Redrive allow policy in a aws_sqs_queue

jolivaSan · November 2, 2021, 10:05am

Hi,

Im trying to setup two queues using terraform with the resource ‘aws_sqs_queue’ one is the main queue and the other one is the dead letter queue, i see very clear that from the main queue to configure a dead letter queue i just need to use something like

  redrive_policy = jsonencode({
    deadLetterTargetArn = aws_sqs_queue.events_queue_dead_letter.arn
    maxReceiveCount     = 5
  })

Where i define what is the arn of the dead letter queue and the max recieve count, that ok but im not clear about how should i configure the dead letter queue to only allow messages from this main queue.

In AWS console in the queue edit/add form there are a section called " Redrive allow policy - Optional" where you can configure what queues can use this as dead letter queue

Here you can use Allow all, by queue or deny All, how can i setup this config in the aws_sqs_queue resource in terraform?

james.macivor · November 4, 2021, 5:49pm

Hey there, did anyone reach out to you about this? I’m experiencing the same confusion

jolivaSan · November 5, 2021, 9:16am

Nop, still waiting for a response.

paulz · November 22, 2021, 7:59pm

Ran into this as well.

Doesn’t look like its covered in this module

github.com

damacus/terraform-aws-sqs-with-dlq/blob/master/main.tf#L42-L52

    
      
          resource "aws_sqs_queue" "deadletter_queue" {
            name                              = "${var.name}-dead-letter-queue${var.fifo_queue == true ? ".fifo" : ""}"
            message_retention_seconds         = var.message_retention_seconds
            visibility_timeout_seconds        = var.visibility_timeout_seconds
            fifo_queue                        = var.fifo_queue
            content_based_deduplication       = var.content_based_deduplication
            kms_master_key_id                 = var.kms_master_key_id
            kms_data_key_reuse_period_seconds = var.kms_data_key_reuse_period_seconds
            max_message_size                  = var.max_message_size
            tags                              = var.tags
          }

A tf plan on a manually added “Redrive allow policy” from the web console doesn’t do any diffs either.

gerpuchfig · March 17, 2022, 5:19pm

resource “aws_sqs_queue” “regular_queue” {
name = “regular_queue”
fifo_queue = false
visibility_timeout_seconds = 300
delay_seconds = 5
max_message_size = 8192
message_retention_seconds = 86400
receive_wait_time_seconds = 15
redrive_policy = <<DEADLETTER
{
“deadLetterTargetArn” : “${aws_sqs_queue. deadletter_queue.arn}”,
“maxReceiveCount” : 3
}
DEADLETTER
tags = merge(local.tags, map(
“Name”, “regular_queue”
))
}

MajaScherman · August 23, 2024, 8:34am

The solution is just as officially documented. Add this and you should be good to go.

https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_redrive_allow_policy

resource "aws_sqs_queue" "src" {
  name = "srcqueue"

  redrive_policy = jsonencode({
    deadLetterTargetArn = aws_sqs_queue.example.arn
    maxReceiveCount     = 4
  })
}

resource "aws_sqs_queue" "example" {
  name = "examplequeue"
}

resource "aws_sqs_queue_redrive_allow_policy" "example" {
  queue_url = aws_sqs_queue.example.id

  redrive_allow_policy = jsonencode({
    redrivePermission = "byQueue",
    sourceQueueArns   = [aws_sqs_queue.src.arn]
  })
}

Topic		Replies	Views
How to resolve error messageswhen adding SQS redrive policy for deadletter queue created using for_each Terraform	0	1070	October 18, 2021
How to fix error message when adding SQS redrive policy for deadletter queue created using for_each Terraform	0	1205	October 18, 2021
Inconsistent Drift Detection for SQS redrive_policy – Is Terraform Ignoring DLQ Configurations? Terraform	1	92	August 20, 2025
Add DLQ after initial SQS queue has been deployed? AWS	0	984	April 7, 2020
Aws_sqs_queue_policy - error reported after TF apply Terraform Providers hcp-terraform	0	369	March 15, 2024

Redrive allow policy in a aws_sqs_queue

Related topics