET Core Lambdas. AWS automatically deletes SQS messages processed by .NET Core Lambdas unless the Lambda throws an exception.
 
The example code above captures errors and then rethrows them in an AggregateException which puts all messages in the batch back into the queue, even if they were processed. Unfortunately, there is no elegant solution here. If one message fails, the batch fails.
 
Configure the SQS Queue
 
The 
auditmessagequeue is the destination of the audit messages and will be connected to the Lambda function. The ReceiveMessageWaitTimeSeconds attribute is set to the maximum limit of 20 seconds. By default, this is set to zero (0) seconds which causes SQS to use short polling.  While this nearly eliminates the time any message spends in the queue, it unnecessarily burns through Lambda executions. The AWS free tier allows for one million executions before charging a nominal rate. When I first configured a queue, I left the default value and found I used most of my free executions within a week.
 
 
As a best practice, set the ReceiveMessageWaitTime to more than 0. The Lambda will only be invoked when a message appears in the queue. At most, the message waits the number of seconds applied in the setting before being pushed to the Lambda function.
- [Fact]  
- public async Task CreateQueueAsync()  
- {  
-     string queueName = "auditmessagequeue";  
-     CreateQueueRequest deadLetterRequest = new CreateQueueRequest(string.Concat(queueName, "-deadletter"));  
-     deadLetterRequest.Attributes = new Dictionary<string, string>();  
-     deadLetterRequest.Attributes.Add(QueueAttributeName.ReceiveMessageWaitTimeSeconds, "20");  
-     deadLetterRequest.Attributes.Add(QueueAttributeName.MessageRetentionPeriod, "864000");  
-   
-     string deadLetterArn = null;  
-     using (AmazonSQSClient sqsClient = new AmazonSQSClient(Amazon.RegionEndpoint.GetBySystemName(FunctionTest.AWS_REGION)))  
-     {              
-         var createResponse = await sqsClient.CreateQueueAsync(deadLetterRequest);  
-         GetQueueAttributesRequest queueReq = new GetQueueAttributesRequest();  
-         queueReq.QueueUrl = createResponse.QueueUrl;  
-         queueReq.AttributeNames.Add(QueueAttributeName.All);  
-         var queueAttribs = await sqsClient.GetQueueAttributesAsync(queueReq);                 
-         deadLetterArn = queueAttribs.QueueARN;  
-     }  
-   
-   
-     string redrivePolicy = $"{{\"deadLetterTargetArn\":\"{deadLetterArn}\",\"maxReceiveCount\":5}}";  
-   
-     CreateQueueRequest createQueueRequest = new CreateQueueRequest();  
-   
-     createQueueRequest.QueueName = queueName;  
-     createQueueRequest.Attributes = new Dictionary<string, string>();  
-     createQueueRequest.Attributes.Add(QueueAttributeName.RedrivePolicy, redrivePolicy);  
-     createQueueRequest.Attributes.Add(QueueAttributeName.ReceiveMessageWaitTimeSeconds, "20");  
-   
-     using (AmazonSQSClient sqsClient = new AmazonSQSClient(Amazon.RegionEndpoint.GetBySystemName(FunctionTest.AWS_REGION)))  
-     {  
-         var createResponse = await sqsClient.CreateQueueAsync(createQueueRequest);  
-     }  
- }  
  This creation process runs through two steps:
 
- Create the auditmessagequeue-deadletter queue. This is where the audit message lands if it cannot be processed in the auditmessagequeue as per the RedrivePolicy setting  (line 22 and 28) on the auditmessagequeue. It will remain in the dead letter queue for ten days per the MessageRetentionPeriod setting on line 8. 
- Create the auditmessagequeue. 
After executing this logic, navigate to the SQS dashboard in the AWS console. Locate the auditmessagequeue and copy the Amazon Resource Number to Notepad. You'll need this in the next section where you grant access to the Lambda function to read from the queue.
 
 
Configuring the AuditReceiver Lambda Function
 
At this point, the queue is deployed along with the DynamoDB table. Next comes the AuditReceiver Lambda function. Before we deploy it and wire it into the queue, the function needs an IAM role with rights to read from the queue. Browse to the IAM dashboard in the AWS console, select Roles, then select Create Role.
Create the Role 
- On the first Create Role panel, select Lambda and click the Next: Permission button on the bottom of the screen.
 
 
 
- On the next screen, search for the AWSLambdaBasicExecutionRole. Select it and click the Next: Tags button at the bottom of the page. This will grant access to CloudWatch logs and other basic resources required for Lambda functionality.
 
 
 
- On the Tags screen, click the Next: Review button at the bottom of the screen.
- Enter lambda_auditmessagequeuereader for the role name and click Create Role at the bottom of the screen.
 
 
 
 
While this configures basic rights for the Lambda, it does not yet grant access the to queue. To grant rights to read from the queue, navigate to the newly created role and grant the minimum rights needed to process queue messages.
- In the IAM dashboard, select Roles and locate the lambda_auditmessagequeuereader role. Click the role.
 
 
 
- Select Add Inline Policy.
 
- Select the SQS Service
 
 
 
- Expand Actions and select GetQueueAttributes, ReceiveMessages, and DeleteMessages.
 
