Add suport for RedriveAllowPolicy in the Queue construct #19766

VarshaVid · 2022-04-05T17:57:18Z

Describe the feature

The CfnQueue construct the "source queue" policy for a DLQ redrive to be specified using the redriveAllowPolicy parameter but the Queue construct does not support this. Requesting to please add this support.

Use Case

SQS recently launched a feature to allow redriving DLQs via the AWS console which will help to make it super easy to redrive DLQs but it also creates a possibility for error when selecting the destination queue and a human can accidentally choose the wrong queue to redrive to. To mitigate this, SQS allows for a DLQ to be configured with a "source queue" that the messages will always be re-drived to so that selection does not need to be made for every redrive. We want to use that for our CDK-managed queues to avoid mistakes during redrives.

Proposed Solution

I propose making following changes:

Add a new parameter called redriveAllowPolicy to the QueueProps construct, with type IRedriveAllowPolicy
Define IRedriveAllowPolicy with 1 method to generate the corresponding CFN parameters
Define 3 implementations of IRedriveAllowPolicy to "AllowAll", "DenyAll" and "ByQueue" policy as mentioned in the CfnQueue
Populate the redriveAllowPolicy when creating the CfnQueue during the constructor for Queue

Other Information

No response

Acknowledgements

I may be able to implement this feature request
This feature might incur a breaking change

CDK version used

1.141

Environment details (OS name and version, etc.)

AmazonLinux2, Windows 10

The text was updated successfully, but these errors were encountered:

jdelStrother · 2023-06-13T09:10:40Z

Am I right in thinking this would fix the "Change permissions and CloudTrail update for SQS Dead-letter queue (DLQ) redrive " prompt emails that AWS have started sending out?

…ues (#28745) This PR allows for the configuration of constraints on source queues that can designate this queue as their dead letter queue. ```ts declare const sourceQueue: sqs.IQueue; // Only the sourceQueue can specify this queue as the dead-letter queue. const queue1 = new sqs.Queue(this, 'Queue1', { redriveAllowPolicy: { sourceQueues: [sourceQueue], } }); // No source queues can specify this queue as the dead-letter queue. const queue2 = new sqs.Queue(this, 'Queue2', { redriveAllowPolicy: { redrivePermission: sqs.RedrivePermission.DENY_ALL, } }); ``` Closes #19766. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

github-actions · 2024-01-29T22:57:05Z

⚠️COMMENT VISIBILITY WARNING⚠️

Comments on closed issues are hard for our team to see.
If you need more assistance, please either tag a team member or open a new issue that references this one.
If you wish to keep having a conversation with other community members under this issue feel free to do so.

…ues (aws#28745) This PR allows for the configuration of constraints on source queues that can designate this queue as their dead letter queue. ```ts declare const sourceQueue: sqs.IQueue; // Only the sourceQueue can specify this queue as the dead-letter queue. const queue1 = new sqs.Queue(this, 'Queue1', { redriveAllowPolicy: { sourceQueues: [sourceQueue], } }); // No source queues can specify this queue as the dead-letter queue. const queue2 = new sqs.Queue(this, 'Queue2', { redriveAllowPolicy: { redrivePermission: sqs.RedrivePermission.DENY_ALL, } }); ``` Closes aws#19766. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

…ues (#28745) This PR allows for the configuration of constraints on source queues that can designate this queue as their dead letter queue. ```ts declare const sourceQueue: sqs.IQueue; // Only the sourceQueue can specify this queue as the dead-letter queue. const queue1 = new sqs.Queue(this, 'Queue1', { redriveAllowPolicy: { sourceQueues: [sourceQueue], } }); // No source queues can specify this queue as the dead-letter queue. const queue2 = new sqs.Queue(this, 'Queue2', { redriveAllowPolicy: { redrivePermission: sqs.RedrivePermission.DENY_ALL, } }); ``` Closes #19766. ---- *By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license*

VarshaVid added feature-request A feature should be added or improved. needs-triage This issue or PR still needs to be triaged. labels Apr 5, 2022

github-actions bot added the @aws-cdk/aws-sqs Related to Amazon Simple Queue Service label Apr 5, 2022

github-actions bot assigned otaviomacedo Apr 5, 2022

otaviomacedo added p2 effort/small Small work item – less than a day of effort and removed needs-triage This issue or PR still needs to be triaged. labels Jun 27, 2022

otaviomacedo removed their assignment Jun 27, 2022

badmintoncryer mentioned this issue Jan 17, 2024

feat(sqs): support for permission settings for dead letter source queues #28745

Merged

mergify bot closed this as completed in #28745 Jan 29, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add suport for RedriveAllowPolicy in the Queue construct #19766

Add suport for RedriveAllowPolicy in the Queue construct #19766

VarshaVid commented Apr 5, 2022

jdelStrother commented Jun 13, 2023

github-actions bot commented Jan 29, 2024