This article describes configuring Dapr to use AWS SNS/SQS for pub/sub on local and Kubernetes environments.
In order to use localstack with your pubsub binding, you need to provide the
in the component metadata. The
endpoint is unncessary when running against production AWS.
See Authenticating to AWS for information about authentication-related attributes
apiVersion: dapr.io/v1alpha1 kind: Component metadata: name: messagebus spec: type: pubsub.snssqs version: v1 metadata: - name: endpoint value: http://localhost:4566 # Use us-east-1 for localstack - name: awsRegion value: us-east-1
To run localstack on Kubernetes, you can apply the configuration below. Localstack is then
reachable at the DNS name
(assuming this was applied to the default namespace) and this should be used as the
apiVersion: apps/v1 kind: Deployment metadata: name: localstack spec: # using the selector, we will expose the running deployments # this is how Kubernetes knows, that a given service belongs to a deployment selector: matchLabels: app: localstack replicas: 1 template: metadata: labels: app: localstack spec: containers: - name: localstack image: localstack/localstack:latest ports: # Expose the edge endpoint - containerPort: 4566 --- kind: Service apiVersion: v1 metadata: name: localstack labels: app: localstack spec: selector: app: localstack ports: - protocol: TCP port: 4566 targetPort: 4566 type: LoadBalancer
In order to run in AWS, you should create an IAM user with permissions to the SNS and SQS services.
Use the account ID and account secret and plug them into the
in the component metadata using kubernetes secrets.
Create a Dapr component
The next step is to create a Dapr component for SNS/SQS.
Create the following YAML file named
apiVersion: dapr.io/v1alpha1 kind: Component metadata: name: <NAME> namespace: <NAMESPACE> spec: type: pubsub.snssqs version: v1 metadata: # ID of the AWS account with appropriate permissions to SNS and SQS - name: accessKey value: ********** # Secret for the AWS user - name: secretKey value: ********** # The AWS region you want to operate in. # See this page for valid regions: https://docs.aws.amazon.com/AmazonRDS/latest/UserGuide/Concepts.RegionsAndAvailabilityZones.html # Make sure that SNS and SQS are available in that region. - name: region value: us-east-1
WarningThe above example uses secrets as plain strings. It is recommended to use a secret store for the secrets as described here.
Apply the configuration
Visit this guide for instructions on configuring pub/sub components.
- Pub/Sub building block
- AWS SQS as subscriber to SNS
- AWS SNS API refernce
- AWS SQS API refernce
- Authenticating to AWS