The transport does not support transport. to specify the connection string via code.
CredentialSource
Mandatory
Default: AWS SDK credentials
By default the endpoint uses the SDK to retrieve AWS credentials. The AWS SDK permits a large number of transparent methods for configuring the credentials as outlined in the .NET SDK guidelines.
Example: To manually control the credentials retrieval, specify:
var transport = new SqsTransport(
new AmazonSQSClient(new InstanceProfileAWSCredentials()),
new AmazonSimpleNotificationServiceClient());
endpointConfiguration.UseTransport(transport);
for S3 specify
var transport = new SqsTransport
{
S3 = new S3Settings(bucketName, keyPrefix,
new AmazonS3Client(new InstanceProfileAWSCredentials()))
};
endpointConfiguration.UseTransport(transport);
Region
Mandatory
Default: AWS SDK region
By default the endpoint uses the SDK to retrieve the default AWS region from the AWS_REGION environment variable.
This is the Amazon Web Services Region in which to access the SQS service. The value must be a valid AWS region code.
Example: To manually control the region, specify
var transport = new SqsTransport(new AmazonSQSClient(
new AmazonSQSConfig
{
RegionEndpoint = RegionEndpoint.APSoutheast2
}),
new AmazonSimpleNotificationServiceClient());
endpointConfiguration.UseTransport(transport);
for S3 specify
var transport = new SqsTransport
{
S3 = new S3Settings(bucketName, keyPrefix,
new AmazonS3Client(new AmazonS3Config
{
RegionEndpoint = RegionEndpoint.APSoutheast2
}))
};
endpointConfiguration.UseTransport(transport);
ProxyHost and ProxyPort
Optional
Default: Empty
This is the name of the host of the proxy server that the client must authenticate to.
var transport = new SqsTransport(new AmazonSQSClient(
new AmazonSQSConfig
{
ProxyCredentials = new NetworkCredential(userName, password),
ProxyHost = "127.0.0.1",
ProxyPort = 8888
}),
new AmazonSimpleNotificationServiceClient());
endpointConfiguration.UseTransport(transport);
for S3 specify
var transport = new SqsTransport
{
S3 = new S3Settings(bucketName, keyPrefix,
new AmazonS3Client(new AmazonS3Config
{
ProxyCredentials = new NetworkCredential(userName, password),
ProxyHost = "127.0.0.1",
ProxyPort = 8888
}))
};
endpointConfiguration.UseTransport(transport);
It is discouraged to specify username and password in code.
SQS Client
Optional
Default: new AmazonSQSClient()
By default the transport uses a parameterless constructor to build the SQS client. This overrides the default SQS client with a custom one.
Example: To use a custom client, specify:
var transport = new SqsTransport(
new AmazonSQSClient(new AmazonSQSConfig()),
new AmazonSimpleNotificationServiceClient());
endpointConfiguration.UseTransport(transport);
If a custom SQS client is provided, it will not be disposed of when the endpoint is stopped.
SNS Client
Optional
Default: new AmazonSimpleNotificationServiceClient()
By default the transport uses a parameterless constructor to build the SNS client. This overrides the default SNS client with a custom one.
Example: To use a custom client, specify:
var transport = new SqsTransport(
new AmazonSQSClient(new AmazonSQSConfig()),
new AmazonSimpleNotificationServiceClient());
endpointConfiguration.UseTransport(transport);
If a custom SNS client is provided, it will not be disposed of when the endpoint is stopped.
Do not wrap message payload in a transport envelope
Optional
Default: false
By default the transport wraps outgoing messages in an envelope that contains also the message headers. The payload itself is encoded with Base64. This is done to ensure compatibility with endpoints running version 6.0 of the transport or below.
Example: To disable message wrapping and Base64-encoding of outgoing messages:
var transport = new SqsTransport
{
DoNotWrapOutgoingMessages = true
};
endpointConfiguration.UseTransport(transport);
This setting should only be enabled if all endpoints are running a version of the transport that contains this setting. ServiceControl should be on version 4.29.3 or above.
Message Attributes
When the DoNotWrapOutgoingMessages setting is enabled, all NServiceBus headers are stored in the NServiceBus. message attribute. If the message is being sent to a non-NServiceBus endpoint, the consumer can use message attributes to handle a message in a particular way without having to process the message body first.
When sending messages from a non-NServiceBus endpoint to an NServiceBus endpoint, use UTF8 encoding and add the NServiceBus. message attribute to ensure compatibility.
