From 609efb164f6eaa087a6136a7f400e9212ee2a85a Mon Sep 17 00:00:00 2001 From: Aditya Menon Date: Sat, 8 Mar 2025 22:06:21 +0100 Subject: [PATCH 1/2] fix: add support for customizing dlq fifo throughput limit Signed-off-by: Aditya Menon --- README.md | 1 + examples/complete/README.md | 9 ++++++ examples/complete/main.tf | 62 ++++++++++++++++++++++++++++++++++++ examples/complete/outputs.tf | 41 ++++++++++++++++++++++++ main.tf | 2 +- variables.tf | 6 ++++ wrappers/main.tf | 1 + 7 files changed, 121 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index fe60845..0388382 100644 --- a/README.md +++ b/README.md @@ -211,6 +211,7 @@ No modules. | [dlq\_content\_based\_deduplication](#input\_dlq\_content\_based\_deduplication) | Enables content-based deduplication for FIFO queues | `bool` | `null` | no | | [dlq\_deduplication\_scope](#input\_dlq\_deduplication\_scope) | Specifies whether message deduplication occurs at the message group or queue level | `string` | `null` | no | | [dlq\_delay\_seconds](#input\_dlq\_delay\_seconds) | The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes) | `number` | `null` | no | +| [dlq\_fifo\_throughput\_limit](#input\_dlq\_fifo\_throughput\_limit) | Specifies whether the Dead Letter Queue FIFO queue throughput quota applies to the entire queue or per message group | `string` | `null` | no | | [dlq\_kms\_data\_key\_reuse\_period\_seconds](#input\_dlq\_kms\_data\_key\_reuse\_period\_seconds) | The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours) | `number` | `null` | no | | [dlq\_kms\_master\_key\_id](#input\_dlq\_kms\_master\_key\_id) | The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK | `string` | `null` | no | | [dlq\_message\_retention\_seconds](#input\_dlq\_message\_retention\_seconds) | The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days) | `number` | `null` | no | diff --git a/examples/complete/README.md b/examples/complete/README.md index 0482b45..f78a30c 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -45,6 +45,7 @@ Note that this example may create resources which cost money. Run `terraform des | [disabled\_sqs](#module\_disabled\_sqs) | ../../ | n/a | | [fifo\_sqs](#module\_fifo\_sqs) | ../../ | n/a | | [sqs\_with\_dlq](#module\_sqs\_with\_dlq) | ../../ | n/a | +| [sqs\_with\_fifo\_dlq](#module\_sqs\_with\_fifo\_dlq) | ../../ | n/a | | [sse\_encrypted\_dlq\_sqs](#module\_sse\_encrypted\_dlq\_sqs) | ../../ | n/a | | [sse\_encrypted\_sqs](#module\_sse\_encrypted\_sqs) | ../../ | n/a | | [unencrypted\_sqs](#module\_unencrypted\_sqs) | ../../ | n/a | @@ -104,6 +105,14 @@ No inputs. | [sqs\_with\_dlq\_queue\_id](#output\_sqs\_with\_dlq\_queue\_id) | The URL for the created Amazon SQS queue | | [sqs\_with\_dlq\_queue\_name](#output\_sqs\_with\_dlq\_queue\_name) | The name of the SQS queue | | [sqs\_with\_dlq\_queue\_url](#output\_sqs\_with\_dlq\_queue\_url) | Same as `queue_id`: The URL for the created Amazon SQS queue | +| [sqs\_with\_fifo\_dlq\_dlq\_arn](#output\_sqs\_with\_fifo\_dlq\_dlq\_arn) | The ARN of the SQS queue | +| [sqs\_with\_fifo\_dlq\_dlq\_id](#output\_sqs\_with\_fifo\_dlq\_dlq\_id) | The URL for the created Amazon SQS queue | +| [sqs\_with\_fifo\_dlq\_dlq\_name](#output\_sqs\_with\_fifo\_dlq\_dlq\_name) | The name of the SQS queue | +| [sqs\_with\_fifo\_dlq\_dlq\_url](#output\_sqs\_with\_fifo\_dlq\_dlq\_url) | Same as `dead_letter_queue_id`: The URL for the created Amazon SQS queue | +| [sqs\_with\_fifo\_dlq\_queue\_arn](#output\_sqs\_with\_fifo\_dlq\_queue\_arn) | The ARN of the SQS queue | +| [sqs\_with\_fifo\_dlq\_queue\_id](#output\_sqs\_with\_fifo\_dlq\_queue\_id) | The URL for the created Amazon SQS queue | +| [sqs\_with\_fifo\_dlq\_queue\_name](#output\_sqs\_with\_fifo\_dlq\_queue\_name) | The name of the SQS queue | +| [sqs\_with\_fifo\_dlq\_queue\_url](#output\_sqs\_with\_fifo\_dlq\_queue\_url) | Same as `queue_id`: The URL for the created Amazon SQS queue | | [sse\_encrypted\_dlq\_sqs\_dlq\_arn](#output\_sse\_encrypted\_dlq\_sqs\_dlq\_arn) | The ARN of the SQS queue | | [sse\_encrypted\_dlq\_sqs\_dlq\_id](#output\_sse\_encrypted\_dlq\_sqs\_dlq\_id) | The URL for the created Amazon SQS queue | | [sse\_encrypted\_dlq\_sqs\_dlq\_name](#output\_sse\_encrypted\_dlq\_sqs\_dlq\_name) | The name of the SQS queue | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 58502b7..5c32ce2 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -161,6 +161,68 @@ module "sqs_with_dlq" { tags = local.tags } +module "sqs_with_fifo_dlq" { + source = "../../" + + # This creates both the queue and the dead letter queue together + + name = "${local.name}-sqs-with-fifo-dlq" + fifo_queue = true + + deduplication_scope = "messageGroup" + fifo_throughput_limit = "perMessageGroupId" + + # Policy + # Not required - just showing example + create_queue_policy = true + queue_policy_statements = { + account = { + sid = "AccountReadWrite" + actions = [ + "sqs:SendMessage", + "sqs:ReceiveMessage", + ] + principals = [ + { + type = "AWS" + identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"] + } + ] + } + } + + # Dead letter queue + create_dlq = true + redrive_policy = { + # default is 5 for this module + maxReceiveCount = 10 + } + create_dlq_redrive_allow_policy = false + + # Dead letter queue policy + # Not required - just showing example + create_dlq_queue_policy = true + dlq_queue_policy_statements = { + account = { + sid = "AccountReadWrite" + actions = [ + "sqs:SendMessage", + "sqs:ReceiveMessage", + ] + principals = [ + { + type = "AWS" + identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"] + } + ] + } + } + dlq_deduplication_scope = "queue" + dlq_fifo_throughput_limit = "perQueue" + + tags = local.tags +} + module "disabled_sqs" { source = "../../" diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index 5753ccc..dc376c6 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -285,6 +285,47 @@ output "sqs_with_dlq_dlq_name" { value = module.sqs_with_dlq.dead_letter_queue_name } +# With FIFO Dead Letter Queue +output "sqs_with_fifo_dlq_queue_id" { + description = "The URL for the created Amazon SQS queue" + value = module.sqs_with_fifo_dlq.queue_id +} + +output "sqs_with_fifo_dlq_queue_arn" { + description = "The ARN of the SQS queue" + value = module.sqs_with_fifo_dlq.queue_arn +} + +output "sqs_with_fifo_dlq_queue_url" { + description = "Same as `queue_id`: