The aws:sqs/queue:Queue resource, part of the Pulumi AWS provider, defines an SQS queue and its message handling behavior: ordering guarantees, retention, encryption, and failure routing. This guide focuses on three capabilities: standard and FIFO queue configuration, dead letter queue setup, and encryption options.
A queue doesn’t operate alone. It may reference dead letter queue ARNs for failure handling or KMS keys for encryption, which must exist separately. The examples are intentionally small and show individual queue features. Combine them with your own IAM policies, Lambda triggers, or SNS topics to build complete messaging workflows.
Configure a standard queue with delivery and retention settings
Most deployments start with a standard queue that tunes delivery delay, message retention, and dead letter handling to match processing patterns.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const queue = new aws.sqs.Queue("queue", {
name: "example-queue",
delaySeconds: 90,
maxMessageSize: 2048,
messageRetentionSeconds: 86400,
receiveWaitTimeSeconds: 10,
redrivePolicy: JSON.stringify({
deadLetterTargetArn: queueDeadletter.arn,
maxReceiveCount: 4,
}),
tags: {
Environment: "production",
},
});
import pulumi
import json
import pulumi_aws as aws
queue = aws.sqs.Queue("queue",
name="example-queue",
delay_seconds=90,
max_message_size=2048,
message_retention_seconds=86400,
receive_wait_time_seconds=10,
redrive_policy=json.dumps({
"deadLetterTargetArn": queue_deadletter["arn"],
"maxReceiveCount": 4,
}),
tags={
"Environment": "production",
})
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/sqs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"deadLetterTargetArn": queueDeadletter.Arn,
"maxReceiveCount": 4,
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = sqs.NewQueue(ctx, "queue", &sqs.QueueArgs{
Name: pulumi.String("example-queue"),
DelaySeconds: pulumi.Int(90),
MaxMessageSize: pulumi.Int(2048),
MessageRetentionSeconds: pulumi.Int(86400),
ReceiveWaitTimeSeconds: pulumi.Int(10),
RedrivePolicy: pulumi.String(json0),
Tags: pulumi.StringMap{
"Environment": pulumi.String("production"),
},
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var queue = new Aws.Sqs.Queue("queue", new()
{
Name = "example-queue",
DelaySeconds = 90,
MaxMessageSize = 2048,
MessageRetentionSeconds = 86400,
ReceiveWaitTimeSeconds = 10,
RedrivePolicy = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["deadLetterTargetArn"] = queueDeadletter.Arn,
["maxReceiveCount"] = 4,
}),
Tags =
{
{ "Environment", "production" },
},
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.sqs.Queue;
import com.pulumi.aws.sqs.QueueArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var queue = new Queue("queue", QueueArgs.builder()
.name("example-queue")
.delaySeconds(90)
.maxMessageSize(2048)
.messageRetentionSeconds(86400)
.receiveWaitTimeSeconds(10)
.redrivePolicy(serializeJson(
jsonObject(
jsonProperty("deadLetterTargetArn", queueDeadletter.arn()),
jsonProperty("maxReceiveCount", 4)
)))
.tags(Map.of("Environment", "production"))
.build());
}
}
resources:
queue:
type: aws:sqs:Queue
properties:
name: example-queue
delaySeconds: 90
maxMessageSize: 2048
messageRetentionSeconds: 86400
receiveWaitTimeSeconds: 10
redrivePolicy:
fn::toJSON:
deadLetterTargetArn: ${queueDeadletter.arn}
maxReceiveCount: 4
tags:
Environment: production
The delaySeconds property postpones message delivery, useful for throttling or scheduled processing. The receiveWaitTimeSeconds enables long polling, reducing empty receive requests. The redrivePolicy routes messages to a dead letter queue after maxReceiveCount failed processing attempts, isolating problematic messages from the main flow.
