For Amazon SQS service, due to the SQS public IPs, which keep changing dynamically and for some of these IPs, intermittently the port is blocked, system fails in multiple attempts of queue sending. To overcome that, we created a VPC. Now, programmatically sending to SQS using VPC URL also fails because "Credential should be scoped to a valid region".
We have an SQS and accessed via a VPC. We use the code as simple like below:
@Bean
public AmazonSQSClient amazonSQSClient()
.
.
.
return (AmazonSQSClient) AmazonSQSClientBuilder.standard().withRegion(Regions.EU_WEST_1)
.withCredentials(new AWSStaticCredentialsProvider(..))
.build();
And in a function where autowired
amazonSQSClient.sendMessage(new SendMessageRequest(sqsUrl + "/accid/qname", message));
Sending a message to queue, we receive the error:
Caught an AmazonServiceException, which means your request made it to Amazon SQS, but was rejected with an error response for some reason. Error Message: Credential should be scoped to a valid region. (Service: AmazonSQS; Status Code: 403; Error Code: SignatureDoesNotMatch;
Since vpc created, the url with vpc/account/sqs is not the right configuration.
The issue is missing EndpointConfiguration.
On building amazonSQSClient, for VPC end point we have to add VPC endpoint and Queue URL added when sendMessage is called.
AmazonSQSClientBuilder.standard()
.withCredentials(new AWSStaticCredentialsProvider(temporaryCredentials)).withEndpointConfiguration(new EndpointConfiguration(vpcURL, Region).build();
amazonSQSClient.sendMessage(new SendMessageRequest(vpc-sqs url/account/queue,message));