Skip to content
Open
Show file tree
Hide file tree
Changes from 1 commit
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
35 changes: 35 additions & 0 deletions aws/sqs/main.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,35 @@
locals {
# This helps avoid queue names ending in "-" or "-.fifo"
given_queue_name = var.queue_name == "" ? "" : "-${var.queue_name}"
# All fifo queues must end in .fifo, per AWS rules
queue_suffix = var.is_fifo == true ? ".fifo" : ""
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

var.is_fifo ? ".fifo" : ""

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh, we have the == is true in a couple of other places, I think? I thought I just needed it. I'll fix that.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If you find any others, feel free to lump in a cleanup of 'em 😁

full_queue_name = "${var.stack}-${var.env}${local.given_queue_name}${local.queue_suffix}"
}

resource "aws_sqs_queue" "this" {
name = local.full_queue_name
fifo_queue = var.is_fifo
content_based_deduplication = var.content_based_deduplication
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Maybe we should enforce that this is false for non-fifo queues (with a note in the variable description)?

content_based_deduplication  = var.is_fifo  && var.content_based_deduplication

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Ah, I was trying to do something like that, while still allowing for a fifo: true / dedupe: false, and I was having problems doing that. && should do it though.

receive_wait_time_seconds = var.receive_wait_time_seconds
visibility_timeout_seconds = var.visibility_timeout_seconds
}

resource "aws_sqs_queue_policy" "this" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

On a more general note, we probably shouldn't have a default policy, especially one so permissive (this one makes any action on the queue open to anyone in the world i believe). At best, we could have a policy statement variable that can be passed in. For most cases, permission to the queue should be granted through an IAM role rather than a queue policy

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good call. I started this a month ago based on what we had in perfected. I had to make a number of minor tweaks, so I'm not surprised the policy isn't perfect. I think cognito does a policy passing, or something close to that. i'll review and see if I can follow the same thing.

queue_url = aws_sqs_queue.this.id

policy = jsonencode(
{
Version : "2008-10-17"
Id : "__default_policy_ID"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this line seems unnecessary

Statement : [
{
Sid : "__owner_statement"
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this line also seems unnecessary

Effect : "Allow"
Principal : "*"
Action : "sqs:*"
Resource : "${aws_sqs_queue.this.arn}"
}
]
}
)
}
7 changes: 7 additions & 0 deletions aws/sqs/outputs.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
output "arn" {
value = aws_sqs_queue.this.arn
}

output "full_queue_name" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit, i think calling it name is good enough

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Fair. I thought it was a bit weird that you'd have something like:

module "sqs" {
  queue_name = "blah"
}

and then later:

queue_name = module.sqs.name

and those not being the same thing.

value = aws_sqs_queue.this.name
}
3 changes: 3 additions & 0 deletions aws/sqs/terraform.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
terraform {
experiments = [module_variable_optional_attrs]
}
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

this file doesn't seem necessary (I don't see any use of the optional type

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I was using defaults earlier. I'll remove that.

38 changes: 38 additions & 0 deletions aws/sqs/variables.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,38 @@
variable "stack" {
description = "The name of the stack"
type = string
}

variable "env" {
description = "The name of the environment"
type = string
}

variable "queue_name" {
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit, i've been calling these identifier to be less ambiguous, though your description does do a decent job clarifying, so.. 🤷‍♂️

description = "The shorthand name of the queue. The full queue name can be retrieved as an output. Note that an empty string is still a valid queue name."
type = string
}

variable "visibility_timeout_seconds" {
description = "The amount of time allowed to the processor to process a message before it is declared failed. Defaults to 30 seconds."
type = number
default = 30
}

variable "receive_wait_time_seconds" {
description = "The time to wait when polling for new messages. Use 0 for immediate response. Longer values are preferred. AWS recommends a maximum of 20 seconds."
type = number
default = 5
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

why shorten this from 20?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I shortened it because 20 is the maximum, and I think the configuration we were looking at in perfected was 10 seconds. Thinking about this a bit more, and doing a bit more reading, I think it makes sense to set it to a large value, and have those that need to adjust downward.

}

variable "is_fifo" {
description = "Specifies if this queue should be a FIFO queue, which would preserve message ordering. Defaults to true."
type = bool
default = true
}

variable "content_based_deduplication" {
description = "Specifies if this queue should use content-based deduplication. Must be false if using a standard (non-fifo) queue. Defaults to true"
type = bool
default = true
}
9 changes: 9 additions & 0 deletions aws/sqs/versions.tf
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
terraform {
required_version = ">= 1.0"

required_providers {
aws = {
source = "hashicorp/aws"
}
}
}