Enable FIFO ordering with content-based deduplication
Applications requiring strict message ordering use FIFO queues. Content-based deduplication automatically detects duplicates based on message body, eliminating the need to generate unique message IDs.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const queue = new aws.sqs.Queue("queue", {
name: "example-queue.fifo",
fifoQueue: true,
contentBasedDeduplication: true,
});
import pulumi
import pulumi_aws as aws
queue = aws.sqs.Queue("queue",
name="example-queue.fifo",
fifo_queue=True,
content_based_deduplication=True)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/sqs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sqs.NewQueue(ctx, "queue", &sqs.QueueArgs{
Name: pulumi.String("example-queue.fifo"),
FifoQueue: pulumi.Bool(true),
ContentBasedDeduplication: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var queue = new Aws.Sqs.Queue("queue", new()
{
Name = "example-queue.fifo",
FifoQueue = true,
ContentBasedDeduplication = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.sqs.Queue;
import com.pulumi.aws.sqs.QueueArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var queue = new Queue("queue", QueueArgs.builder()
.name("example-queue.fifo")
.fifoQueue(true)
.contentBasedDeduplication(true)
.build());
}
}
resources:
queue:
type: aws:sqs:Queue
properties:
name: example-queue.fifo
fifoQueue: true
contentBasedDeduplication: true
FIFO queues require names ending in .fifo. Setting contentBasedDeduplication to true means SQS calculates deduplication IDs from message content, so identical messages within the deduplication interval are treated as duplicates.
Scale FIFO throughput per message group
High-volume FIFO workloads partition throughput across independent message groups rather than sharing one queue-wide limit.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const queue = new aws.sqs.Queue("queue", {
name: "pulumi-example-queue.fifo",
fifoQueue: true,
deduplicationScope: "messageGroup",
fifoThroughputLimit: "perMessageGroupId",
});
import pulumi
import pulumi_aws as aws
queue = aws.sqs.Queue("queue",
name="pulumi-example-queue.fifo",
fifo_queue=True,
deduplication_scope="messageGroup",
fifo_throughput_limit="perMessageGroupId")
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/sqs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sqs.NewQueue(ctx, "queue", &sqs.QueueArgs{
Name: pulumi.String("pulumi-example-queue.fifo"),
FifoQueue: pulumi.Bool(true),
DeduplicationScope: pulumi.String("messageGroup"),
FifoThroughputLimit: pulumi.String("perMessageGroupId"),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var queue = new Aws.Sqs.Queue("queue", new()
{
Name = "pulumi-example-queue.fifo",
FifoQueue = true,
DeduplicationScope = "messageGroup",
FifoThroughputLimit = "perMessageGroupId",
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.sqs.Queue;
import com.pulumi.aws.sqs.QueueArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var queue = new Queue("queue", QueueArgs.builder()
.name("pulumi-example-queue.fifo")
.fifoQueue(true)
.deduplicationScope("messageGroup")
.fifoThroughputLimit("perMessageGroupId")
.build());
}
}
resources:
queue:
type: aws:sqs:Queue
properties:
name: pulumi-example-queue.fifo
fifoQueue: true
deduplicationScope: messageGroup
fifoThroughputLimit: perMessageGroupId
Setting deduplicationScope to messageGroup and fifoThroughputLimit to perMessageGroupId allocates separate throughput quotas to each message group. This increases total queue throughput while maintaining FIFO ordering within each group.
