1. Answers
  2. Configuring Dead Letter Queue Redrive Permission With Queue Policy

Configuring Dead Letter Queue Redrive Permission With Queue Policy

Configuring Dead Letter Queue Redrive Permission with Queue Policy

In this guide, we’ll configure a Dead Letter Queue (DLQ) redrive permission using an AWS SQS Queue Policy in Pulumi. The key services involved are AWS SQS for the queues and AWS IAM for the policies.

Step-by-Step Explanation

  1. Create the Dead Letter Queue (DLQ)
    • First, we’ll create the DLQ using the aws.sqs.Queue resource.
  2. Create the Main Queue
    • Next, we’ll create the main queue that will use the DLQ for redrive.
  3. Attach a Queue Policy to the DLQ
    • We’ll define a queue policy that grants the necessary permissions for redrive.
  4. Configure Redrive Policy on the Main Queue
    • Finally, we’ll configure the redrive policy on the main queue to use the DLQ.

Summary

By following these steps, you’ll have a main SQS queue configured to use a DLQ with the necessary permissions set via a queue policy. This setup ensures that messages that fail to process are automatically moved to the DLQ for further inspection and handling.

Full Code Example

import * as aws from "@pulumi/aws";
import * as pulumi from "@pulumi/pulumi";

// Create the Dead Letter Queue (DLQ)
const dlq = new aws.sqs.Queue("dlq", {
    messageRetentionSeconds: 1209600, // 14 days
});

// Create the Main Queue
const mainQueue = new aws.sqs.Queue("mainQueue", {
    redrivePolicy: dlq.arn.apply(arn => JSON.stringify({
        deadLetterTargetArn: arn,
        maxReceiveCount: 5,
    })),
});

// Attach a Queue Policy to the DLQ
const dlqPolicy = new aws.sqs.QueuePolicy("dlqPolicy", {
    queueUrl: dlq.url,
    policy: pulumi.all([dlq.arn, mainQueue.arn]).apply(([dlqArn, mainQueueArn]) => JSON.stringify({
        Version: "2012-10-17",
        Statement: [
            {
                Effect: "Allow",
                Principal: "*",
                Action: "sqs:SendMessage",
                Resource: dlqArn,
                Condition: {
                    ArnEquals: {
                        "aws:SourceArn": mainQueueArn,
                    },
                },
            },
        ],
    })),
});

// Export the URLs of the queues
export const dlqUrl = dlq.url;
export const mainQueueUrl = mainQueue.url;

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up