Retention period
Optional
Default: 4 days
This is the maximum time that a message will be retained within SQS and S3. When a sent message is not received and successfully processed within the specified time, the message will be lost. This value applies to both SQS and S3 - messages in SQS will be deleted after this amount of time, and large message bodies stored in S3 will automatically be deleted after this amount of time.
The maximum value is 14 days.
Example: To set this to the maximum value, specify:
var transport = new SqsTransport
{
MaxTimeToLive = TimeSpan.FromDays(10)
};
endpointConfiguration.UseTransport(transport);
Large message payloads stored in S3 are never deleted by the receiving endpoint, regardless of whether they were successfully handled. The S3 ageing policy controls the deletion of the payload and will respect the configured TTL. Since message payloads stored in S3 are important for audited and failed messages stored in ServiceControl, it is crucial that the ServiceControl message retention period is aligned with the configured SQS and S3 TTL.
Queue name prefix
Optional
Default: None
This string value is prepended to the name of every SQS queue referenced by the endpoint. This is useful when deploying many instances of the same application in the same AWS region (e.g. a development instance, a QA instance, and a production instance), and the queue names must be distinguished from each other.
Example: For a development instance, specify:
var transport = new SqsTransport
{
QueueNamePrefix = "DEV-"
};
endpointConfiguration.UseTransport(transport);
For example, queue names for the endpoint called "SampleEndpoint" might be:
DEV-SampleEndpoint
DEV-SampleEndpoint-Retries
DEV-SampleEndpoint-Timeouts
DEV-SampleEndpoint-TimeoutsDispatcher
Queue name generator
Optional
Default: $"{queueNamePrefix}{queueName} with unsupported characters like . are replaced with a hyphen -
Provides the ability to override the queue name generation with a custom function that allows creating queues in alignment with custom conventions.
var transport = new SqsTransport
{
QueueNameGenerator = (name, prefix) =>
{
if (name.StartsWith(prefix))
{
return name;
}
return prefix + "-" + name;
}
};
endpointConfiguration.UseTransport(transport);
The provided function needs to be idempotent, i.e., apply the specified prefix only if it has not yet been applied.
Offload large messages to S3
Optional
Default: Disabled. Any attempt to send a message larger than the SQS limit will fail.
This option configures the S3 bucket to be used to store messages larger than 256 kB. If this option is not specified, S3 will not be used at all and any attempt to send a message larger than 256 kB will fail.
If the specified bucket doesn't exist, it will be created when the endpoint starts.
Example: To use a bucket named nsb-sqs-messages, specify:
var transport = new SqsTransport
{
S3 = new S3Settings(
bucketForLargeMessages: "nsb-sqs-messages",
keyPrefix: "my/sample/path")
};
endpointConfiguration.UseTransport(transport);
Key prefix
Mandatory
This is the path within the specified S3 bucket to store large messages.
S3 Client
Optional
Default: new AmazonS3Client()
By default, the transport uses a parameterless constructor to build the S3 client. This overrides the default S3 client with a custom one.
Example: To use a custom client, specify:
var transport = new SqsTransport
{
S3 = new S3Settings(bucketName, keyPrefix,
new AmazonS3Client(new AmazonS3Config()))
};
endpointConfiguration.UseTransport(transport);
If a custom S3 client is provided, it will not be disposed of when the endpoint is stopped.
Encryption
Optional
Default: Disabled
Specifies how the large messages stored in S3 are to be encrypted. The default option is no encryption. The alternative is to use a managed encryption key:
var transport = new SqsTransport
{
S3 = new S3Settings(bucketName, keyPrefix)
{
Encryption = new S3EncryptionWithManagedKey(ServerSideEncryptionMethod.AES256, "keyId")
}
};
endpointConfiguration.UseTransport(transport);
or to provide a custom key:
var transport = new SqsTransport
{
S3 = new S3Settings(bucketName, keyPrefix)
{
Encryption = new S3EncryptionWithCustomerProvidedKey(ServerSideEncryptionCustomerMethod.AES256, "key", "keyMD5")
}
};
endpointConfiguration.UseTransport(transport);
Payload signing
var transport = new SqsTransport
{
S3 = new S3Settings(bucketName, keyPrefix)
{
DisablePayloadSigning = true
}
};
endpointConfiguration.UseTransport(transport);
Amazon S3 requires the payload to be signed when uploaded to the S3 bucket. The SQS transport allows disabling the payload signing by setting the DisablePayloadSigning to true to enable support for alternate storages, such as Cloudflare R2.