Route failed messages to a dead letter queue
When messages fail repeatedly, routing them to a dead letter queue isolates problematic messages for debugging.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const queue = new aws.sqs.Queue("queue", {
name: "pulumi-example-queue",
redrivePolicy: JSON.stringify({
deadLetterTargetArn: queueDeadletter.arn,
maxReceiveCount: 4,
}),
});
const exampleQueueDeadletter = new aws.sqs.Queue("example_queue_deadletter", {name: "pulumi-example-deadletter-queue"});
const exampleQueueRedriveAllowPolicy = new aws.sqs.RedriveAllowPolicy("example_queue_redrive_allow_policy", {
queueUrl: exampleQueueDeadletter.id,
redriveAllowPolicy: JSON.stringify({
redrivePermission: "byQueue",
sourceQueueArns: [exampleQueue.arn],
}),
});
import pulumi
import json
import pulumi_aws as aws
queue = aws.sqs.Queue("queue",
name="pulumi-example-queue",
redrive_policy=json.dumps({
"deadLetterTargetArn": queue_deadletter["arn"],
"maxReceiveCount": 4,
}))
example_queue_deadletter = aws.sqs.Queue("example_queue_deadletter", name="pulumi-example-deadletter-queue")
example_queue_redrive_allow_policy = aws.sqs.RedriveAllowPolicy("example_queue_redrive_allow_policy",
queue_url=example_queue_deadletter.id,
redrive_allow_policy=json.dumps({
"redrivePermission": "byQueue",
"sourceQueueArns": [example_queue["arn"]],
}))
package main
import (
"encoding/json"
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/sqs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
tmpJSON0, err := json.Marshal(map[string]interface{}{
"deadLetterTargetArn": queueDeadletter.Arn,
"maxReceiveCount": 4,
})
if err != nil {
return err
}
json0 := string(tmpJSON0)
_, err = sqs.NewQueue(ctx, "queue", &sqs.QueueArgs{
Name: pulumi.String("pulumi-example-queue"),
RedrivePolicy: pulumi.String(json0),
})
if err != nil {
return err
}
exampleQueueDeadletter, err := sqs.NewQueue(ctx, "example_queue_deadletter", &sqs.QueueArgs{
Name: pulumi.String("pulumi-example-deadletter-queue"),
})
if err != nil {
return err
}
tmpJSON1, err := json.Marshal(map[string]interface{}{
"redrivePermission": "byQueue",
"sourceQueueArns": []interface{}{
exampleQueue.Arn,
},
})
if err != nil {
return err
}
json1 := string(tmpJSON1)
_, err = sqs.NewRedriveAllowPolicy(ctx, "example_queue_redrive_allow_policy", &sqs.RedriveAllowPolicyArgs{
QueueUrl: exampleQueueDeadletter.ID(),
RedriveAllowPolicy: pulumi.String(json1),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var queue = new Aws.Sqs.Queue("queue", new()
{
Name = "pulumi-example-queue",
RedrivePolicy = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["deadLetterTargetArn"] = queueDeadletter.Arn,
["maxReceiveCount"] = 4,
}),
});
var exampleQueueDeadletter = new Aws.Sqs.Queue("example_queue_deadletter", new()
{
Name = "pulumi-example-deadletter-queue",
});
var exampleQueueRedriveAllowPolicy = new Aws.Sqs.RedriveAllowPolicy("example_queue_redrive_allow_policy", new()
{
QueueUrl = exampleQueueDeadletter.Id,
RedriveAllowPolicyName = JsonSerializer.Serialize(new Dictionary<string, object?>
{
["redrivePermission"] = "byQueue",
["sourceQueueArns"] = new[]
{
exampleQueue.Arn,
},
}),
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.sqs.Queue;
import com.pulumi.aws.sqs.QueueArgs;
import com.pulumi.aws.sqs.RedriveAllowPolicy;
import com.pulumi.aws.sqs.RedriveAllowPolicyArgs;
import static com.pulumi.codegen.internal.Serialization.*;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var queue = new Queue("queue", QueueArgs.builder()
.name("pulumi-example-queue")
.redrivePolicy(serializeJson(
jsonObject(
jsonProperty("deadLetterTargetArn", queueDeadletter.arn()),
jsonProperty("maxReceiveCount", 4)
)))
.build());
var exampleQueueDeadletter = new Queue("exampleQueueDeadletter", QueueArgs.builder()
.name("pulumi-example-deadletter-queue")
.build());
var exampleQueueRedriveAllowPolicy = new RedriveAllowPolicy("exampleQueueRedriveAllowPolicy", RedriveAllowPolicyArgs.builder()
.queueUrl(exampleQueueDeadletter.id())
.redriveAllowPolicy(serializeJson(
jsonObject(
jsonProperty("redrivePermission", "byQueue"),
jsonProperty("sourceQueueArns", jsonArray(exampleQueue.arn()))
)))
.build());
}
}
resources:
queue:
type: aws:sqs:Queue
properties:
name: pulumi-example-queue
redrivePolicy:
fn::toJSON:
deadLetterTargetArn: ${queueDeadletter.arn}
maxReceiveCount: 4
exampleQueueDeadletter:
type: aws:sqs:Queue
name: example_queue_deadletter
properties:
name: pulumi-example-deadletter-queue
exampleQueueRedriveAllowPolicy:
type: aws:sqs:RedriveAllowPolicy
name: example_queue_redrive_allow_policy
properties:
queueUrl: ${exampleQueueDeadletter.id}
redriveAllowPolicy:
fn::toJSON:
redrivePermission: byQueue
sourceQueueArns:
- ${exampleQueue.arn}
The redrivePolicy sends messages to the dead letter queue after maxReceiveCount delivery attempts. The RedriveAllowPolicy on the dead letter queue controls which source queues can send it messages. Setting redrivePermission to byQueue restricts redrive to explicitly listed source queues.
