Creates an AWS SQS queue.
module "sqs_queue" {
source = "dod-iac/sqs-queue/aws"
name = format("app-%s-%s", var.application, var.environment)
tags = {
Application = var.application
Environment = var.environment
Automation = "Terraform"
}
}Creates an AWS SQS queue with messages encrypted using a custom KMS key.
module "sqs_kms_key" {
source = "dod-iac/sqs-kms-key/aws"
name = format("alias/app-%s-sqs-%s", var.application, var.environment)
description = format("A KMS key used to encrypt messages in SQS queues for %s:%s.", var.application, var.environment)
principals = [aws_iam_role.main.arn]
tags = local.project_tags
}
data "aws_iam_policy_document" "policy" {
policy_id = "queue-policy"
statement {
sid = "AllowPrincipals"
actions = [
"sqs:SendMessage",
"sqs:GetQueueAttributes",
"sqs:ReceiveMessage",
"sqs:DeleteMessage"
]
effect = "Allow"
principals {
type = "AWS"
identifiers = [aws_iam_role.main.arn]
}
resources = [format(
"arn:%s:sqs:%s:%s:app-%s-%s",
data.aws_partition.current.partition,
data.aws_region.current.name,
data.aws_caller_identity.current.account_id,
var.application,
var.environment
)]
}
}
module "sqs_queue" {
source = "dod-iac/sqs-queue/aws"
kms_key_arn = module.sqs_kms_key.aws_kms_key_arn
name = format("app-%s-%s", var.application, var.environment)
policy = data.aws_iam_policy_document.policy.json
tags = {
Application = var.application
Environment = var.environment
Automation = "Terraform"
}
}Run tests using the terratest script. If using aws-vault, you could use aws-vault exec $AWS_PROFILE -- terratest. The AWS_DEFAULT_REGION, TT_ACCOUNT_ID, and TT_USER_ARN environment variables are required by the tests. Use TT_SKIP_DESTROY=1 to not destroy the infrastructure created during the tests.
Terraform 0.13. Pin module version to ~> 1.0.0 . Submit pull-requests to master branch.
Terraform 0.11 and 0.12 are not supported.
AWS GovCloud does not yet support custom redrive allow policies as implemented by the source_queues variable. The default policy allows all queues in the account to use the dead-letter queue.
This project constitutes a work of the United States Government and is not subject to domestic copyright protection under 17 USC § 105. However, because the project utilizes code licensed from contributors and other third parties, it therefore is licensed under the MIT License. See LICENSE file for more information.
| Name | Version |
|---|---|
| terraform | >= 0.13 |
| aws | >= 3.0, < 5.0 |
| Name | Version |
|---|---|
| aws | >= 3.0, < 5.0 |
No modules.
| Name | Type |
|---|---|
| aws_sqs_queue.main | resource |
| aws_caller_identity.current | data source |
| aws_partition.current | data source |
| aws_region.current | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| dead_letter_queue | The ARN of the dead-letter queue. | string |
"" |
no |
| kms_key_arn | The ARN of the KMS key used to encrypt messages at-rest. | string |
"" |
no |
| max_receive_count | The maximum number of receives for a message before it is moved to the dead-letter queue. | number |
10 |
no |
| name | The name of the SQS queue. | string |
n/a | yes |
| policy | The JSON policy for the SQS queue. | string |
"" |
no |
| source_queues | The ARN of the queues that use this queue as a dead-letter queue. | list(string) |
[] |
no |
| tags | Tags applied to the SQS queue. | map(string) |
{} |
no |
| visibility_timeout_seconds | The visibility timeout for the queue. An integer from 0 to 43200 (12 hours). | number |
30 |
no |
| Name | Description |
|---|---|
| arn | The Amazon Resource Name (ARN) of the queue. |
| url | The url of the queue. |