Message visibility
To prevent messages from being reprocessed while a handler is still executing, the transport automatically renews the message visibility timeout during processing. This is especially important for long-running handlers where the processing time may exceed the original visibility timeout.
The transport calculates when to renew the message visibility using the following logic:
buffer = Min(remainingTime / 2, 10 seconds)
renewAfter = remainingTime - buffer
A message visibility timeout renewal is triggered after renewAfter has elapsed since the last renewal attempt. The renewal is attempted immediately if the remaining time is less than 400ms. This ensures the message visibility is extended consistently and early enough to avoid expiration, even under system load or scheduling delays.
When renewing, the transport extends the visibility timeout by:
Max(Abs(remainingTimeInSeconds) + visibilityTimeoutInSeconds, visibilityTimeoutInSeconds)
This allows the visibility to be “pushed forward” by a consistent chunk while also compensating for delays. If a renewal is delayed and occurs after the visibility timeout expires, the transport tries to compensate, for example assuming the remaining time is -2s the new visibility timeout would be abs(-2s) + 30s = 32s. This is done because an expired visibility timeout doesn’t always mean the message can’t be completed—if no competing consumer picks it up, processing may still succeed.
Example:
- Configured visibility timeout: 30 seconds
- Max total extension duration: 5 minutes
The message visibility timeout extension is a best effort operation and can fail due to several reasons including:
- Significant clock skew between the client and the SQS service time
- Network interruptions for extensive periods of time between the client and the SQS service
- Backpressure from the SQS service due to throttling
MaxAutoMessageVisibilityRenewalDuration
Optional
Default: TimeSpan.
This configures the allowed maximum message visibility timeout, after which the transport stops renewing the visibility. Amazon SQS supports a maximum value of 12 hours.
By setting it to TimeSpan., the message visibility renewal is disabled, thus the default message visibility time applies when the message is received.
var transport = new SqsTransport
{
MaxAutoMessageVisibilityRenewalDuration = TimeSpan.FromMinutes(15)
};
endpointConfiguration.UseTransport(transport);
MessageVisibilityTimeout
Optional
Default: null
By default the transport acquires the message visibility timeout of the queue by reading the MessageVisibilityTimeout attribute. By setting an explicit value, the message visibility timeout on the queue is overruled by the timeout specified in this setting which will be used on every receive request.
var transport = new SqsTransport
{
MessageVisibilityTimeout = TimeSpan.FromMinutes(5)
};
endpointConfiguration.UseTransport(transport);
Topic name prefix
Optional
Default: None
This string value is prepended to the name of every SNS topic subscribed by the endpoint. This is useful when deploying many instances of the same application in the same AWS region (e.g. a development instance, a QA instance, and a production instance), and the topic names must be distinguished from each other.
Example: For a development instance, specify:
var transport = new SqsTransport
{
TopicNamePrefix = "DEV-"
};
endpointConfiguration.UseTransport(transport);
For example, topic names for the topic called "MyNameSpace.MyEvent" might be:
DEV-MyNameSpace-MyEvent
Topic name generator
Optional
Default: $"{topicNamePrefix}{eventType. with unsupported characters like . being replaced with a hyphen -
Provides the ability to override the topic name generation with a custom function that allows creating topics in alignment with custom conventions.
var transport = new SqsTransport
{
TopicNameGenerator = (eventType, topicNamePrefix) => $"{topicNamePrefix}{eventType.Name}"
};
endpointConfiguration.UseTransport(transport);
Be aware that ServiceControl doesn't allow customization of this convention when publishing ServiceControl events. ServiceControl events will be published using the default naming convention.
Custom topics mappings
The transport topology describes in depth how the topology is determined by subscribers. There are scenarios in which a custom mapping is needed.
The MapEvent transport configuration API can be used to customize the way subscribers determine the topic to subscribe to. If the subscribers have knowledge of both the published event type and the subscribed one, the following API can be used:
var transport = new SqsTransport();
transport.MapEvent<SubscribedEvent, PublishedEvent>();
endpointConfiguration.UseTransport(transport);
The types are only used to determine the topic name; subscribers can define dummy empty types to use the strongly typed API shown above.
