Amazon SQS and SNS Connection Shared Resource
This Amazon SQS and SNS Connection shared resource is required by all SQS and SNS activities as it provides the AWS client object that mediates all interactions with the AWS messaging system.
General
This section includes the following fields:
| Field | Module Property? | Description |
|---|---|---|
| Package | No | Name of the package. By default, the value of the field is the name of the package in which the resource is created. You can change the field value by clicking
 icon.
|
| Name | No | Name of the connection. You can change the field value by clicking
icon.
|
| Description | No | The user can provide additional description about the connection. |
SQS SNS Client Configuration
You can provide information required to establish the connection with Amazon SQS and SNS. You can configure the connection using AWS Credential, SAML Authentication, or Container Credentials.
-Dcom.tibco.aws.useregionalendpoint=true
com.tibco.aws.useregionalendpoint=true in the tibcohome\studio\<version>\eclipse\Configuration\config.ini file.| Condition Applicable | Field | Module Property? | Description |
|---|---|---|---|
| N/A | AWS Region Name | Yes | The name of the AWS region to which you want to connect. For a complete list of regions, see AWS documentation. |
| N/A | Authentication Type | Yes | You can use the following types of authentication:
Note: Container Credentials authentication type is loaded from the Amazon ECS when the environment variable AWS_CONTAINER_CREDENTIALS_RELATIVE_URI is set. For information on Amazon ECS container credentials, see AWS documentation.
|
| Available only when the Authentication Type is selected as AWS Credential. | AWS Key ID | Yes | This is the ID of the secret key for AWS. Keys can be created through the AWS console and downloaded as csv files. |
| AWS Secret | Yes | This is the encrypted secret key for access to AWS. | |
| Session Token | Yes | Along with AWS Key ID and AWS Secret the plug-in now supports the Session Token field. Session Token is the temporary security credentials. Note: When the Session Token is provided the AWS credentials are treated as temporary session credentials otherwise they are static IAM credentials.
| |
| Cross Account Access | Yes | Use the AWS Security Token Service (AWS STS) to create and provide trusted users with temporary security credentials that can control access to your AWS resources. This parameter uses cross-account access temporary security credentials created by AssumeRole. For information on Temporary Security Credentials, see AWS documentation. | |
| Available only when the Authentication Type is selected as AWS Credentials or Container Credentials and Cross Account Access check-box is selected | Role ARN | Yes | The Amazon Resource Name (ARN) of the role to assume. For more information on RoleARN, see AWS documentation. |
| Role Session Name | Yes | An identifier for the assumed role session used to uniquely identify a session when the same role is assumed by different principals or for different reasons. For more information on RoleSessionName, see AWS documentation. | |
| External ID | Yes | A unique identifier that might be required when you assume a role in another account. It is used to address the confused deputy problem. For more information on ExternalId, see AWS documentation. | |
| Expiration Duration (min) | Yes | Parameter to specify the duration in minutes for which the temporary security credentials remain valid using AssumeRole. For more information on ExpirationDuration, see AWS documentation. | |
| Available only when the Authentication Type is selected as SAML Authentication. | Identity Provider (IdP) | No | The service provider that manages your user identities. With an IdP, you can manage user identities outside of AWS instead of creating AWS Identity and Access Management (IAM) users in your account. After establishing the trust relationship between IdP and AWS, your users can access AWS resources using their corporate credentials. The following identity providers can be used:
Note: Ensure that Form authentication is enabled for the identity provider.
Note: While using ADFS IdP, if the Windows Integrated Authentication (WIA) is enabled and ADFS IdP is accessible via Intranet, then set the
Dcom.tibco.bw.awsplugins.saml.useragent=Java1.8 system property to fallback to Form authentication. For more information, see ADFS doc.
|
| Identity Provider Login URL | Yes | IdP login URL that is generated when you configure the identity provider in the identity provider console. Example URL for PingFederate: https://<host>:<port>/idp/startSSO.ping?PartnerSpId=urn%3Aamazon%3Awebservices Example URL for ADFS: https://<host>:<port>/adfs/ls/ IdpInitiatedSignOn.aspx? loginToRp=urn:amazon: webservices | |
| Username | Yes | User name that is configured with your identity provider | |
| Password | Yes | Password that is configured with your identity provider | |
| AWS Role | Yes | AWS IAM role | |
| Token Expiration Duration | Yes | Duration for which the token is valid
Note: This is configured in AWS IAM policy when creating the role. If the user specifies the value as 0, the value is taken as 60 minutes.
| |
| SSL Client Configuration | No | Establishes secure connection with the identity provider
For more information about SSL Client Configuration, see the "Shared Resource" section of the TIBCO ActiveMatrix BusinessWorks™ Bindings and Palettes Reference guide. | |
| Use Proxy | Yes | The call to the identity provider through the proxy can be enabled when using
Advanced configuration with a custom client type.
Note: To enable basic authentication, set JVM argument as
-Djdk.http.auth.tunneling.disabledSchemes= For more information, see setting bwappnode-<AppNodeName>.tra file in "Setting JVM Parameters for the AppNode Manually" section in the TIBCO ActiveMatrix BusinessWorks documentation. With TIBCO BusinessStudio for BusinessWorks : Add this argument in <BW_HOME>\studio\<version>\eclipse\TIBCOBusinessStudio.ini file. | |
| N/A | Custom Endpoint | Yes | The Custom Endpoint is the URL of the entry point for an AWS web service. It serves as a gateway for accessing AWS SQS and SNS. Note: For Custom Endpoint the AWS Region Name field is mandatory for the shared resource. Note: Use the following property if the Cross Account Access checkbox is selected and the deployment environment is in a Virtual Private Cloud. -Dcom.tibco.aws.useregionalendpoint=true |
Custom Client Config
SQS Default Client Config chooses a predefined configuration or creates a custom configuration.
For other situations where the default configuration is not optimal, use the custom configuration. You can configure the HTTP proxy in the custom configuration. For more information about setting a proxy, see Setting Proxy.
For detailed descriptions of custom configuration, see Client Configuration on AWS documentation.