From e78e87e619232beb927eecce730a3d81e439edb7 Mon Sep 17 00:00:00 2001 From: badra001 Date: Mon, 28 Mar 2022 11:47:41 -0400 Subject: [PATCH 1/2] add sqs code --- README.md | 7 ++++ sqs.tf | 119 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 126 insertions(+) diff --git a/README.md b/README.md index 93e1627..60d7685 100644 --- a/README.md +++ b/README.md @@ -116,11 +116,18 @@ No modules. | [aws_lambda_permission.allow_cloudwatch](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource | | [aws_sns_topic.topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource | | [aws_sns_topic_policy.topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_policy) | resource | +| [aws_sns_topic_subscription.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource | +| [aws_sqs_queue.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | +| [aws_sqs_queue.queue_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue) | resource | +| [aws_sqs_queue_policy.queue](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource | +| [aws_sqs_queue_policy.queue_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue_policy) | resource | | [aws_arn.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/arn) | data source | | [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source | | [aws_iam_policy.lambda_policies](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy) | data source | | [aws_iam_policy_document.lambda_assume](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.lambda_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.queue_sqs](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | +| [aws_iam_policy_document.queue_sqs_deadletter](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_iam_policy_document.topic](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source | | [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source | diff --git a/sqs.tf b/sqs.tf index e69de29..9e2911b 100644 --- a/sqs.tf +++ b/sqs.tf @@ -0,0 +1,119 @@ +locals { + sqs_name = var.sqs_queue_name != null ? var.sws_queue_name : local.name + enable_sqs = var.enable_sns && var.enable_sqs +} + +resource "aws_sqs_queue" "queue_deadletter" { + count = var.create && local.enable_sqs ? 1 : 0 + # delay=0 retention=4d max=256k visibility=1h + name = format("%v-deadletter", local.sqs_name) + delay_seconds = 0 + max_message_size = 262144 + message_retention_seconds = 345600 + receive_wait_time_seconds = 15 + visibility_timeout_seconds = 3600 + + kms_master_key_id = "alias/aws/sqs" + kms_data_key_reuse_period_seconds = 300 + + tags = merge( + local.base_tags, + var.tags, + { "Name" = format("%v-deadletter", local.sqs_name) }, + ) + + lifecycle { + ignore_changes = [tags["boc:tf_module_version"]] + } +} + +resource "aws_sqs_queue_policy" "queue_deadletter" { + count = var.create && local.enable_sqs ? 1 : 0 + queue_url = aws_sqs_queue.queue_deadletter[0].id + policy = data.aws_iam_policy_document.queue_sqs_deadletter[0].json +} + +data "aws_iam_policy_document" "queue_sqs_deadletter" { + count = var.create && local.enable_sqs ? 1 : 0 + statement { + sid = "AllowSQSReceiveMessage" + effect = "Allow" + actions = ["SQS:ReceiveMessage"] + resources = [aws_sqs_queue.queue_deadletter[0].arn] + + principals { + type = "AWS" + identifiers = ["*"] + } + + condition { + test = "ArnEquals" + variable = "aws:SourceArn" + values = [aws_sqs_queue.queue[0].arn] + } + } +} + +resource "aws_sqs_queue" "queue" { + count = var.create && local.enable_sqs ? 1 : 0 + # delay=0 retention=7d max=256k visibity=2h + name = local.sqs_name + delay_seconds = 0 + max_message_size = 262144 + message_retention_seconds = 604800 + receive_wait_time_seconds = 0 + visibility_timeout_seconds = 600 + + redrive_policy = < Date: Mon, 28 Mar 2022 11:52:41 -0400 Subject: [PATCH 2/2] fix, update variable doc --- CHANGELOG.md | 2 ++ README.md | 2 +- sqs.tf | 3 ++- variables.tf | 2 +- version.tf | 2 +- 5 files changed, 7 insertions(+), 4 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 135cd3b..8393157 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -71,3 +71,5 @@ * 0.2.3 -- 2022-03-28 - code 0.2.2 fixes for json.loads and API limits (#20, #22) +* 0.2.4 -- 2022-03-28 + - add code to enable sqs diff --git a/README.md b/README.md index 60d7685..5d82a6f 100644 --- a/README.md +++ b/README.md @@ -141,7 +141,7 @@ No modules. | [create](#input\_create) | Flag to indicate whether to create the resources or not (default: true) | `bool` | `true` | no | | [dynamodb\_table\_name](#input\_dynamodb\_table\_name) | Different DynamoDB table name to override default of var.name | `string` | `null` | no | | [enable\_sns](#input\_enable\_sns) | Enable use of SNS for reporting errors | `bool` | `false` | no | -| [enable\_sqs](#input\_enable\_sqs) | Enable use of SQS for SNS to send errors | `bool` | `false` | no | +| [enable\_sqs](#input\_enable\_sqs) | Enable use of SQS for SNS to send errors. Requires the use of enable\_sns as well | `bool` | `false` | no | | [lambda\_environment\_variables](#input\_lambda\_environment\_variables) | Map of lambda environment variables and values | `map(string)` | 
{
  "DNS_RR_TimeToLive": 60,
  "DynamoDBName": null,
  "HeritageIdentifier": "dynr53",
  "HeritageTXTRecordPrefix": "_txt",
  "MaxApiRetry": 10,
  "SleepTime": 60,
  "SnsEnable": false,
  "SnsTopicArn": "",
  "TagKeyCname": "boc:dns:cname",
  "TagKeyHostName": "boc:dns:name",
  "TagKeyZone": "boc:dns:zone"
}
| no | | [lambda\_environment\_variables\_override](#input\_lambda\_environment\_variables\_override) | Map of lambda environment variables and values to override from the defaults | `map(string)` | `{}` | no | | [lambda\_name](#input\_lambda\_name) | Different Lambda name to override default of var.name | `string` | `null` | no | diff --git a/sqs.tf b/sqs.tf index 9e2911b..8f18e3d 100644 --- a/sqs.tf +++ b/sqs.tf @@ -1,5 +1,5 @@ locals { - sqs_name = var.sqs_queue_name != null ? var.sws_queue_name : local.name + sqs_name = var.sqs_queue_name != null ? var.sqs_queue_name : local.name enable_sqs = var.enable_sns && var.enable_sqs } @@ -113,6 +113,7 @@ data "aws_iam_policy_document" "queue_sqs" { } resource "aws_sns_topic_subscription" "queue" { + count = var.create && local.enable_sqs ? 1 : 0 protocol = "sqs" topic_arn = aws_sns_topic.topic[0].arn endpoint = aws_sqs_queue.queue[0].arn diff --git a/variables.tf b/variables.tf index 4177326..d98a927 100644 --- a/variables.tf +++ b/variables.tf @@ -59,7 +59,7 @@ variable "enable_sns" { } variable "enable_sqs" { - description = "Enable use of SQS for SNS to send errors" + description = "Enable use of SQS for SNS to send errors. Requires the use of enable_sns as well" type = bool default = false } diff --git a/version.tf b/version.tf index 7015a93..c0869d8 100644 --- a/version.tf +++ b/version.tf @@ -1,3 +1,3 @@ locals { - _module_version = "0.2.3" + _module_version = "0.2.4" }