Terraform
AWS SNS Topics and Subscriptions with Terraform
Create AWS SNS topics and subscriptions with Terraform. Email, SQS, Lambda, and HTTP endpoints with encryption and access policies.
2 min read
Terraform
AWS SQS Queues with Terraform - Complete Guide
Create AWS SQS queues with Terraform. Standard and FIFO queues, dead-letter queues, encryption, Lambda triggers, and message retention policies.
LLuca Berton1 min read
Quick Answer
#resource "aws_sqs_queue" "main" {
name = "my-queue"
visibility_timeout_seconds = 30
message_retention_seconds = 86400
}Standard Queue with Dead-Letter Queue
#resource "aws_sqs_queue" "dlq" {
name = "${var.project}-dlq"
message_retention_seconds = 1209600 # 14 days
tags = { Environment = var.environment }
}
resource "aws_sqs_queue" "main" {
name = "${var.project}-queue"
visibility_timeout_seconds = 60
message_retention_seconds = 345600 # 4 days
receive_wait_time_seconds = 20 # Long polling
sqs_managed_sse_enabled = true # Encryption at rest
redrive_policy = jsonencode({
deadLetterTargetArn = aws_sqs_queue.dlq.arn
maxReceiveCount = 3 # Move to DLQ after 3 failures
})
tags = { Environment = var.environment }
}
# Allow DLQ to receive from main queue
resource "aws_sqs_queue_redrive_allow_policy" "dlq" {
queue_url = aws_sqs_queue.dlq.id
redrive_allow_policy = jsonencode({
redrivePermission = "byQueue"
sourceQueueArns = [aws_sqs_queue.main.arn]
})
}FIFO Queue
#resource "aws_sqs_queue" "fifo" {
name = "${var.project}-orders.fifo"
fifo_queue = true
content_based_deduplication = true
deduplication_scope = "messageGroup"
fifo_throughput_limit = "perMessageGroupId"
visibility_timeout_seconds = 60
tags = { Environment = var.environment }
}Lambda Trigger
#resource "aws_lambda_event_source_mapping" "sqs" {
event_source_arn = aws_sqs_queue.main.arn
function_name = aws_lambda_function.processor.arn
batch_size = 10
maximum_batching_window_in_seconds = 5
function_response_types = ["ReportBatchItemFailures"]
}
# Lambda needs permission to read from SQS
resource "aws_iam_role_policy_attachment" "lambda_sqs" {
role = aws_iam_role.lambda.name
policy_arn = "arn:aws:iam::aws:policy/service-role/AWSLambdaSQSQueueExecutionRole"
}Queue Access Policy
#resource "aws_sqs_queue_policy" "main" {
queue_url = aws_sqs_queue.main.id
policy = jsonencode({
Version = "2012-10-17"
Statement = [{
Sid = "AllowSNS"
Effect = "Allow"
Principal = { Service = "sns.amazonaws.com" }
Action = "sqs:SendMessage"
Resource = aws_sqs_queue.main.arn
Condition = {
ArnEquals = { "aws:SourceArn" = aws_sns_topic.events.arn }
}
}]
})
}Standard vs FIFO
#| Feature | Standard | FIFO |
|---|---|---|
| Throughput | Unlimited | 3,000 msg/s (with batching) |
| Ordering | Best effort | Guaranteed per message group |
| Delivery | At least once | Exactly once |
| Name suffix | Any | Must end in .fifo |
| Deduplication | None | Built-in or content-based |
| Cost | Lower | ~25% higher |
Configuration Defaults
#| Setting | Default | Recommendation |
|---|---|---|
visibility_timeout_seconds | 30 | 6× your Lambda timeout |
message_retention_seconds | 345600 (4 days) | 14 days for DLQ |
receive_wait_time_seconds | 0 | 20 (long polling saves cost) |
max_message_size | 262144 (256KB) | Use S3 for larger payloads |
Related Articles
#Conclusion
#Always pair main queues with dead-letter queues for reliability. Use long polling (receive_wait_time_seconds = 20) to reduce costs, set visibility timeout to 6× your consumer's processing time, and enable encryption. Use FIFO queues only when ordering or exactly-once delivery matters.
#Terraform#AWS#SQS#Messaging#Infrastructure as Code
Related articles
Terraform
AWS CloudFront CDN with Terraform - Complete Guide
Deploy AWS CloudFront distributions with Terraform. S3 origin, ALB origin, custom domains, SSL certificates, cache policies, and WAF integration.
3 min read
Terraform
AWS ElastiCache Redis with Terraform - Complete Guide
Deploy AWS ElastiCache Redis with Terraform. Cluster mode, replication groups, subnet groups, encryption, and parameter group configuration.
2 min read
Terraform
AWS Kinesis Data Streams with Terraform
Deploy AWS Kinesis Data Streams with Terraform. Stream configuration, shard management, Lambda consumers, Firehose delivery, and encryption settings.
2 min read