Encrypt messages with SQS-managed keys
SQS offers built-in encryption using AWS-managed keys, requiring no key management.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const queue = new aws.sqs.Queue("queue", {
name: "pulumi-example-queue",
sqsManagedSseEnabled: true,
});
import pulumi
import pulumi_aws as aws
queue = aws.sqs.Queue("queue",
name="pulumi-example-queue",
sqs_managed_sse_enabled=True)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/sqs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sqs.NewQueue(ctx, "queue", &sqs.QueueArgs{
Name: pulumi.String("pulumi-example-queue"),
SqsManagedSseEnabled: pulumi.Bool(true),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var queue = new Aws.Sqs.Queue("queue", new()
{
Name = "pulumi-example-queue",
SqsManagedSseEnabled = true,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.sqs.Queue;
import com.pulumi.aws.sqs.QueueArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var queue = new Queue("queue", QueueArgs.builder()
.name("pulumi-example-queue")
.sqsManagedSseEnabled(true)
.build());
}
}
resources:
queue:
type: aws:sqs:Queue
properties:
name: pulumi-example-queue
sqsManagedSseEnabled: true
Setting sqsManagedSseEnabled to true encrypts messages at rest using keys owned and managed by SQS. No additional IAM permissions or KMS configuration is needed.
Encrypt messages with customer-managed KMS keys
For compliance or key rotation control, use customer-managed KMS keys to encrypt messages.
import * as pulumi from "@pulumi/pulumi";
import * as aws from "@pulumi/aws";
const queue = new aws.sqs.Queue("queue", {
name: "example-queue",
kmsMasterKeyId: "alias/aws/sqs",
kmsDataKeyReusePeriodSeconds: 300,
});
import pulumi
import pulumi_aws as aws
queue = aws.sqs.Queue("queue",
name="example-queue",
kms_master_key_id="alias/aws/sqs",
kms_data_key_reuse_period_seconds=300)
package main
import (
"github.com/pulumi/pulumi-aws/sdk/v7/go/aws/sqs"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
_, err := sqs.NewQueue(ctx, "queue", &sqs.QueueArgs{
Name: pulumi.String("example-queue"),
KmsMasterKeyId: pulumi.String("alias/aws/sqs"),
KmsDataKeyReusePeriodSeconds: pulumi.Int(300),
})
if err != nil {
return err
}
return nil
})
}
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Aws = Pulumi.Aws;
return await Deployment.RunAsync(() =>
{
var queue = new Aws.Sqs.Queue("queue", new()
{
Name = "example-queue",
KmsMasterKeyId = "alias/aws/sqs",
KmsDataKeyReusePeriodSeconds = 300,
});
});
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.aws.sqs.Queue;
import com.pulumi.aws.sqs.QueueArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var queue = new Queue("queue", QueueArgs.builder()
.name("example-queue")
.kmsMasterKeyId("alias/aws/sqs")
.kmsDataKeyReusePeriodSeconds(300)
.build());
}
}
resources:
queue:
type: aws:sqs:Queue
properties:
name: example-queue
kmsMasterKeyId: alias/aws/sqs
kmsDataKeyReusePeriodSeconds: 300
The kmsMasterKeyId points to your KMS key (by ID, alias, or ARN). The kmsDataKeyReusePeriodSeconds controls how long SQS reuses a data key before requesting a fresh one from KMS, balancing security and performance. Using customer-managed keys requires IAM permissions for KMS operations.
