Phase out use of deprecated SQS endpoints

[acdha]

Describe the bug

boto's SQS client still defaults to queue.amazonaws.com which appears to have been deprecated since at least 2011. This requires everyone following Amazon's recommended security best practices to diagnose non-obvious error messages and then update every client invocation to override the endpoint URL:

SQS = boto3.client(
    "sqs",
    endpoint_url="https://sqs.{}.amazonaws.com".format(
        os.environ.get("AWS_DEFAULT_REGION", "us-east-1")
    ),
)

Partial list of past reports:

• Update SQS endpoints #2151
• Endpoints not being modeled as expected #1681
• Update SQS endpoints #1418
• boto3 #2284
• boto3 #2339
• boto3 #1900
• aws-cli #1715

There were two concerns raised in various tickets:

• Python 2.6, which hit end-of-life 9 years ago and should not be a consideration now that Python 2 is no longer supported by this library
• Non-specific concerns about backwards compatibility. That would certainly warrant a prominent notice in the release notes but anyone running egress filtering that tightly has likely a) already encountered the need for both names and b) is a much smaller group of users than the people whose new code is breaking.

Expected Behavior

The default is the endpoints which have been recommended since the 2000s

Current Behavior

The old PrivateLink-incompatible endpoints are used

Reproduction Steps

SQS = boto3.client("sqs")

Possible Solution

1. Change the default to the sqs.amazonaws.com endpoints
2. Prominently document this in the release notes with fallback instructions
3. With more work, trap connection errors when using the default endpoint and fallback to the old one with a deprecation warning

Additional Information/Context

No response

SDK version used

any

Environment details (OS name and version, etc.)

any

[tim-finnigan]

Hi @acdha thanks for reaching out. Since Python 2 no longer supported that should no longer be a factor as you mentioned. Backwards compatibility is still a concern as changing the default endpoint could break users but this is something that requires more investigation. I created a backlog item for the team to dig deeper into this and we will update this issue as soon as we have more information.

[acdha]

Thanks! I appreciate the backwards compatibility risk so am not expecting instant changes but I figure at this point it seems to be breaking brand new code on a regular basis, too. I wish there was an easy way to know a VPC endpoint existed since you’d almost always want to use one if so.

[stationname]

Can anyone provide information until what date backwards compatibility is given?

[nateprewitt]

It looks like this ticket may have been left out of the rollout for #2705 and #2804. Starting in botocore 1.27.0 we started phasing out the old naming pattern for SQS endpoints with an explicit opt-out in warning. In November 2022, the old pattern was completely removed from the SDK in 1.29.0, favoring the sqs.{region}.amazonaws.com format.

Given we're 18 months on and haven't received any significant feedback, we'll close this as resolved. Thanks everyone for the feedback!

[github-actions]

This issue is now closed. Comments on closed issues are hard for our team to see.
If you need more assistance, please open a new issue that references this one.