Skip to main content
Sponsor @cloudposse

sqs-queue

This component is responsible for creating an SQS queue.

Usage

Stack Level: Regional

Here's an example snippet for how to use this component.

components:
  terraform:
    sqs-queue/defaults:
      vars:
        enabled: true
        # org defaults

    sqs-queue:
      metadata:
        component: sqs-queue
        inherits:
          - sqs-queue/defaults
      vars:
        name: sqs
        visibility_timeout_seconds: 30
        message_retention_seconds: 86400 # 1 day
        delay_seconds: 0
        max_message_size_bytes: 262144
        receive_wait_time_seconds: 0
        fifo_queue: false
        content_based_deduplication: false
        dlq_enabled: true
        dlq_name_suffix: "dead-letter" # default is dlq
        dlq_max_receive_count: 1
        dlq_kms_data_key_reuse_period_seconds: 86400 # 1 day
        kms_data_key_reuse_period_seconds: 86400 # 1 day
        # kms_master_key_id: "alias/aws/sqs" # Use KMS # default null
        sqs_managed_sse_enabled: true # SSE vs KMS (Priority goes to KMS)
        iam_policy_limit_to_current_account: true # default true
        iam_policy:
          - version: 2012-10-17
            policy_id: Allow-S3-Event-Notifications
            statements:
              - sid: Allow-S3-Event-Notifications
                effect: Allow
                principals:
                  - type: Service
                    identifiers: ["s3.amazonaws.com"]
                actions:
                  - SQS:SendMessage
                resources: [] # auto includes this queue's ARN
                conditions:
                  ## this is included when `iam_policy_limit_to_current_account` is true
                  #- test: StringEquals
                  #  variable: aws:SourceAccount
                  #  value: "1234567890"
                  - test: ArnLike
                    variable: aws:SourceArn
                    values:
                      - "arn:aws:s3:::*"

Variables

Required Variables

region (string) required

AWS Region

Optional Variables

content_based_deduplication (bool) optional

Enables content-based deduplication for FIFO queues. For more information, see the related documentation


Default value: false

create_dlq_redrive_allow_policy (bool) optional

Determines whether to create a redrive allow policy for the dead letter queue.


Default value: true

deduplication_scope (string) optional

Specifies whether message deduplication occurs at the message group or queue level


Default value: null

delay_seconds (number) optional

The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes). The default for this attribute is 0 seconds.


Default value: 0

dlq_content_based_deduplication (bool) optional

Enables content-based deduplication for FIFO queues


Default value: null

dlq_deduplication_scope (string) optional

Specifies whether message deduplication occurs at the message group or queue level


Default value: null

dlq_delay_seconds (number) optional

The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes)


Default value: null

dlq_enabled (bool) optional

Boolean designating whether the Dead Letter Queue should be created by this component.


Default value: false

dlq_kms_data_key_reuse_period_seconds (number) optional

The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours)


Default value: null

dlq_kms_master_key_id (string) optional

The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK


Default value: null

dlq_max_receive_count (number) optional

The number of times a message can be unsuccessfully dequeued before being moved to the Dead Letter Queue.


Default value: 5

dlq_message_retention_seconds (number) optional

The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days)


Default value: null

dlq_name_suffix (string) optional

The suffix of the Dead Letter Queue.


Default value: "dlq"

dlq_receive_wait_time_seconds (number) optional

The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds)


Default value: null

dlq_redrive_allow_policy (any) optional

The JSON policy to set up the Dead Letter Queue redrive permission, see AWS docs.


Default value: { }

dlq_sqs_managed_sse_enabled (bool) optional

Boolean to enable server-side encryption (SSE) of message content with SQS-owned encryption keys


Default value: true

dlq_tags (map(string)) optional

A mapping of additional tags to assign to the dead letter queue


Default value: { }

dlq_visibility_timeout_seconds (number) optional

The visibility timeout for the queue. An integer from 0 to 43200 (12 hours)


Default value: null

fifo_queue (bool) optional

Boolean designating a FIFO queue. If not set, it defaults to false making it standard.


Default value: false

fifo_throughput_limit (string) optional

Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are perQueue and perMessageGroupId. This can be specified if fifo_queue is true.


