AWS SQS Terraform module
Terraform module which creates SQS resources on AWS.
Usage
FIFO Queue
module "sqs" {
source = "terraform-aws-modules/sqs/aws"
name = "fifo"
fifo_queue = true
tags = {
Environment = "dev"
}
}
Queue Encrypted w/ Customer Managed KMS Key
module "sqs" {
source = "terraform-aws-modules/sqs/aws"
name = "cmk"
kms_master_key_id = "0d1ba9e8-9421-498a-9c8a-01e9772b2924"
kms_data_key_reuse_period_seconds = 3600
tags = {
Environment = "dev"
}
}
Queue w/ Dead Letter Queue
module "sqs" {
source = "terraform-aws-modules/sqs/aws"
name = "example"
create_dlq = true
redrive_policy = {
# default is 5 for this module
maxReceiveCount = 10
}
tags = {
Environment = "dev"
}
}
Subscribe Queue to SNS Topic
module "sns" {
source = "terraform-aws-modules/sns/aws"
version = ">= 5.0"
name = "pub-sub"
topic_policy_statements = {
sqs = {
sid = "SQSSubscribe"
actions = [
"sns:Subscribe",
"sns:Receive",
]
principals = [{
type = "AWS"
identifiers = ["*"]
}]
conditions = [{
test = "StringLike"
variable = "sns:Endpoint"
values = [module.sqs.queue_arn]
}]
}
}
subscriptions = {
sqs = {
protocol = "sqs"
endpoint = module.sqs.queue_arn
}
}
tags = {
Environment = "dev"
}
}
module "sqs" {
source = "terraform-aws-modules/sqs/aws"
name = "pub-sub"
create_queue_policy = true
queue_policy_statements = {
sns = {
sid = "SNSPublish"
actions = ["sqs:SendMessage"]
principals = [
{
type = "Service"
identifiers = ["sns.amazonaws.com"]
}
]
condition = {
test = "ArnEquals"
variable = "aws:SourceArn"
values = [module.sns.topic_arn]
}
}
}
tags = {
Environment = "dev"
}
}
Examples
Conditional Creation
The following values are provided to toggle on/off creation of the associated resources as desired:
module "sqs" {
source = "terraform-aws-modules/sqs/aws"
# Disable creation of all resources
create = false
# Enable creation of queue policy
create_queue_policy = true
# Enable creation of dead letter queue
create_dlq = true
# Enable creation of dead letter queue policy
create_dlq_queue_policy = true
# ... omitted
}
Requirements
Name | Version |
---|---|
terraform | >= 1.0 |
aws | >= 4.36 |
Providers
Name | Version |
---|---|
aws | >= 4.36 |
Modules
No modules.
Resources
Name | Type |
---|---|
aws_sqs_queue.dlq | resource |
aws_sqs_queue.this | resource |
aws_sqs_queue_policy.dlq | resource |
aws_sqs_queue_policy.this | resource |
aws_sqs_queue_redrive_allow_policy.dlq | resource |
aws_sqs_queue_redrive_allow_policy.this | resource |
aws_sqs_queue_redrive_policy.dlq | resource |
aws_sqs_queue_redrive_policy.this | resource |
aws_iam_policy_document.dlq | data source |
aws_iam_policy_document.this | data source |
Inputs
Name | Description | Type | Default | Required |
---|---|---|---|---|
content_based_deduplication | Enables content-based deduplication for FIFO queues | bool |
null |
no |
create | Whether to create SQS queue | bool |
true |
no |
create_dlq | Determines whether to create SQS dead letter queue | bool |
false |
no |
create_dlq_queue_policy | Whether to create SQS queue policy | bool |
false |
no |
create_queue_policy | Whether to create SQS queue policy | bool |
false |
no |
deduplication_scope | Specifies whether message deduplication occurs at the message group or queue level | string |
null |
no |
delay_seconds | The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes) | number |
null |
no |
dlq_content_based_deduplication | Enables content-based deduplication for FIFO queues | bool |
null |
no |
dlq_deduplication_scope | Specifies whether message deduplication occurs at the message group or queue level | string |
null |
no |
dlq_delay_seconds | The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes) | number |
null |
no |
dlq_kms_data_key_reuse_period_seconds | The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours) | number |
null |
no |
dlq_kms_master_key_id | The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK | string |
null |
no |
dlq_message_retention_seconds | The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days) | number |