The URL for the created Amazon SQS queue" + value = module.sqs_with_fifo_dlq.queue_url +} + +output "sqs_with_fifo_dlq_queue_name" { + description = "The name of the SQS queue" + value = module.sqs_with_fifo_dlq.queue_name +} + +output "sqs_with_fifo_dlq_dlq_id" { + description = "The URL for the created Amazon SQS queue" + value = module.sqs_with_fifo_dlq.dead_letter_queue_id +} + +output "sqs_with_fifo_dlq_dlq_arn" { + description = "The ARN of the SQS queue" + value = module.sqs_with_fifo_dlq.dead_letter_queue_arn +} + +output "sqs_with_fifo_dlq_dlq_url" { + description = "Same as `dead_letter_queue_id`: The URL for the created Amazon SQS queue" + value = module.sqs_with_fifo_dlq.dead_letter_queue_url +} + +output "sqs_with_fifo_dlq_dlq_name" { + description = "The name of the SQS queue" + value = module.sqs_with_fifo_dlq.dead_letter_queue_name +} + # Disabled output "disabled_sqs_queue_id" { description = "The URL for the created Amazon SQS queue" diff --git a/main.tf b/main.tf index 735b21b..12de0a7 100644 --- a/main.tf +++ b/main.tf @@ -137,7 +137,7 @@ resource "aws_sqs_queue" "dlq" { delay_seconds = try(coalesce(var.dlq_delay_seconds, var.delay_seconds), null) # If source queue is FIFO, DLQ must also be FIFO and vice versa fifo_queue = var.fifo_queue - fifo_throughput_limit = var.fifo_throughput_limit + fifo_throughput_limit = try(coalesce(var.dlq_fifo_throughput_limit, var.fifo_throughput_limit), null) kms_data_key_reuse_period_seconds = try(coalesce(var.dlq_kms_data_key_reuse_period_seconds, var.kms_data_key_reuse_period_seconds), null) kms_master_key_id = local.dlq_kms_master_key_id max_message_size = var.max_message_size diff --git a/variables.tf b/variables.tf index c1cafe8..511523e 100644 --- a/variables.tf +++ b/variables.tf @@ -214,6 +214,12 @@ variable "dlq_sqs_managed_sse_enabled" { default = true } +variable "dlq_fifo_throughput_limit" { + description = "Specifies whether the Dead Letter Queue FIFO queue throughput quota applies to the entire queue or per message group" + type = string + default = null +} + variable "dlq_visibility_timeout_seconds" { description = "The visibility timeout for the queue. An integer from 0 to 43200 (12 hours)" type = number diff --git a/wrappers/main.tf b/wrappers/main.tf index f220425..a45de80 100644 --- a/wrappers/main.tf +++ b/wrappers/main.tf @@ -14,6 +14,7 @@ module "wrapper" { dlq_content_based_deduplication = try(each.value.dlq_content_based_deduplication, var.defaults.dlq_content_based_deduplication, null) dlq_deduplication_scope = try(each.value.dlq_deduplication_scope, var.defaults.dlq_deduplication_scope, null) dlq_delay_seconds = try(each.value.dlq_delay_seconds, var.defaults.dlq_delay_seconds, null) + dlq_fifo_throughput_limit = try(each.value.dlq_fifo_throughput_limit, var.defaults.dlq_fifo_throughput_limit, null) dlq_kms_data_key_reuse_period_seconds = try(each.value.dlq_kms_data_key_reuse_period_seconds, var.defaults.dlq_kms_data_key_reuse_period_seconds, null) dlq_kms_master_key_id = try(each.value.dlq_kms_master_key_id, var.defaults.dlq_kms_master_key_id, null) dlq_message_retention_seconds = try(each.value.dlq_message_retention_seconds, var.defaults.dlq_message_retention_seconds, null) From 