Default value: null

iam_policy optional

IAM policy as list of Terraform objects, compatible with Terraform aws_iam_policy_document data source
except that source_policy_documents and override_policy_documents are not included.
Use inputs iam_source_policy_documents and iam_override_policy_documents for that.



Type:

list(object({
policy_id = optional(string, null)
version   = optional(string, null)
statements = list(object({
  sid           = optional(string, null)
  effect        = optional(string, null)
  actions       = optional(list(string), null)
  not_actions   = optional(list(string), null)
  resources     = optional(list(string), null)
  not_resources = optional(list(string), null)
  conditions = optional(list(object({
    test     = string
    variable = string
    values   = list(string)
  })), [])
  principals = optional(list(object({
    type        = string
    identifiers = list(string)
  })), [])
  not_principals = optional(list(object({
    type        = string
    identifiers = list(string)
  })), [])
}))
}))

Default value: [ ]

iam_policy_limit_to_current_account (bool) optional

Boolean designating whether the IAM policy should be limited to the current account.


Default value: true

kms_data_key_reuse_period_seconds (number) optional

The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). The default is 300 (5 minutes).


Default value: 300

kms_master_key_id (string) optional

The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see Key Terms.


Default value: null

max_message_size (number) optional

The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB). The default for this attribute is 262144 (256 KiB).


Default value: 262144

message_retention_seconds (number) optional

The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days). The default for this attribute is 345600 (4 days).


Default value: 345600

receive_wait_time_seconds (number) optional

The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds). The default for this attribute is 0, meaning that the call will return immediately.


Default value: 0

sqs_managed_sse_enabled (bool) optional

Boolean to enable server-side encryption (SSE) of message content with SQS-owned encryption keys


Default value: true

visibility_timeout_seconds (number) optional

The visibility timeout for the queue. An integer from 0 to 43200 (12 hours). The default for this attribute is 30. For more information about visibility timeout, see AWS docs.


Default value: 30

Context Variables

The following variables are defined in the context.tf file of this module and part of the terraform-null-label pattern.

additional_tag_map (map(string)) optional

Additional key-value pairs to add to each map in tags_as_list_of_maps. Not added to tags or id.
This is for some rare cases where resources want additional configuration of tags
and therefore take a list of maps with tag key, value, and additional configuration.


Required: No

Default value: { }

attributes (list(string)) optional

ID element. Additional attributes (e.g. workers or cluster) to add to id,
in the order they appear in the list. New attributes are appended to the
end of the list. The elements of the list are joined by the delimiter
and treated as a single ID element.


Required: No

Default value: [ ]

context (any) optional

Single object for setting entire context at once.
See description of individual variables for details.
Leave string and numeric variables as null to use default value.
Individual variable settings (non-null) override settings in context object,
except for attributes, tags, and additional_tag_map, which are merged.


Required: No

Default value:

{
  "additional_tag_map": {},
  "attributes": [],
  "delimiter": null,
  "descriptor_formats": {},
  "enabled": true,
  "environment": null,
  "id_length_limit": null,
  "label_key_case": null,
  "label_order": [],
  "label_value_case": null,
  "labels_as_tags": [
    "unset"
  ],
  "name": null,
  "namespace": null,
  "regex_replace_chars": null,
  "stage": null,
  "tags": {},
  "tenant": null
}
delimiter (string) optional

Delimiter to be used between ID elements.
Defaults to - (hyphen). Set to "" to use no delimiter at all.


Required: No

Default value: null

descriptor_formats (any) optional

Describe additional descriptors to be output in the descriptors output map.
Map of maps. Keys are names of descriptors. Values are maps of the form
\{<br/> format = string<br/> labels = list(string)<br/> \}
(Type is any so the map values can later be enhanced to provide additional options.)
format is a Terraform format string to be passed to the format() function.
labels is a list of labels, in order, to pass to format() function.
Label values will be normalized before being passed to format() so they will be
identical to how they appear in id.
Default is {} (descriptors output will be empty).


