在多个环境中共享SQS [英] sharing SQS across multiple environments

问题描述

我们正在探索SQS，以提高某些异步作业队列的可靠性.我正在尝试确定最佳的SQS部署策略，以支持多个队列和环境(服务器场群集，开发人员沙箱，开发人员笔记本电脑等).我们之前的作业队列为每个环境使用了单独的队列服务器，以提供良好的隔离.由于SQS是一种全球资源，因此我还没有找到用于安全性/隔离和维护的最佳途径.

We're exploring SQS to improve the reliability of some asynchronous job queues. I'm trying to identify the best SQS deployment strategy to support multiple queues and environments (farm clusters, developer sandboxes, developer laptops, etc.). Our previous job queue used a separate queue server for each environment which provided for nice isolation. Since SQS is a global resource I don't quite yet see the optimal path for security/isolation and maintenance.

在最坏的情况下，我认为我们需要创建数千个单独的SQS队列来处理作业类型(例如报告，ETL等)和环境(生产，演示，开发人员沙箱等)的每种组合.我们可以在每个环境中使用一个队列，但这似乎限制了我们根据作业控制行为的能力.相反，我们可以为每个作业使用全局队列，但这使得无法隔离环境.

In the worse case I think we'd need to create thousands of individual SQS queues to handle each combination of job type (e.g. reports, ETL, etc.) and environment (production, demo, developer sandboxes, etc.). We could use a single queue per environment but that seems to limit our ability to control behavior based on the job. Conversely we could use global queues for each job but that makes it impossible to isolate the environments.

这似乎有点维护和安全负担，所以我想知道其他客户如何在一大套环境和队列有效负载类型中成功利用SQS.

This seems like a bit of a maintenance and security burden so I'm wondering how other customers have successfully leverages SQS across a large set of environments and queue payload types.

推荐答案

我将每个环境(prod/demo/etc.)拆分为单独的AWS账户，以提供环境隔离.

I would split each environment (prod/demo/etc.) into separate AWS accounts to provide isolation of environments.

我建议您使用CloudFormation或Teraform之类的东西来创建和管理所有队列(和其他AWS资源)，这应该减轻您的维护和安全负担.

I would recommend using something like CloudFormation or Teraform to create and manage the all the queues (and other AWS resources), which should reduce your maintenance and security burden.

这篇关于在多个环境中共享SQS的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！