147187858d4b4bffe6be73e55a87240839dfdbf8 Mon Sep 17 00:00:00 2001 From: Bryant Biggs Date: Sun, 30 Mar 2025 15:14:40 -0500 Subject: [PATCH 2/2] chore: Remove redundant example --- .pre-commit-config.yaml | 2 +- examples/complete/README.md | 9 ------ examples/complete/main.tf | 62 ------------------------------------ examples/complete/outputs.tf | 41 ------------------------ 4 files changed, 1 insertion(+), 113 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 7e4e7da..424b371 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,6 +1,6 @@ repos: - repo: https://github.com/antonbabenko/pre-commit-terraform - rev: v1.96.1 + rev: v1.98.0 hooks: - id: terraform_fmt - id: terraform_wrapper_module_for_each diff --git a/examples/complete/README.md b/examples/complete/README.md index f78a30c..0482b45 100644 --- a/examples/complete/README.md +++ b/examples/complete/README.md @@ -45,7 +45,6 @@ Note that this example may create resources which cost money. Run `terraform des | [disabled\_sqs](#module\_disabled\_sqs) | ../../ | n/a | | [fifo\_sqs](#module\_fifo\_sqs) | ../../ | n/a | | [sqs\_with\_dlq](#module\_sqs\_with\_dlq) | ../../ | n/a | -| [sqs\_with\_fifo\_dlq](#module\_sqs\_with\_fifo\_dlq) | ../../ | n/a | | [sse\_encrypted\_dlq\_sqs](#module\_sse\_encrypted\_dlq\_sqs) | ../../ | n/a | | [sse\_encrypted\_sqs](#module\_sse\_encrypted\_sqs) | ../../ | n/a | | [unencrypted\_sqs](#module\_unencrypted\_sqs) | ../../ | n/a | @@ -105,14 +104,6 @@ No inputs. | [sqs\_with\_dlq\_queue\_id](#output\_sqs\_with\_dlq\_queue\_id) | The URL for the created Amazon SQS queue | | [sqs\_with\_dlq\_queue\_name](#output\_sqs\_with\_dlq\_queue\_name) | The name of the SQS queue | | [sqs\_with\_dlq\_queue\_url](#output\_sqs\_with\_dlq\_queue\_url) | Same as `queue_id`: The URL for the created Amazon SQS queue | -| [sqs\_with\_fifo\_dlq\_dlq\_arn](#output\_sqs\_with\_fifo\_dlq\_dlq\_arn) | The ARN of the SQS queue | -| [sqs\_with\_fifo\_dlq\_dlq\_id](#output\_sqs\_with\_fifo\_dlq\_dlq\_id) | The URL for the created Amazon SQS queue | -| [sqs\_with\_fifo\_dlq\_dlq\_name](#output\_sqs\_with\_fifo\_dlq\_dlq\_name) | The name of the SQS queue | -| [sqs\_with\_fifo\_dlq\_dlq\_url](#output\_sqs\_with\_fifo\_dlq\_dlq\_url) | Same as `dead_letter_queue_id`: The URL for the created Amazon SQS queue | -| [sqs\_with\_fifo\_dlq\_queue\_arn](#output\_sqs\_with\_fifo\_dlq\_queue\_arn) | The ARN of the SQS queue | -| [sqs\_with\_fifo\_dlq\_queue\_id](#output\_sqs\_with\_fifo\_dlq\_queue\_id) | The URL for the created Amazon SQS queue | -| [sqs\_with\_fifo\_dlq\_queue\_name](#output\_sqs\_with\_fifo\_dlq\_queue\_name) | The name of the SQS queue | -| [sqs\_with\_fifo\_dlq\_queue\_url](#output\_sqs\_with\_fifo\_dlq\_queue\_url) | Same as `queue_id`: The URL for the created Amazon SQS queue | | [sse\_encrypted\_dlq\_sqs\_dlq\_arn](#output\_sse\_encrypted\_dlq\_sqs\_dlq\_arn) | The ARN of the SQS queue | | [sse\_encrypted\_dlq\_sqs\_dlq\_id](#output\_sse\_encrypted\_dlq\_sqs\_dlq\_id) | The URL for the created Amazon SQS queue | | [sse\_encrypted\_dlq\_sqs\_dlq\_name](#output\_sse\_encrypted\_dlq\_sqs\_dlq\_name) | The