MV Michael van Leest AI, cloud, and platform engineering
Home Blog About Contact

Blog post

SQS design for small teams: how to keep queue-based systems understandable

A practical guide to SQS design for small teams on AWS, including retries, idempotency, DLQs, observability, and how to keep queue-based systems understandable.

4 min read aws sqs serverless architecture small-teams

Amazon SQS is one of those AWS services that looks simple at first and then slowly teaches you how much distributed behavior you have actually signed up for.

That is not a criticism. SQS is useful precisely because it gives teams a clean way to decouple work, absorb bursts, and keep systems from depending too heavily on immediate synchronous success.

The problem is that teams often adopt SQS for decoupling and then discover later that they have not really designed for retries, duplicate delivery, queue visibility, or failure handling.

That is where SQS-based systems stop feeling simple.

Start with failure, not just buffering

The most common SQS design mistake is treating the queue mainly as a buffer.

It is a buffer, but it is also a failure boundary.

The moment a team introduces SQS, it should also start asking:

  • what happens if a message is processed twice?
  • what happens if processing partially succeeds?
  • when should a message be retried versus dead-lettered?
  • how will the team know the queue is backing up?
  • who owns the consumer behavior when things go wrong?

Those are the questions that make an SQS-based system operable.

Idempotency matters immediately

If a system consumes from SQS, I assume idempotency matters unless there is a very strong reason to think otherwise.

Messages can be delivered more than once. Consumers can fail after doing some work. Timeouts and retries can create the same outcome even if the queue itself is behaving correctly.

That means the consumer logic needs a way to tolerate repeated execution safely.

For small teams, this is one of the most important design habits to get right early. Without it, a queue often moves complexity out of the request path only to reintroduce it as operational ambiguity later.

Keep the consumer boundary clear

SQS works best when the consumer has a clear job.

I prefer consumers that:

  • handle one kind of message well
  • have obvious ownership
  • make success and failure easy to interpret
  • do not hide too many unrelated workflows inside one worker

Once a consumer starts doing too many things, queue systems become much harder to reason about. The team stops thinking in terms of clear message handling and starts dealing with a general-purpose background engine that is difficult to observe and change.

That is rarely a good trade for lean teams.

Visibility timeouts, retries, and DLQs are part of the design

I do not think of these as settings to tweak later. They are part of the system design.

The retry path affects:

  • how expensive failures become
  • how duplicates show up
  • how fast queues back up
  • how recoverable bad messages are
  • how the team experiences incidents

That is why I prefer to be explicit early about:

  • how many times a message should retry
  • how long processing can reasonably take
  • when to send messages to a dead-letter queue
  • what the team will do with dead-lettered work

If those decisions are vague, the queue is not really designed yet. It is only provisioned.

Observability has to match the asynchronous model

SQS-based systems become invisible very easily.

The request succeeds somewhere, a message gets queued, and then the real work happens later in a place the user does not see and the team may not be watching closely enough.

That means observability needs to cover:

  • queue depth
  • age of oldest message
  • failure rate
  • DLQ growth
  • consumer latency
  • enough correlation to trace what happened to a message

If a team cannot explain where a message is, why it failed, and whether the queue is recovering or degrading, the system is already harder to operate than it should be.

SQS is strongest when it narrows coupling, not when it hides it

I like SQS most when it reduces coordination between parts of a system that should not need to wait on each other.

That is different from using it to hide poor boundaries.

If the queue mainly exists because the synchronous path is too fragile, the consumer is overloaded, or the team is trying to avoid cleaning up a confused workflow, the queue may be masking a deeper design problem.

SQS is a strong primitive. It just works best when the boundary around it is honest.

What I look for in a healthy SQS-based system

When I review an SQS-based design, I usually want a few things to be obvious:

  1. what the message means
  2. what the consumer owns
  3. how duplicate handling works
  4. how failures surface
  5. when work retries and when it stops retrying
  6. how the team knows the queue is healthy

If those answers are unclear, the system may function, but it is not yet easy to operate.

My default advice on SQS design

Use SQS when you need real decoupling, workload smoothing, or asynchronous handling that should not stay on the request path.

But design the retry behavior, idempotency model, DLQ path, and observability at the same time.

That is what keeps an SQS-based system understandable.

For small teams, that is the difference between a queue that reduces friction and a queue that quietly creates a second operating model nobody is fully watching.

Contact

Working on AI, cloud, or platform modernization?

If you are hiring, shaping a project, or need an experienced technical sounding board, use the contact form and send a little context.

Contact me