/terraform-aws-sqs

Terraform module to create AWS SQS resources 🇺🇦

Primary LanguageHCLApache License 2.0Apache-2.0

AWS SQS Terraform module

Terraform module which creates SQS resources on AWS.

SWUbanner

Usage

FIFO Queue

module "sqs" {
  source  = "terraform-aws-modules/sqs/aws"

  name = "fifo"

  fifo_queue = true

  tags = {
    Environment = "dev"
  }
}

Queue Encrypted w/ Customer Managed KMS Key

module "sqs" {
  source  = "terraform-aws-modules/sqs/aws"

  name = "cmk"

  kms_master_key_id                 = "0d1ba9e8-9421-498a-9c8a-01e9772b2924"
  kms_data_key_reuse_period_seconds = 3600

  tags = {
    Environment = "dev"
  }
}

Queue w/ Dead Letter Queue

module "sqs" {
  source  = "terraform-aws-modules/sqs/aws"

  name = "example"

  create_dlq = true
  redrive_policy = {
    # default is 5 for this module
    maxReceiveCount = 10
  }

  tags = {
    Environment = "dev"
  }
}

Subscribe Queue to SNS Topic

module "sns" {
  source  = "terraform-aws-modules/sns/aws"
  version = ">= 5.0"

  name = "pub-sub"

  topic_policy_statements = {
    sqs = {
      sid = "SQSSubscribe"
      actions = [
        "sns:Subscribe",
        "sns:Receive",
      ]

      principals = [{
        type        = "AWS"
        identifiers = ["*"]
      }]

      conditions = [{
        test     = "StringLike"
        variable = "sns:Endpoint"
        values   = [module.sqs.queue_arn]
      }]
    }
  }

  subscriptions = {
    sqs = {
      protocol = "sqs"
      endpoint = module.sqs.queue_arn
    }
  }

  tags = {
    Environment = "dev"
  }
}

module "sqs" {
  source = "terraform-aws-modules/sqs/aws"

  name = "pub-sub"

  create_queue_policy = true
  queue_policy_statements = {
    sns = {
      sid     = "SNSPublish"
      actions = ["sqs:SendMessage"]

      principals = [
        {
          type        = "Service"
          identifiers = ["sns.amazonaws.com"]
        }
      ]

      conditions = [{
        test     = "ArnEquals"
        variable = "aws:SourceArn"
        values   = [module.sns.topic_arn]
      }]
    }
  }

  tags = {
    Environment = "dev"
  }
}

Examples

Conditional Creation

The following values are provided to toggle on/off creation of the associated resources as desired:

module "sqs" {
  source  = "terraform-aws-modules/sqs/aws"

  # Disable creation of all resources
  create = false

  # Enable creation of queue policy
  create_queue_policy = true

  # Enable creation of dead letter queue
  create_dlq = true

  # Enable creation of dead letter queue policy
  create_dlq_queue_policy = true

  # ... omitted
}

Requirements

Name Version
terraform >= 1.0
aws >= 4.36

Providers

Name Version
aws >= 4.36

Modules

No modules.

Resources

Name Type
aws_sqs_queue.dlq resource
aws_sqs_queue.this resource
aws_sqs_queue_policy.dlq resource
aws_sqs_queue_policy.this resource
aws_sqs_queue_redrive_allow_policy.dlq resource
aws_sqs_queue_redrive_allow_policy.this resource
aws_sqs_queue_redrive_policy.dlq resource
aws_sqs_queue_redrive_policy.this resource
aws_caller_identity.current data source
aws_iam_policy_document.dlq data source
aws_iam_policy_document.this data source
aws_region.current data source