 
 
- Expand Resources and select Add ARN.
 
 
 
- Assign the ARN of the queue that was copied to Notepad from the prior steps taken when creating the queue and click Add.
 
 
 
- One the next page, enter AuditQueuePolicy as the policy name and click Create Policy.
- Open the lambda_auditmessagequeuereader role again.
- Select Add Inline Police.
- Select the DynamoDB Service.
 
 
- Expand Actions and select DescribeTable, PutItem, and UpdateItem.
 
 
 
- Expand Resources and select Add ARN,
- Apply the AuditMessages DynamoDB ARN that was copied in an earlier step after the DynamoDB table was created earlier and click Add.
 
 
 
- Enter AuditMessage_DynamoDBAccess for the policy name and click Create Policy.
 
 
Now that the role is in place, we're ready to deploy the Lambda.
Deploy the AuditReceiver Lambda 
- In Visual Studio, right click on the SampleSqs.AuditReceiver project and select Publish to AWS Lambda...
- Accept the default settings on the first page and click Next.
- On this page find lambda_auditmessagequeuereader role that was created in the prior steps.
 
 
- Click the Upload button.
Connect the AuditReceiver Lambda to the Queue
 
The queue is configured and the lambda function is deployed. The following code adds the SQS as an event source that can trigger the Lambda Function
-     [Fact]  
-      public async Task ConfigureLambdaWithQueueAsync()  
-      {  
-          string queueArn = null;  
-   
-          using (AmazonSQSClient sqsClient = new AmazonSQSClient(Amazon.RegionEndpoint.GetBySystemName(FunctionTest.AWS_REGION)))  
-          {  
-              GetQueueUrlRequest queueUrlReq = new GetQueueUrlRequest();  
-              queueUrlReq.QueueName = FunctionTest.QUEUE_NAME;  
-              GetQueueUrlResponse getQueueUrlResp = await sqsClient.GetQueueUrlAsync(queueUrlReq);  
-              GetQueueAttributesRequest queueAttribReq = new GetQueueAttributesRequest();  
-              queueAttribReq.AttributeNames.Add(QueueAttributeName.QueueArn);  
-              queueAttribReq.QueueUrl = getQueueUrlResp.QueueUrl;  
-              var queueAttribResp = await sqsClient.GetQueueAttributesAsync(queueAttribReq);  
-              queueArn = queueAttribResp.QueueARN;  
-          }  
-   
-          using (AmazonLambdaClient lambdaClient = new AmazonLambdaClient(Amazon.RegionEndpoint.GetBySystemName(FunctionTest.AWS_REGION)))  
-          {  
-              CreateEventSourceMappingRequest eventMappingReq = new CreateEventSourceMappingRequest();  
-              eventMappingReq.FunctionName = "AuditReceiver";  
-              eventMappingReq.BatchSize = 10;  
-              eventMappingReq.Enabled = true;  
-              eventMappingReq.EventSourceArn = queueArn;  
-              await lambdaClient.CreateEventSourceMappingAsync(eventMappingReq);  
-          }  
-      }  
 After executing this code, navigate to the 
AuditReceiver Lambda configuration in the AWS console. SQS show as a valid event trigger.
 
![Lambda Final Config]() 
 
Sending the Audit Message
 
The pieces are finally in place to send the audit message to the queue. 
- [Fact]  
- public async Task PostMessageToQueueTestAsync()  
- {  
-     System.Environment.SetEnvironmentVariable("AWS_REGION", AWS_REGION);  
-     AuditMessage message = new AuditMessage();  
-   
-     message.AuditTime = DateTime.UtcNow;  
-     message.AuditText = "Message posted from unit test";  
-   
-    using(var sqsClient = new AmazonSQSClient(Amazon.RegionEndpoint.GetBySystemName(FunctionTest.AWS_REGION)))  
-    {  
-         GetQueueUrlRequest urlReq = new GetQueueUrlRequest();  
-         urlReq.QueueName = QUEUE_NAME;  
-         var queueUrlResp = await sqsClient.GetQueueUrlAsync(urlReq);  
-         string messageBody = JsonConvert.SerializeObject(message);  
-         var sendMessageResp = await sqsClient.SendMessageAsync(queueUrlResp.QueueUrl, messageBody);  
-    }  
-   
- }  
 Note that the queue URL is obtained first followed by a message to sent the message. In a production application, this could be addressed with a configuration value or a distributed cache that stores the queue.
 
Summary
 
Congratulations on making it to the end.
 
The steps outlined in this article touched on a number of AWS services including SQS, DynamoDB, IAM, and Lambda functions. These cloud-native services support a durable queuing and messaging architecture that can offload resource-intensive workloads to asynchronous processes using standard SQS queues and Lambda functions. In practice, DynamoDB inserts are just as performant as posts to SQS queues. If you are already inserting into DynamoDB in your user-facing application, this wouldn't improve your response time.
 
Rather than posting to a DynamoDB, you may use a queue to kick off a backend workflow process or post to an external service. In my experience, I've used this approach to send SMS requests via Twilio through a Lambda configured to receive push request from a standard SQS queue.
 
All of the code samples are available in the Visual Studio solution attached to this article.