My Agents running on various environments/devices are going to drop periodic messages from public network. These messages will be processed by my AWS Lambda. The systems are asynchronous.
I am thinking of using SQS to feed the Lambda. Just that, SQS endpoint will be open to internet. How can I validate the messages posted on AWS SQS.
Most of the devices/agents pushing messages will be on customer VPN. So, establishing a private-vpn-link is a possible solution.
You shoudn't make an SQS queue public so that anyone without AWS credentials could use it. Its not a good practice.
A better option is to uses API gateway in front of your SQS queue:
This way you can make your API gateway endpoint public, control its throughput, limits, throttling, access using API keys, and more.
The API gateway would be integrated with your SQS queue which would allow you to trigger your lambda function.
With the use of API keys or lambda authorizes you will be able to control access of your devices/agents to the API gateway, and subsequently, to the SQS.