luizmachado.dev

PT EN

SQS Admin Panel: a serverless panel to manage SQS queues

SQS Admin Panel: a serverless panel to manage SQS queues

Anyone who works with Amazon SQS daily knows the AWS console works, but it's slow for operational tasks. Want to peek at messages? Several clicks. Need to move messages from a DLQ back to the source queue? More clicks. Want to compare metrics across multiple queues at once? Good luck.

SQS Admin Panel was born from that frustration. It's a 100% serverless web panel that runs in your AWS account and gives you full control over your SQS queues with a simple, straightforward interface.

What does it do?

The panel covers pretty much everything you need to operate SQS queues:

  • List queues (Standard + FIFO) with real-time metrics
  • Create and delete queues
  • Edit attributes (visibility timeout, retention, redrive policy)
  • Purge queues
  • Send messages (with FIFO group/dedup ID and delay support)
  • Batch send (JSON array)
  • Peek messages (view without removing from queue)
  • Filter messages by content
  • Delete individual messages
  • DLQ redrive (reprocess failed messages)
  • Move messages between queues
  • Export/Import messages (JSON)
  • Dashboard with KPIs and overview

Architecture

The stack is lean and uses only managed services:

  • Frontend: React + Vite, served via S3 + CloudFront
  • Backend: API Gateway + Lambda (Python), deployed with AWS SAM
  • Auth: Amazon Cognito User Pool with JWT
  • IaC: A single SAM template.yaml defines everything

The backend is a single Lambda with a handler that routes by path and method. No frameworks, no dependencies beyond boto3. The frontend is pure React with TypeScript.

Authentication uses Cognito Authorizer on API Gateway. The frontend logs in via SRP auth and sends the JWT on every request. In the local environment, auth is automatically disabled.

Dashboard

The dashboard shows aggregated KPIs across all queues:

  • Total queues (Standard and FIFO)
  • Available, in-flight and delayed messages
  • Messages in DLQs
  • Table with all queues and their attributes
  • Dedicated section for Dead Letter Queues with source queue mapping

The dashboard auto-refreshes every 10 seconds.

DLQ Redrive

One of the most useful features. When messages land in a DLQ, the panel:

  1. Automatically identifies the source queue (via RedrivePolicy)
  2. Reads messages from the DLQ
  3. Sends them back to the original queue
  4. Deletes from the DLQ after confirmation

Works for both Standard and FIFO queues (preserving MessageGroupId).

Export and Import

Need to back up messages before purging a queue? Or migrate messages between environments?

  • Export: reads messages (without deleting) and returns a JSON
  • Import: receives a JSON array and sends the messages to the queue

This is especially useful for debugging, when you want to analyze DLQ messages locally.

Move messages between queues

Sometimes you need to move messages from one queue to another, whether for reprocessing or migration. The panel does this atomically: reads from source, sends to target and deletes from source.

Local environment with Docker

Local setup is a docker compose up --build and you're done. Three services come up:

  • LocalStack (port 4566): emulated SQS
  • Backend (port 3001): Python server that invokes the same Lambda handler
  • Frontend (port 5173): Vite dev server with proxy to the backend

This means you develop and test locally with the same code that runs on AWS. No mocks, no stubs.

The project also includes integration tests covering full queue CRUD, send/receive, batch, export/import, move, DLQ/redrive, purge and delete.

One-command deploy

./deploy.sh sqs-admin-panel admin@example.com

The script does everything:

  1. sam build + sam deploy (Lambda, API Gateway, Cognito, S3, CloudFront)
  2. Frontend build with Cognito and API URL variables
  3. Upload frontend to S3
  4. Displays the panel URL

The admin receives a temporary password via email through Cognito.

Security

Some important points about the panel's security:

  • API protected by Cognito Authorizer (JWT)
  • Frontend served via CloudFront (HTTPS)
  • Private S3 bucket (access only via CloudFront OAC)
  • Lambda with sqs:* policy, which is intentional for an admin panel
  • CORS configured on API Gateway

Since it's an admin panel, the sqs:* policy makes sense. But access is restricted to authenticated Cognito users.

Limitations

  • Message peek uses ReceiveMessage + ChangeMessageVisibility(0), so in high-concurrency scenarios there may be conflicts with real consumers
  • Exporting large messages may hit the API Gateway payload limit (10MB)
  • No support for SNS or EventBridge, it's focused exclusively on SQS

Source code

The project is open source and available on GitHub: github.com/crypto-br/sqs_admin_painel

Conclusion

SQS Admin Panel solves a real problem for anyone operating SQS queues daily. Instead of navigating the AWS console for each operation, you get a dedicated panel with all features in one place. Deploy is simple, the local environment works with Docker and the architecture is 100% serverless.

If you work with SQS and want a tool to make operations easier, it's worth trying.

awssqsserverlesslambdasamcognitoopen-sourcedevops