From f35139b53d3a672a81eaf8fdce0930861270f6ce Mon Sep 17 00:00:00 2001 From: Joel Smith Date: Mon, 8 Nov 2021 16:40:58 -0800 Subject: [PATCH 1/8] add support for sqs --- aws/sqs/main.tf | 35 +++++++++++++++++++++++++++++++++++ aws/sqs/outputs.tf | 7 +++++++ aws/sqs/terraform.tf | 3 +++ aws/sqs/variables.tf | 38 ++++++++++++++++++++++++++++++++++++++ aws/sqs/versions.tf | 9 +++++++++ 5 files changed, 92 insertions(+) create mode 100644 aws/sqs/main.tf create mode 100644 aws/sqs/outputs.tf create mode 100644 aws/sqs/terraform.tf create mode 100644 aws/sqs/variables.tf create mode 100644 aws/sqs/versions.tf diff --git a/aws/sqs/main.tf b/aws/sqs/main.tf new file mode 100644 index 0000000..fdabe34 --- /dev/null +++ b/aws/sqs/main.tf @@ -0,0 +1,35 @@ +locals { + # This helps avoid queue names ending in "-" or "-.fifo" + given_queue_name = var.queue_name == "" ? "" : "-${var.queue_name}" + # All fifo queues must end in .fifo, per AWS rules + queue_suffix = var.is_fifo == true ? ".fifo" : "" + full_queue_name = "${var.stack}-${var.env}${local.given_queue_name}${local.queue_suffix}" +} + +resource "aws_sqs_queue" "this" { + name = local.full_queue_name + fifo_queue = var.is_fifo + content_based_deduplication = var.content_based_deduplication + receive_wait_time_seconds = var.receive_wait_time_seconds + visibility_timeout_seconds = var.visibility_timeout_seconds +} + +resource "aws_sqs_queue_policy" "this" { + queue_url = aws_sqs_queue.this.id + + policy = jsonencode( + { + Version : "2008-10-17" + Id : "__default_policy_ID" + Statement : [ + { + Sid : "__owner_statement" + Effect : "Allow" + Principal : "*" + Action : "sqs:*" + Resource : "${aws_sqs_queue.this.arn}" + } + ] + } + ) +} diff --git a/aws/sqs/outputs.tf b/aws/sqs/outputs.tf new file mode 100644 index 0000000..8e49fdd --- /dev/null +++ b/aws/sqs/outputs.tf @@ -0,0 +1,7 @@ +output "arn" { + value = aws_sqs_queue.this.arn +} + +output "full_queue_name" { + value = aws_sqs_queue.this.name +} diff --git a/aws/sqs/terraform.tf b/aws/sqs/terraform.tf new file mode 100644 index 0000000..f2151f3 --- /dev/null +++ b/aws/sqs/terraform.tf @@ -0,0 +1,3 @@ +terraform { + experiments = [module_variable_optional_attrs] +} diff --git a/aws/sqs/variables.tf b/aws/sqs/variables.tf new file mode 100644 index 0000000..2f3b921 --- /dev/null +++ b/aws/sqs/variables.tf @@ -0,0 +1,38 @@ +variable "stack" { + description = "The name of the stack" + type = string +} + +variable "env" { + description = "The name of the environment" + type = string +} + +variable "queue_name" { + description = "The shorthand name of the queue. The full queue name can be retrieved as an output. Note that an empty string is still a valid queue name." + type = string +} + +variable "visibility_timeout_seconds" { + description = "The amount of time allowed to the processor to process a message before it is declared failed. Defaults to 30 seconds." + type = number + default = 30 +} + +variable "receive_wait_time_seconds" { + description = "The time to wait when polling for new messages. Use 0 for immediate response. Longer values are preferred. AWS recommends a maximum of 20 seconds." + type = number + default = 5 +} + +variable "is_fifo" { + description = "Specifies if this queue