If the published type is not known at compilation time, the following API can be used:
var transport = new SqsTransport();
transport.MapEvent<SubscribedEvent>("topic-used-by-the-publisher");
endpointConfiguration.UseTransport(transport);
Policy
When an endpoint is starting the auto-subscribe mechanism ensures the necessary SNS topics for the events are created and all subscriptions are set up to receive the events published to the topics. AWS IAM policies offer very fine-grained control of access to services and resources.
NServiceBus automatically subscribes to all event types an endpoint has handlers for. For example, an endpoint may have two handlers:
public class OrderAcceptedHandler : IHandleMessages<OrderAccepted> { ... }
public class OrderPaidHandler : IHandleMessages<OrderPaid> { ... }
The transport creates a policy statement for the event types it subscribes to:
{
...
"Statement": [
{
...
"Action": "sqs:SendMessage",
"Resource": "arn:aws:sqs:some-region:some-account:endpoint",
"Condition": {
"ArnLike": {
"aws:SourceArn": [
"arn:aws:sns:some-region:some-account:Sales-OrderAccepted",
"arn:aws:sns:some-region:some-account:Sales-OrderPaid"
]
}
}
}
]
}
The policy statement is updated when an endpoint explicitly subscribes to an event type using session.. Unsubscribing does not modify the policy.
Wildcards
Account condition
Allow all messages from any topic in the account. The account name is extracted from the subscribed topic ARN.
var transport = new SqsTransport();
transport.Policies.AccountCondition = true;
config.UseTransport(transport);
Prefix condition
Allow all messages from any topic with the specified topic name prefix.
var transport = new SqsTransport();
transport.Policies.TopicNamePrefixCondition = true;
config.UseTransport(transport);
Namespace condition
Allow all messages in specific namespaces.
var transport = new SqsTransport();
transport.Policies.TopicNamespaceConditions
.Add("Sales.");
transport.Policies.TopicNamespaceConditions
.Add("Shipping.HighValueOrders.");
config.UseTransport(transport);
Disabling runtime policy modification
If the policy is modified during deployment it may be better to disable runtime policy modification.
var transport = new SqsTransport();
transport.Policies.SetupTopicPoliciesWhenSubscribing = false;
config.UseTransport(transport);
Message driven pub/sub compatibility mode
To gradually move an existing system from message driven pub/sub to native pub/sub using SNS, it's possible to enable message-driven pub/sub compatibility mode.
Message-driven pub/sub compatibility mode must be enabled on publisher endpoints. When enabled, publishers will still consume subscription messages sent by endpoints using message-driven pub/sub, and when publishing an event, it will be published both to legacy subscribers and to SNS. Publishers deduplicate published events.
To enable message-driven Pub/Sub compatibility mode, configure the endpoint as follows:
var routing = endpointConfiguration.UseTransport(new SqsTransport());
routing.EnableMessageDrivenPubSubCompatibilityMode();
Subscription cache configuration
The default value for SNS topic subscription cache invalidation (5 seconds) can be changed using:
var migrationSettings = routing.EnableMessageDrivenPubSubCompatibilityMode();
migrationSettings.SubscriptionsCacheTTL(TimeSpan.FromSeconds(30));
Topic cache configuration
The default value for SNS topic cache invalidation (5 seconds) can be changed using:
var migrationSettings = routing.EnableMessageDrivenPubSubCompatibilityMode();
migrationSettings.TopicCacheTTL(TimeSpan.FromSeconds(30));
Message visibility timeout
The default value for the message visibility timeout setting (30 seconds) can be changed using:
var transport = new SqsTransport
{
MessageVisibilityTimeout = TimeSpan.FromMinutes(5)
};
endpointConfiguration.UseTransport(transport);
Reserve bytes when calculating message size
var transport = new SqsTransport
{
ReserveBytesInMessageSizeCalculation = 5*1024 // 5KB for additional metadata
};
endpointConfiguration.UseTransport(transport);
Amazon SQS and SNS allows for a maximum message size of 256KiB.
In specific scenarios, third-party tools, such as monitoring tools, may add additional information to outgoing messages, causing the message size to overflow and messages to be rejected by the infrastructure when sent. The ReserveBytesInMessageSizeCalculation can specify a number of bytes between 0 and 25 * 1024 that will be added to the calculated payload size. It is helpful to account for any overhead of message attributes added outside the scope of NServiceBus to address the SQS service message size limitation by uploading the message payload to S3.