All Collections
Control Tests
Test: Messaging Queue Message Age Monitored
Test: Messaging Queue Message Age Monitored

Drata inspects your company messaging queue monitoring configuration to determine if message age is monitored, with appropriate alerts.

Ashley Hyman avatar
Written by Ashley Hyman
Updated over a week ago

ASSOCIATED DRATA CONTROL

This test is part of the Messaging Queues Monitored and Alarmed control that ensures your company has implemented tools to monitor messaging queues and notify appropriate personnel of any events or incidents based on predetermined criteria.

WHAT TO DO IF A TEST FAILS

If Drata detects that messaging queue message age monitoring is not enabled or that alerts have not been properly set up the test will fail. With a failed test you will receive a list of queues that lack message age monitoring or administrative alerts.

To remediate a failed test, you will need to set up and configure message age monitoring for the reported queues to ensure they are monitored with alerts being sent to infrastructure admins in an event or incident.

STEPS FOR PASSING

To ensure a validated state when testing for monitoring the age of messages in the messaging queue, please follow the steps listed in the table below. Once the provider steps have been completed, navigate back to Drata and execute the test.

NOTE: If you are using the Datadog integration for this test, please see this help article for the metrics to be used.

Provider / Technology

Provider Steps

AWS - SQS

  1. Within AWS, go to Amazon Cloudwatch

  2. Click the Create Alarm button

  3. Select metrics: SQS

  4. Click the next button

  5. Click Queue metrics

  6. Select the Metric name (ApproximateAgeOfOldestMessage)

  7. Click the select metric button

  8. Specify metric condition:
- Conditions: 
threshold: Static
Greater than 10000

    1. 10000 is an illustrative example; choose a value that makes sense for your setup

  9. Click the next button.

  10. Configure Action: send notification

  11. Click the next button

  12. Add name and description of the alarm

  13. Click Next button

  14. Click the Create Alarm button

Subscription Confirmation

The subscription to the SNS topic used (or newly created) above must be confirmed for the test to pass.

  1. Go to SNS and select Subscriptions

  2. Click "Create subscription" and reference the newly created topic for the Topic ARN

  3. For Protocol select Email

  4. For Endpoint enter an email address, generally a monitored team inbox

  5. Click "Create subscription" and verify the email that was sent to your provided inbox

Alternatively:

  1. Go to SNS and select Topics

  2. Click the topic name created with the alarm

  3. Under the Subscriptions banner, click the radio button for the topic's subscription

  4. Click "Confirm subscription" and verify the email that was sent to your provided inbox

GCP - PubSub

  1. Within GCP, establish a topic in PubSub

  2. In monitoring, establish an alert policy

    1. Resource is Cloud Pub/Sub topic

      1. By default the GCP Alert UI may only show "Active" metrics, and you may need to turn that toggle off to see the required option

    2. Metric is Oldest Retained Acked Message by Region

    3. Select an active notification channel (any except mobile cloud console)

Did this answer your question?