Beyond These Examples
These snippets focus on specific queue-level features: standard and FIFO queue types, dead letter queue routing and redrive policies, SQS-managed and KMS-based encryption, and high-throughput FIFO partitioning. They’re intentionally minimal rather than full messaging architectures.
The examples may reference pre-existing infrastructure such as dead letter queue ARNs for redrive policies and KMS keys for customer-managed encryption. They focus on configuring the queue rather than provisioning surrounding resources.
To keep things focused, common queue patterns are omitted, including:
- Access policies and cross-account permissions (policy property)
- Visibility timeout tuning (visibilityTimeoutSeconds)
- Long polling configuration (receiveWaitTimeSeconds beyond basic example)
- Message size limits (maxMessageSize tuning)
- Tag-based organization (tags property)
These omissions are intentional: the goal is to illustrate how each queue feature is wired, not provide drop-in messaging modules. See the SQS Queue resource reference for all available configuration options.
Frequently Asked Questions
Common Errors & Pitfalls
Why am I getting timeout errors when creating a queue with a policy?
AWS will hang indefinitely with a timeout error if you don’t explicitly set
Version = "2012-10-17" in your aws.sqs.QueuePolicy. Always include this version field in queue policies.Why isn't my dead-letter queue maxReceiveCount working?
In
redrivePolicy, maxReceiveCount must be an integer (5), not a string ("5"). Using a string will cause the configuration to fail.Queue Types & Configuration
What's the difference between standard and FIFO queues?
Standard queues (default) offer maximum throughput and at-least-once delivery. FIFO queues guarantee exactly-once processing and preserve message order, but require the queue name to end with
.fifo and fifoQueue: true.How do I name a FIFO queue?
FIFO queue names must end with the
.fifo suffix and follow standard naming rules: 1-80 characters using only uppercase/lowercase letters, numbers, underscores, and hyphens.What properties can't I change after creating a queue?
Three properties are immutable:
name, namePrefix, and fifoQueue. You cannot rename a queue or convert between standard and FIFO types.How do I enable high-throughput mode for FIFO queues?
Set
deduplicationScope: "messageGroup" and fifoThroughputLimit: "perMessageGroupId" to enable per-message-group throughput quotas instead of per-queue limits.Dead Letter Queues
How do I configure a dead-letter queue?
Set
redrivePolicy with deadLetterTargetArn (the target queue’s ARN) and maxReceiveCount (retry limit before moving to DLQ). The schema recommends using the separate aws.sqs.RedrivePolicy resource instead of the inline property.Message Configuration
What are the message size limits?
Messages can be 1,024 bytes (1 KiB) to 1,048,576 bytes (1024 KiB). The default limit is 262,144 bytes (256 KiB).
How long are messages retained by default?
Messages are retained for 4 days (345,600 seconds) by default. You can configure retention from 1 minute (60 seconds) to 14 days (1,209,600 seconds).
Performance & Polling
How do I enable long polling to reduce costs?
Set
receiveWaitTimeSeconds to a value between 1 and 20 seconds. The default is 0 (short polling), which returns immediately even if no messages are available.What is the visibility timeout and what's the default?
The visibility timeout determines how long a message is hidden from other consumers after being received. It ranges from 0 to 43,200 seconds (12 hours), with a default of 30 seconds.
Encryption & Security
What's the difference between SQS-managed and KMS encryption?
SQS-managed encryption (
sqsManagedSseEnabled: true) uses keys owned by SQS. KMS encryption (kmsMasterKeyId) uses customer-managed keys with configurable key reuse periods (default 5 minutes, range 1-1440 minutes).Should I use inline policies or separate policy resources?
Use separate
aws.sqs.QueuePolicy, aws.sqs.RedrivePolicy, and aws.sqs.RedriveAllowPolicy resources instead of inline policy, redrivePolicy, and redriveAllowPolicy properties. The provider only performs drift detection on inline properties when present in configuration.Ready to get started?
Get started with Pulumi Cloud, then follow our quick setup guide to deploy this infrastructure.
Create free account