null |
no |
dlq_name | This is the human-readable name of the queue. If omitted, Terraform will assign a random name | string |
null |
no |
dlq_queue_policy_statements | A map of IAM policy statements for custom permission usage | any |
{} |
no |
dlq_receive_wait_time_seconds | The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds) | number |
null |
no |
dlq_redrive_allow_policy | The JSON policy to set up the Dead Letter Queue redrive permission, see AWS docs. | any |
{} |
no |
dlq_sqs_managed_sse_enabled | Boolean to enable server-side encryption (SSE) of message content with SQS-owned encryption keys | bool |
true |
no |
dlq_tags | A mapping of additional tags to assign to the dead letter queue | map(string) |
{} |
no |
dlq_visibility_timeout_seconds | The visibility timeout for the queue. An integer from 0 to 43200 (12 hours) | number |
null |
no |
fifo_queue | Boolean designating a FIFO queue | bool |
false |
no |
fifo_throughput_limit | Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group | string |
null |
no |
kms_data_key_reuse_period_seconds | The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours) | number |
null |
no |
kms_master_key_id | The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK | string |
null |
no |
max_message_size | The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB) | number |
null |
no |
message_retention_seconds | The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days) | number |
null |
no |
name | This is the human-readable name of the queue. If omitted, Terraform will assign a random name | string |
null |
no |
override_dlq_queue_policy_documents | List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank sid s will override statements with the same sid |
list(string) |
[] |
no |
override_queue_policy_documents | List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank sid s will override statements with the same sid |
list(string) |
[] |
no |
queue_policy_statements | A map of IAM policy statements for custom permission usage | any |
{} |
no |
receive_wait_time_seconds | The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds) | number |
null |
no |
redrive_allow_policy | The JSON policy to set up the Dead Letter Queue redrive permission, see AWS docs. | any |
{} |
no |
redrive_policy | The JSON policy to set up the Dead Letter Queue, see AWS docs. Note: when specifying maxReceiveCount, you must specify it as an integer (5), and not a string ("5") | any |
{} |
no |
source_dlq_queue_policy_documents | List of IAM policy documents that are merged together into the exported document. Statements must have unique sid s |
list(string) |
[] |
no |
source_queue_policy_documents | List of IAM policy documents that are merged together into the exported document. Statements must have unique sid s |
list(string) |
[] |
no |
sqs_managed_sse_enabled | Boolean to enable server-side encryption (SSE) of message content with SQS-owned encryption keys | bool |
true |
no |
tags | A mapping of tags to assign to all resources | map(string) |
{} |
no |
use_name_prefix | Determines whether name is used as a prefix |
bool |
false |
no |
visibility_timeout_seconds | The visibility timeout for the queue. An integer from 0 to 43200 (12 hours) | number |
null |
no |
Outputs
Name | Description |
---|---|
dead_letter_queue_arn | The ARN of the SQS queue |
dead_letter_queue_id | The URL for the created Amazon SQS queue |
dead_letter_queue_name | The name of the SQS queue |
dead_letter_queue_url | Same as dead_letter_queue_id : The URL for the created Amazon SQS queue |
queue_arn | The ARN of the SQS queue |
queue_id | The URL for the created Amazon SQS queue |
queue_name | The name of the SQS queue |
queue_url | Same as queue_id : The URL for the created Amazon SQS queue |
Authors
Module is maintained by Anton Babenko with help from these awesome contributors.
License
Apache 2 Licensed. See LICENSE for full details.