-
Notifications
You must be signed in to change notification settings - Fork 9.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot use SQS redrive_allow_policy
correctly without creating a cycle
#22577
Comments
I think it would be good to move DLQ redrive to a separate resource, so it can be dependant on normal queue and DLQ and do not create a cycle loop. |
Hey, we are also facing this issue, any news on it? |
Facing the same issue, I had to put redrivePermission = "allowAll" in order to make it work, but not satisfaisant |
Same issue, tho gonna live with a workaround for now. |
I tested it in version 1.1.7 because I was facing the same problem, and realized that the dead letter sqs queue needs to be implemented first. You have to create arn string "arn:aws:sqs:region:account_number:mysqsqueue" in the redrive_allow_policy of the sqs dead letter queue. And at the main sqs queue you can point to the dead letter queue using arn attribute. This way the main sqs queue will depend on the sqs dead letter queue (you could also use depends_on, but it is not required in this case). |
It would be nice if you could directly reference the name from the main queues, as TF can know that before applying. resource "aws_sqs_queue" "main_queue" {
name = "main-queue"
redrive_policy = jsonencode({
deadLetterTargetArn = aws_sqs_queue.dead_letter.arn
maxReceiveCount = 10
})
}
resource "aws_sqs_queue" "dead_letter" {
name = "dead-letter-queue"
redrive_allow_policy = jsonencode({
redrivePermission = "byQueue",
sourceQueueArns = [
# Required to either hard code or use a local for the name variable to avoid the cycle error.
"arn:aws:sqs:${var.region}:${var.account_id}:main-queue",
# Would be nice to just reference the already known name.
"arn:aws:sqs:${var.region}:${var.account_id}:${aws_sqs_queue.main_queue.name}"
]
})
} |
same as @taylor-knapp , with the last AWS provider to date (4.24.0), this code led to cycle error resource "aws_sqs_queue" "queue" {
name = "queue"
redrive_policy = jsonencode({
deadLetterTargetArn = aws_sqs_queue.dlq_queue.arn
maxReceiveCount = 36
})
}
resource "aws_sqs_queue" "dlq_queue" {
name = "dlq_queue"
redrive_allow_policy = jsonencode({
redrivePermission = "byQueue",
sourceQueueArns = [aws_sqs_queue.queue.arn]
})
} |
Same workaround as #22577 (comment) I had to construct the
|
This functionality has been released in v4.31.0 of the Terraform AWS Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you! |
Hi, |
@ewbankkit Please re-open this one as it is currently unsolved. |
The solution to prevent circle is to create separate redrive_allow_policy resource as the example in the URL below |
@chuong-tran The docs for the |
@timothyclarke I see. Thanks! |
I was facing an issue with the sample provided at Where I went wrong was by deviating. I had...
And that gave me an AWS 400 Resource Error on the source queue However, once I named both the DLQ and the RedriveAllowPolicy the same, it worked.
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. |
The Example Usage for
aws_sqs_queue
shows a “source queue” with both aredrive_policy
and aredrive_allow_policy
set, however as per the AWS docs the “byQueue”redrive_allow_policy
belongs on the dead letter queue itself:Since you set a
redrive_policy
on the source queue which points to a dead letter queue, and aredrive_allow_policy
on the dead letter queue restricting which source queues can redrive to it, it is not possible to represent this relationship in Terraform without creating a cycle.Community Note
Terraform CLI and Terraform AWS Provider Version
Affected Resource(s)
Terraform Configuration Files
Please include all Terraform configurations required to reproduce the bug. Bug reports without a functional reproduction may be closed without investigation.
Debug Output
https://gist.github.com/davecardwell/236f84642a90536d442cbfc4434f8da1
Panic Output
N/A
Expected Behavior
Success. It should be possible to configure a
RedriveAllowPolicy
without creating a circular dependency.Actual Behavior
Steps to Reproduce
terraform validate
Important Factoids
N/A
References
The text was updated successfully, but these errors were encountered: