aws-sqs.yml

version: 1
name: csb-aws-sqs
id: 2198d694-bf85-11ee-a918-a7bdfa69a96d
description: CSB AWS SQS
display_name: CSB AWS SQS
image_url: file://service-images/csb.png
documentation_url: https://docs.vmware.com/en/Cloud-Service-Broker-for-VMware-Tanzu/index.html
provider_display_name: VMware
support_url: https://aws.amazon.com/sqs/
tags: [aws, sqs]
plan_updateable: true
provision:
  user_inputs:
    - field_name: region
      type: string
      details: The region of AWS.
      default: us-west-2
      constraints:
        examples:
          - us-west-2
          - eu-west-1
        pattern: ^[a-z][a-z0-9-]+$
      prohibit_update: true
    - field_name: fifo
      type: boolean
      details: Whether to create a FIFO queue. Cannot be altered once a queue is created.
      prohibit_update: true
      default: false
    - field_name: visibility_timeout_seconds
      type: integer
      details: The visibility timeout for the queue. An integer from 0 to 43200 (12 hours). The default for this attribute is 30.
      default: 30
    - field_name: message_retention_seconds
      type: integer
      details: |
        The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days). 
        The default for this attribute is 345600 (4 days).
      default: 345600
    - field_name: max_message_size
      type: integer
      details: |
        The limit of how many bytes a message can contain before Amazon SQS rejects it. 
        An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB). The default for this attribute is 262144 (256 KiB).
      default: 262144
    - field_name: delay_seconds
      type: integer
      details: |
        The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes). 
        The default for this attribute is 0 seconds.
      default: 0
    - field_name: receive_wait_time_seconds
      type: integer
      details: |
        The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. 
        An integer from 0 to 20 (seconds). The default for this attribute is 0, meaning that the call will return immediately.
      default: 0
    - field_name: aws_access_key_id
      type: string
      details: AWS access key
      default: ${config("aws.access_key_id")}
    - field_name: aws_secret_access_key
      type: string
      details: AWS secret key
      default: ${config("aws.secret_access_key")}
    - field_name: dlq_arn
      type: string
      details: ARN of the Dead Letter Queue. If provided, configures redrive_policy for the queue.
      default: ""
    - field_name: max_receive_count
      type: integer
      details: The number of times a message is delivered to the source queue before being moved to the DLQ.
      default: 5
    - field_name: content_based_deduplication
      type: boolean
      default: false
      details: Enables content-based deduplication for FIFO queues.
    - field_name: deduplication_scope
      type: string
      default: null
      nullable: true
      details: |
        Determines the scope of deduplication for messages within the FIFO queue.
        Allowed values:
        * `messageGroup`: deduplication is performed within each message group
        * `queue`: deduplication across the entire queue
        If not defined for a FIFO queue it defaults to `queue`.
    - field_name: fifo_throughput_limit
      type: string
      default: null
      nullable: true
      details: |
        Manages the throughput limit for the FIFO queue to optimize processing capabilities.
        Allowed values: 
        * `perQueue`: standard throughput limits
        * `perMessageGroupId`: for high throughput mode
        When High throughput Mode is ON, the value for `deduplication_scope` must be `messageGroup` or the operation fails.
        If not defined for a FIFO queue it defaults to `perQueue`.
    - field_name: sqs_managed_sse_enabled
      type: boolean
      details: Enable SQS-managed encryption keys for encrypting messages. Overridden by `kms_master_key_id`.
      default: true
    - field_name: kms_master_key_id
      type: string
      details: | 
        Specify the AWS KMS customer master key (CMK) for encryption.
        Overrides the `sqs_managed_sse_enabled` property.
      default: ""
    - field_name: kms_data_key_reuse_period_seconds
      type: integer
      details: Duration in seconds for reuse of a data key for encrypting messages.
      default: 300  # 5 minutes
      constraints:
        minimum: 60  # Minimum 1 minute
        maximum: 86400  # Maximum 24 hours
    - field_name: kms_extra_key_ids
      type: string
      details: |
        A comma-separated list of AWS KMS key IDs used for SSE-KMS operations.
        Since a DLQ can receive messages from multiple sources, all the KMS key IDs used as sources must be included.
      default: ""
  computed_inputs:
    - name: instance_name
      default: csb-sqs-${request.instance_id}
      overwrite: true
      type: string
    - name: labels
      default: ${json.marshal(request.default_labels)}
      overwrite: true
      type: object
  template_refs:
    data: terraform/sqs/provision/data.tf
    main: terraform/sqs/provision/main.tf
    outputs: terraform/sqs/provision/outputs.tf
    provider: terraform/sqs/provision/providers.tf
    versions: terraform/sqs/provision/versions.tf
    variables: terraform/sqs/provision/variables.tf
  outputs:
    - field_name: arn
      type: string
      details: ARN for the queue
    - field_name: region
      type: string
      details: AWS region for the queue
    - field_name: queue_name
      type: string
      details: name for the queue
    - field_name: queue_url
      type: string
      details: URL for the queue
    - field_name: dlq_arn
      type: string
      details: The ARN of the associated DLQ.
    - field_name: kms_all_key_ids
      type: string
      details: The `kms_master_key_id` and `kms_extra_key_ids` AWS KMS key IDs used for SSE-KMS operations.
bind:
  plan_inputs: []
  user_inputs: []
  computed_inputs:
    - name: aws_access_key_id
      type: string
      default: ${config("aws.access_key_id")}
    - name: aws_secret_access_key
      type: string
      default: ${config("aws.secret_access_key")}
    - name: arn
      default: ${instance.details["arn"]}
      overwrite: true
      type: string
    - name: region
      default: ${instance.details["region"]}
      overwrite: true
      type: string
    - name: user_name
      default: csb-${request.binding_id}
      overwrite: true
      type: string
    - name: dlq_arn
      default: ${instance.details["dlq_arn"]}
      overwrite: true
      type: string
    - name: kms_all_key_ids
      default: ${instance.details["kms_all_key_ids"]}
      overwrite: true
      type: string
  template_refs:
    data: terraform/sqs/bind/data.tf
    main: terraform/sqs/bind/main.tf
    outputs: terraform/sqs/bind/outputs.tf
    provider: terraform/sqs/bind/provider.tf
    versions: terraform/sqs/bind/versions.tf
    variables: terraform/sqs/bind/variables.tf
  outputs:
    - field_name: access_key_id
      type: string
      details: AWS access key
    - field_name: secret_access_key
      type: string
      details: AWS secret access key