How do I create an SQS queue in Amazon Web Services to receive Live Events data from Canvas?

Document created by Canvas Doc Team Employee on Dec 21, 2019Last modified by Canvas Doc Team Employee on May 16, 2020
Version 11Show Document
  • View in full screen mode

To receive data from Canvas you will need to set up and maintain a queue in Amazon Web Services. Additionally, you will need to grant the appropriate permissions for the queue to receive data.

After you set up a queue with the appropriate permissions, you can subscribe to events in Data Services and begin receiving data.


  • FIFO queues are not currently supported.
  • When setting up an SQS queue you can enable long polling in a standard queue. Long Polling helps eliminate the number of empty responses and false empty responses. For more information about long polling, please see the Amazon SQS Long Polling documentation.

Open Amazon SQS Console

  Open Amazon SQS Console

In the Amazon Web Services console, open the Simple Queue Service (SQS) console by typing the name in the Services field. When Simple Queue Service displays in the list, click the name. 

Create New Queue

Create New Queue

In the Amazon SQS console, click the Create New Queue button.

Enter Queue Name

  Enter Queue Name

Enter a name for the queue. The name of the queue must begin with canvas-live-events.

Select Standard Queue

  Select Standard Queue

By default, Standard Queue will be selected.

To create a queue with the default settings, click the Quick-Create Queue button [1]. To configure additional queue parameters, click the Configure Queue button [2].

Note: FIFO Queues are not currently supported.

Open Queue Permissions

  Open Queue Permissons

Select the checkbox next to the name of your queue [1]. In the queue details area, click the Permissions tab [2].

Add Queue Permissions

  Add Queue Permissions

Click the Add a Permission button.

Enter Permission Details

Enter Permission Details

In the permission details window, select the Allow radio button [1].

In the Principal field, enter the account number 636161780776 [2]. This account number is required for the queue to receive Live Events data.

Select the All SQS Actions checkbox [3].

Click the Add Permission button [4].

View Queue Permission

View Queue Permission

In the queue details area, the permission will display in the Permissions tab.

To edit the permission, click the Edit icon [1]. To delete the permission, click the Delete icon [2].

Using SSE setting with your SQS (Optional)

Canvas Live Events service supports SSE enabled on SQS, in order for SSE to be used the following setup needs to be enabled on the customer SQS :

1. Create a CMK or custom key with this policy, which can be generated by following the steps for creating a CMK, and during step 4 (Define Key Usage Permissions), clicking “Add another AWS Account” and entering the Instructure account number 636161780776.

{ "Id": "key-consolepolicy-3", "Version": "2012-10-17", "Statement": [ { "Sid": "Enable IAM User Permissions", "Effect": "Allow", "Principal": { "AWS": "arn of the customer account root" }, "Action": "kms:*", "Resource": "*" }, { "Sid": "Allow access for Key Administrators", "Effect": "Allow", "Principal": { "AWS": "arn of admin user" }, "Action": [ "kms:Create*", "kms:Describe*", "kms:Enable*", "kms:List*", "kms:Put*", "kms:Update*", "kms:Revoke*", "kms:Disable*", "kms:Get*", "kms:Delete*", "kms:TagResource", "kms:UntagResource", "kms:ScheduleKeyDeletion", "kms:CancelKeyDeletion" ], "Resource": "*" }, { "Sid": "Allow use of the key", "Effect": "Allow", "Principal": { "AWS": [ "arn of admin user", "arn:aws:iam::636161780776:root" // instructure account ] }, "Action": [ "kms:Encrypt", "kms:Decrypt", "kms:ReEncrypt*", "kms:GenerateDataKey*", "kms:DescribeKey" ], "Resource": "*" }, { "Sid": "Allow attachment of persistent resources", "Effect": "Allow", "Principal": { "AWS": [ "arn of admin user", "arn:aws:iam::636161780776:root" // instructure account ] }, "Action": [ "kms:CreateGrant", "kms:ListGrants", "kms:RevokeGrant" ], "Resource": "*", "Condition": { "Bool": { "kms:GrantIsForAWSResource": "true" } } } ]}??????????????????????????????????????????????????????????????????????????????

2. Create an SQS queue, and enable SSE. Provide the ARN of the newly-created CMK.

3. Create a new IAM policy, that grants access to the queue and the key, the policy needs to look exactly like this:

{ "Version": "2012-10-17", "Statement": [{ "Effect": "Allow", "Action": [ "kms:GenerateDataKey", "kms:Decrypt" ], "Resource": "CMK arn" }, { "Effect": "Allow", "Action": [ "sqs:SendMessage", "sqs:SendMessageBatch" ], "Resource": "queue arn" }]???????????????????????????????????????????????????

4. Create a new IAM user and attach the above policy. Save the access key and secret key, and provide them to us as part of the subscription.

You are here
Table of Contents > Canvas Data Services > How do I create an SQS queue in Amazon Web Services to receive Live Events data from Canvas?