Skip to content

Module Structure

terraform-aws-arc-sqs

Latest Release Last Updated Terraform GitHub Actions

Quality gate

Overview

SourceFuse AWS Reference Architecture (ARC) Terraform module for managing Amazon SQS queues with enterprise-grade features and security best practices.

Features

  • Multiple Queue Types: Support for both Standard and FIFO queues with comprehensive configuration options
  • Dead Letter Queue Support: Automatic DLQ provisioning with configurable retry policies for reliable message handling
  • Flexible Encryption: Choice between SQS-managed SSE or customer-managed KMS encryption with automatic key rotation
  • Message Configuration: Fine-grained control over retention, visibility timeouts, delays, and long polling
  • Queue Policies: Integrated IAM policy management with support for cross-account and service access patterns
  • High Throughput FIFO: Advanced FIFO configurations with per-message-group throughput and deduplication scopes
  • Modular Design: Integrates seamlessly with other SourceFuse ARC modules (SNS, KMS, Tags)

Usage

See the examples directory for full examples.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
module "sqs" {
  source  = "sourcefuse/arc-sqs/aws"
  version = "0.0.1"

  name = "my-application-queue"

  # Enable Dead Letter Queue for reliability
  dlq_config = {
    enabled           = true
    max_receive_count = 5
  }

  # Configure long polling for cost optimization
  message_config = {
    receive_wait_time_seconds = 20
    visibility_timeout        = 300
    retention_seconds         = 345600  # 4 days
  }

  tags = module.tags.tags

}

Examples

For detailed usage instructions, see the Module Usage Guide.

Versioning

This project uses a .version file at the root. Increment this version before committing to main. The pipeline will automatically tag the commit.

Development

Prerequisites

Configurations

  • Configure pre-commit hooks 
    1
    pre-commit install

Versioning

Specify the version bump in commit messages using #major, #minor, or #patch.

Example:

1
git commit -m "your commit message #major"

Default: #patch

Tests

  • Tests are available in test directory
  • Configure the dependencies 
    1
2
3
    cd test/
go mod init github.com/sourcefuse/terraform-aws-arc-sqs
go get github.com/gruntwork-io/terratest/modules/terraform
  • Now execute the test 
    1
    go test -timeout  30m

Authors

This project is authored by: - SourceFuse ARC Team

Requirements

Name Version
terraform ~> 1.3, < 2.0.0
aws >= 5.0, < 7.0

Providers

Name Version
aws 6.16.0

Modules

Name Source Version
kms sourcefuse/arc-kms/aws 1.0.11

Resources

Name Type
aws_sqs_queue.dlq resource
aws_sqs_queue.this resource
aws_sqs_queue_policy.this resource
aws_caller_identity.current data source
aws_iam_policy_document.this data source

Inputs

Name Description Type Default Required
custom_redrive_policy JSON policy to specify an external dead-letter queue (instead of using dlq_config) string null no
dlq_config Dead Letter Queue configuration. Set enabled=true to create DLQ 
object({
    enabled                     = optional(bool, false)
    name                        = optional(string, null)
    max_receive_count           = optional(number, 3)
    message_retention_seconds   = optional(number, 1209600)
    delay_seconds               = optional(number, 0)
    max_message_size            = optional(number, 262144)
    receive_wait_time_seconds   = optional(number, 0)
    visibility_timeout          = optional(number, 30)
    content_based_deduplication = optional(bool, false)
    deduplication_scope         = optional(string, null)
    throughput_limit            = optional(string, null)
    redrive_allow_policy        = optional(string, null)
  })
 
{
  "enabled": false
}
 no
fifo_config FIFO queue configuration. Set enabled=true for FIFO queue. deduplication_scope valid values: messageGroup, queue. throughput_limit valid values: perQueue, perMessageGroupId 
object({
    enabled                     = optional(bool, false)
    content_based_deduplication = optional(bool, false)
    deduplication_scope         = optional(string, null)
    throughput_limit            = optional(string, null)
  })
 
{
  "enabled": false
}
 no
kms_config KMS encryption configuration. If null, uses AWS managed SSE-SQS encryption 
object({
    key_arn               = optional(string, null)
    create_key            = optional(bool, false)
    data_key_reuse_period = optional(number, 300)
    deletion_window_days  = optional(number, 7)
    rotation_enabled      = optional(bool, true)
    alias                 = optional(string, null)
    policy                = optional(string, null)
  })
 null no
message_config Message handling configuration 
object({
    delay_seconds             = optional(number, 0)
    max_message_size          = optional(number, 262144)
    retention_seconds         = optional(number, 345600)
    receive_wait_time_seconds = optional(number, 0)
    visibility_timeout        = optional(number, 30)
  })
 {} no
name Name of the SQS queue. If fifo_queue is set to true, the name must end with .fifo string n/a yes
policy_config Queue policy configuration 
object({
    create                    = optional(bool, false)
    policy_json               = optional(string, null)
    source_policy_documents   = optional(list(string), [])
    override_policy_documents = optional(list(string), [])
  })
 
{
  "create": false
}
 no
redrive_allow_policy JSON policy to control which source queues can specify this queue as their dead-letter queue string null no
tags A map of tags to assign to all resources map(string) {} no

Outputs

Name Description
dlq_arn The ARN of the SQS dead letter queue
dlq_id The URL for the created Amazon SQS dead letter queue
dlq_name The name of the SQS dead letter queue
dlq_url Same as dlq_id: The URL for the created Amazon SQS dead letter queue
kms_alias_arn The Amazon Resource Name (ARN) of the KMS alias
kms_alias_name The display name of the KMS alias
kms_key_arn The Amazon Resource Name (ARN) of the KMS key used for encryption
kms_key_id The globally unique identifier for the KMS key
queue_arn The ARN of the SQS queue
queue_id The URL for the created Amazon SQS queue
queue_name The name of the SQS queue
queue_policy The JSON policy of the SQS queue
queue_url Same as queue_id: The URL for the created Amazon SQS queue