Inputs

Name Description Type Default Required
content_based_deduplication Enables content-based deduplication for FIFO queues bool null no
create Whether to create SQS queue bool true no
create_dlq Determines whether to create SQS dead letter queue bool false no
create_dlq_queue_policy Whether to create SQS queue policy bool false no
create_dlq_redrive_allow_policy Determines whether to create a redrive allow policy for the dead letter queue. bool true no
create_queue_policy Whether to create SQS queue policy bool false no
deduplication_scope Specifies whether message deduplication occurs at the message group or queue level string null no
delay_seconds The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes) number null no
dlq_content_based_deduplication Enables content-based deduplication for FIFO queues bool null no
dlq_deduplication_scope Specifies whether message deduplication occurs at the message group or queue level string null no
dlq_delay_seconds The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes) number null no
dlq_kms_data_key_reuse_period_seconds The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours) number null no
dlq_kms_master_key_id The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK string null no
dlq_message_retention_seconds The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days) number null no
dlq_name This is the human-readable name of the queue. If omitted, Terraform will assign a random name string null no
dlq_queue_policy_statements A map of IAM policy statements for custom permission usage any {} no
dlq_receive_wait_time_seconds The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds) number null no
dlq_redrive_allow_policy The JSON policy to set up the Dead Letter Queue redrive permission, see AWS docs. any {} no
dlq_sqs_managed_sse_enabled Boolean to enable server-side encryption (SSE) of message content with SQS-owned encryption keys bool true no
dlq_tags A mapping of additional tags to assign to the dead letter queue map(string) {} no
dlq_visibility_timeout_seconds The visibility timeout for the queue. An integer from 0 to 43200 (12 hours) number null no
fifo_queue Boolean designating a FIFO queue bool false no
fifo_throughput_limit Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group string null no
kms_data_key_reuse_period_seconds The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours) number null no
kms_master_key_id The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK string null no
max_message_size The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB) number null no
message_retention_seconds The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days) number null no
name This is the human-readable name of the queue. If omitted, Terraform will assign a random name string null no
override_dlq_queue_policy_documents List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank sids will override statements with the same sid list(string) [] no
override_queue_policy_documents List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank sids will override statements with the same sid list(string) [] no
queue_policy_statements A map of IAM policy statements for custom permission usage any {} no
receive_wait_time_seconds The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds) number null no
redrive_allow_policy The JSON policy to set up the Dead Letter Queue redrive permission, see AWS docs. any {} no
redrive_policy The JSON policy to set up the Dead Letter Queue, see AWS docs. Note: when specifying maxReceiveCount, you must specify it as an integer (5), and not a string ("5") any {} no
source_dlq_queue_policy_documents List of IAM policy documents that are merged together into the exported document. Statements must have unique sids list(string) [] no
source_queue_policy_documents List of IAM policy documents that are merged together into the exported document. Statements must have unique sids list(string) [] no
sqs_managed_sse_enabled Boolean to enable server-side encryption (SSE) of message content with SQS-owned encryption keys bool true no
tags A mapping of tags to assign to all resources map(string) {} no
use_name_prefix Determines whether name is used as a prefix bool false no
visibility_timeout_seconds The visibility timeout for the queue. An integer from 0 to 43200 (12 hours) number null no

Outputs

Name Description
dead_letter_queue_arn The ARN of the SQS queue
dead_letter_queue_arn_static The ARN of the SQS queue. Use this to avoid cycle errors between resources (e.g., Step Functions)
dead_letter_queue_id The URL for the created Amazon SQS queue
dead_letter_queue_name The name of the SQS queue
dead_letter_queue_url Same as dead_letter_queue_id: The URL for the created Amazon SQS queue
queue_arn The ARN of the SQS queue
queue_arn_static The ARN of the SQS queue. Use this to avoid cycle errors between resources (e.g., Step Functions)
queue_id The URL for the created Amazon SQS queue
queue_name The name of the SQS queue
queue_url Same as queue_id: The URL for the created Amazon SQS queue

Authors

Module is maintained by Anton Babenko with help from these awesome contributors.

License

Apache 2 Licensed. See LICENSE for full details.