name of the SQS queue | diff --git a/examples/complete/main.tf b/examples/complete/main.tf index 5c32ce2..58502b7 100644 --- a/examples/complete/main.tf +++ b/examples/complete/main.tf @@ -161,68 +161,6 @@ module "sqs_with_dlq" { tags = local.tags } -module "sqs_with_fifo_dlq" { - source = "../../" - - # This creates both the queue and the dead letter queue together - - name = "${local.name}-sqs-with-fifo-dlq" - fifo_queue = true - - deduplication_scope = "messageGroup" - fifo_throughput_limit = "perMessageGroupId" - - # Policy - # Not required - just showing example - create_queue_policy = true - queue_policy_statements = { - account = { - sid = "AccountReadWrite" - actions = [ - "sqs:SendMessage", - "sqs:ReceiveMessage", - ] - principals = [ - { - type = "AWS" - identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"] - } - ] - } - } - - # Dead letter queue - create_dlq = true - redrive_policy = { - # default is 5 for this module - maxReceiveCount = 10 - } - create_dlq_redrive_allow_policy = false - - # Dead letter queue policy - # Not required - just showing example - create_dlq_queue_policy = true - dlq_queue_policy_statements = { - account = { - sid = "AccountReadWrite" - actions = [ - "sqs:SendMessage", - "sqs:ReceiveMessage", - ] - principals = [ - { - type = "AWS" - identifiers = ["arn:aws:iam::${data.aws_caller_identity.current.account_id}:root"] - } - ] - } - } - dlq_deduplication_scope = "queue" - dlq_fifo_throughput_limit = "perQueue" - - tags = local.tags -} - module "disabled_sqs" { source = "../../" diff --git a/examples/complete/outputs.tf b/examples/complete/outputs.tf index dc376c6..5753ccc 100644 --- a/examples/complete/outputs.tf +++ b/examples/complete/outputs.tf @@ -285,47 +285,6 @@ output "sqs_with_dlq_dlq_name" { value = module.sqs_with_dlq.dead_letter_queue_name } -# With FIFO Dead Letter Queue -output "sqs_with_fifo_dlq_queue_id" { - description = "The URL for the created Amazon SQS queue" - value = module.sqs_with_fifo_dlq.queue_id -} - -output "sqs_with_fifo_dlq_queue_arn" { - description = "The ARN of the SQS queue" - value = module.sqs_with_fifo_dlq.queue_arn -} - -output "sqs_with_fifo_dlq_queue_url" { - description = "Same as `queue_id`: The URL for the created Amazon SQS queue" - value = module.sqs_with_fifo_dlq.queue_url -} - -output "sqs_with_fifo_dlq_queue_name" { - description = "The name of the SQS queue" - value = module.sqs_with_fifo_dlq.queue_name -} - -output "sqs_with_fifo_dlq_dlq_id" { - description = "The URL for the created Amazon SQS queue" - value = module.sqs_with_fifo_dlq.dead_letter_queue_id -} - -output "sqs_with_fifo_dlq_dlq_arn" { - description = "The ARN of the SQS queue" - value = module.sqs_with_fifo_dlq.dead_letter_queue_arn -} - -output "sqs_with_fifo_dlq_dlq_url" { - description = "Same as `dead_letter_queue_id`: The URL for the created Amazon SQS queue" - value = module.sqs_with_fifo_dlq.dead_letter_queue_url -} - -output "sqs_with_fifo_dlq_dlq_name" { - description = "The name of the SQS queue" - value = module.sqs_with_fifo_dlq.dead_letter_queue_name -} - # Disabled output "disabled_sqs_queue_id" { description = "The URL for the created Amazon SQS queue"