Required: No

Default value: { }

enabled (bool) optional

Set to false to prevent the module from creating any resources
Required: No

Default value: null

environment (string) optional

ID element. Usually used for region e.g. 'uw2', 'us-west-2', OR role 'prod', 'staging', 'dev', 'UAT'
Required: No

Default value: null

id_length_limit (number) optional

Limit id to this many characters (minimum 6).
Set to 0 for unlimited length.
Set to null for keep the existing setting, which defaults to 0.
Does not affect id_full.


Required: No

Default value: null

label_key_case (string) optional

Controls the letter case of the tags keys (label names) for tags generated by this module.
Does not affect keys of tags passed in via the tags input.
Possible values: lower, title, upper.
Default value: title.


Required: No

Default value: null

label_order (list(string)) optional

The order in which the labels (ID elements) appear in the id.
Defaults to ["namespace", "environment", "stage", "name", "attributes"].
You can omit any of the 6 labels ("tenant" is the 6th), but at least one must be present.


Required: No

Default value: null

label_value_case (string) optional

Controls the letter case of ID elements (labels) as included in id,
set as tag values, and output by this module individually.
Does not affect values of tags passed in via the tags input.
Possible values: lower, title, upper and none (no transformation).
Set this to title and set delimiter to "" to yield Pascal Case IDs.
Default value: lower.


Required: No

Default value: null

labels_as_tags (set(string)) optional

Set of labels (ID elements) to include as tags in the tags output.
Default is to include all labels.
Tags with empty values will not be included in the tags output.
Set to [] to suppress all generated tags.
Notes:
The value of the name tag, if included, will be the id, not the name.
Unlike other null-label inputs, the initial setting of labels_as_tags cannot be
changed in later chained modules. Attempts to change it will be silently ignored.


Required: No

Default value:

[
  "default"
]
name (string) optional

ID element. Usually the component or solution name, e.g. 'app' or 'jenkins'.
This is the only ID element not also included as a tag.
The "name" tag is set to the full id string. There is no tag with the value of the name input.


Required: No

Default value: null

namespace (string) optional

ID element. Usually an abbreviation of your organization name, e.g. 'eg' or 'cp', to help ensure generated IDs are globally unique
Required: No

Default value: null

regex_replace_chars (string) optional

Terraform regular expression (regex) string.
Characters matching the regex will be removed from the ID elements.
If not set, "/[^a-zA-Z0-9-]/" is used to remove all characters other than hyphens, letters and digits.


Required: No

Default value: null

stage (string) optional

ID element. Usually used to indicate role, e.g. 'prod', 'staging', 'source', 'build', 'test', 'deploy', 'release'
Required: No

Default value: null

tags (map(string)) optional

Additional tags (e.g. {'BusinessUnit': 'XYZ'}).
Neither the tag keys nor the tag values will be modified by this module.


Required: No

Default value: { }

tenant (string) optional

ID element (Rarely used, not included by default). A customer identifier, indicating who this instance of a resource is for
Required: No

Default value: null

Outputs

sqs_queue

The SQS queue.

Dependencies

Requirements

  • terraform, version: >= 1.0.0
  • aws, version: >= 4.0

Providers

  • aws, version: >= 4.0

Modules

NameVersionSourceDescription
iam_roleslatest../account-map/modules/iam-rolesn/a
queue_policy2.0.1cloudposse/iam-policy/awsn/a
sqs4.2.0terraform-aws-modules/sqs/awsn/a
this0.25.0cloudposse/label/nulln/a

Resources

The following resources are used by this module:

Data Sources

The following data sources are used by this module:

References

Changelog

Pull Request #1042 - Refactor sqs-queue Component

Components PR #1042

Affected Components

  • sqs-queue

Summary

This change to the sqs-queue component, #1042, refactored the sqs-queue component to use the AWS Module for queues, this provides better support for Dead-Letter Queues and easy policy attachment.

As part of that change, we've changed some variables:

  • policy - Removed
  • redrive_policy - Removed
  • dead_letter_sqs_arn - Removed
  • dead_letter_component_name - Removed
  • dead_letter_max_receive_count - Renamed to dlq_max_receive_count
  • fifo_throughput_limit type changed from list(string) to type string
  • kms_master_key_id type changed from list(string) to type string