should be a FIFO queue, which would preserve message ordering. Defaults to true." + type = bool + default = true +} + +variable "content_based_deduplication" { + description = "Specifies if this queue should use content-based deduplication. Must be false if using a standard (non-fifo) queue. Defaults to true" + type = bool + default = true +} diff --git a/aws/sqs/versions.tf b/aws/sqs/versions.tf new file mode 100644 index 0000000..b3dfba4 --- /dev/null +++ b/aws/sqs/versions.tf @@ -0,0 +1,9 @@ +terraform { + required_version = ">= 1.0" + + required_providers { + aws = { + source = "hashicorp/aws" + } + } +} From 73ed2e863c3694af32a151acf63bc51ff3ac5c1d Mon Sep 17 00:00:00 2001 From: Joel Smith Date: Mon, 8 Nov 2021 19:49:58 -0800 Subject: [PATCH 2/8] remove unused terraform experiment file --- aws/sqs/terraform.tf | 3 --- 1 file changed, 3 deletions(-) delete mode 100644 aws/sqs/terraform.tf diff --git a/aws/sqs/terraform.tf b/aws/sqs/terraform.tf deleted file mode 100644 index f2151f3..0000000 --- a/aws/sqs/terraform.tf +++ /dev/null @@ -1,3 +0,0 @@ -terraform { - experiments = [module_variable_optional_attrs] -} From 0cbd6c5910654bb4267d1402c8b5479d22b85cdc Mon Sep 17 00:00:00 2001 From: Joel Smith Date: Mon, 8 Nov 2021 19:50:27 -0800 Subject: [PATCH 3/8] Set default receive_wait to maximum val --- aws/sqs/variables.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws/sqs/variables.tf b/aws/sqs/variables.tf index 2f3b921..fb6e071 100644 --- a/aws/sqs/variables.tf +++ b/aws/sqs/variables.tf @@ -20,9 +20,9 @@ variable "visibility_timeout_seconds" { } variable "receive_wait_time_seconds" { - description = "The time to wait when polling for new messages. Use 0 for immediate response. Longer values are preferred. AWS recommends a maximum of 20 seconds." + description = "The time to wait when polling for new messages. Use 0 for immediate response. Longer values are preferred. Defaults to 20, which is the maximum." type = number - default = 5 + default = 20 } variable "is_fifo" { From ac6afb21668d381ad0aa1488b897019dd46bd602 Mon Sep 17 00:00:00 2001 From: Joel Smith Date: Mon, 8 Nov 2021 19:50:43 -0800 Subject: [PATCH 4/8] siimplify output name --- aws/sqs/outputs.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws/sqs/outputs.tf b/aws/sqs/outputs.tf index 8e49fdd..22e9a6f 100644 --- a/aws/sqs/outputs.tf +++ b/aws/sqs/outputs.tf @@ -2,6 +2,6 @@ output "arn" { value = aws_sqs_queue.this.arn } -output "full_queue_name" { +output "name" { value = aws_sqs_queue.this.name } From 858646d7cfd33dc0063431c068e5a0e45729f943 Mon Sep 17 00:00:00 2001 From: Joel Smith Date: Mon, 8 Nov 2021 19:51:36 -0800 Subject: [PATCH 5/8] only set content_dedupe if using fifo --- aws/sqs/main.tf | 2 +- aws/sqs/variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/aws/sqs/main.tf b/aws/sqs/main.tf index fdabe34..5c2bc93 100644 --- a/aws/sqs/main.tf +++ b/aws/sqs/main.tf @@ -9,7 +9,7 @@ locals { resource "aws_sqs_queue" "this" { name = local.full_queue_name fifo_queue = var.is_fifo - content_based_deduplication = var.content_based_deduplication + content_based_deduplication = var.is_fifo && var.content_based_deduplication receive_wait_time_seconds = var.receive_wait_time_seconds visibility_timeout_seconds = var.visibility_timeout_seconds } diff --git a/aws/sqs/variables.tf b/aws/sqs/variables.tf index fb6e071..a5fff06 100644 --- a/aws/sqs/variables.tf +++ b/aws/sqs/variables.tf @@ -32,7 +32,7 @@ variable "is_fifo" { } variable "content_based_deduplication" { - description = "Specifies if this queue should use content-based deduplication. Must be false if using a standard (non-fifo) queue. Defaults to true" + description = "Specifies if this queue should use content-based deduplication. Defaults to true. Note: If is_fifo is not set to true, then this value is ignored." type = bool default = true } From c123c3f1765a34efae5e9e1ad914579d79081117 Mon Sep 17 00:00:00 2001 From: Joel Smith Date: Mon, 8 Nov 2021 19:51:58 -0800 Subject: [PATCH 6/8] use standard variable name for "name" --- aws/sqs/main.tf | 4 ++-- aws/sqs/variables.tf | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/aws/sqs/main.tf b/aws/sqs/main.tf index 5c2bc93..7a903ba 100644 --- a/aws/sqs/main.tf +++ b/aws/sqs/main.tf @@ -1,8 +1,8 @@ locals { # This helps avoid queue names ending in "-" or "-.fifo" - given_queue_name = var.queue_name == "" ? "" : "-${var.queue_name}" + given_queue_name = var.identifier == "" ? "" : "-${var.identifier}" # All fifo queues must end in .fifo, per AWS rules - queue_suffix = var.is_fifo == true ? ".fifo" : "" + queue_suffix = var.is_fifo ? ".fifo" : "" full_queue_name = "${var.stack}-${var.env}${local.given_queue_name}${local.queue_suffix}" } diff --git a/aws/sqs/variables.tf b/aws/sqs/variables.tf index a5fff06..c65181d 100644 --- a/aws/sqs/variables.tf +++ b/aws/sqs/variables.tf @@ -8,7 +8,7 @@ variable "env" { type = string } -variable "queue_name" { +variable "identifier" { description = "The shorthand name of the queue. The full queue name can be retrieved as an output. Note that an empty string is still a valid queue name." type = string } From 9ee4dd65fec7f2421ed40e395f09f21671274555 Mon Sep 17 00:00:00 2001 From: Joel Smith Date: Wed, 10 Nov 2021 11:23:21 -0800 Subject: [PATCH 7/8] add the url to the output --- aws/sqs/outputs.tf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/aws/sqs/outputs.tf b/aws/sqs/outputs.tf index 22e9a6f..ceacaf9 100644 --- a/aws/sqs/outputs.tf +++ b/aws/sqs/outputs.tf @@ -5,3 +5,7 @@ output "arn" { output "name" { value = aws_sqs_queue.this.name } + +output "url" { + value = aws_sqs_queue.this.url +} From 884bc6ff3ec5f2ae720caf580006d75070d72d61 Mon Sep 17 00:00:00 2001 From: Joel Smith Date: Wed, 10 Nov 2021 11:23:31 -0800 Subject: [PATCH 8/8] remove security policy --- aws/sqs/main.tf | 20 -------------------- 1 file changed, 20 deletions(-) diff --git a/aws/sqs/main.tf b/aws/sqs/main.tf index 7a903ba..cedb827 100644 --- a/aws/sqs/main.tf +++ b/aws/sqs/main.tf @@ -13,23 +13,3 @@ resource "aws_sqs_queue" "this" { receive_wait_time_seconds = var.receive_wait_time_seconds visibility_timeout_seconds = var.visibility_timeout_seconds } - -resource "aws_sqs_queue_policy" "this" { - queue_url = aws_sqs_queue.this.id - - policy = jsonencode( - { - Version : "2008-10-17" - Id : "__default_policy_ID" - Statement : [ - { - Sid : "__owner_statement" - Effect : "Allow" - Principal : "*" - Action : "sqs:*" - Resource : "${aws_sqs_queue.this.arn}" - } - ] - } - ) -}