Skip to content

terraform-aws-modules/terraform-aws-sqs

BranchesTags

Repository files navigation

AWS SQS Terraform module

Terraform module which creates SQS resources on AWS.

SWUbanner

Usage

FIFO Queue

module "sqs" {
  source  = "terraform-aws-modules/sqs/aws"

  name = "fifo"

  fifo_queue = true

  tags = {
    Environment = "dev"
  }
}

Queue Encrypted w/ Customer Managed KMS Key

module "sqs" {
  source  = "terraform-aws-modules/sqs/aws"

  name = "cmk"

  kms_master_key_id                 = "0d1ba9e8-9421-498a-9c8a-01e9772b2924"
  kms_data_key_reuse_period_seconds = 3600

  tags = {
    Environment = "dev"
  }
}

Queue w/ Dead Letter Queue

module "sqs" {
  source  = "terraform-aws-modules/sqs/aws"

  name = "example"

  create_dlq = true
  redrive_policy = {
    # default is 5 for this module
    maxReceiveCount = 10
  }

  tags = {
    Environment = "dev"
  }
}

Subscribe Queue to SNS Topic

module "sns" {
  source  = "terraform-aws-modules/sns/aws"
  version = ">= 5.0"

  name = "pub-sub"

  topic_policy_statements = {
    sqs = {
      sid = "SQSSubscribe"
      actions = [
        "sns:Subscribe",
        "sns:Receive",
      ]

      principals = [{
        type        = "AWS"
        identifiers = ["*"]
      }]

      condition = [{
        test     = "StringLike"
        variable = "sns:Endpoint"
        values   = [module.sqs.queue_arn]
      }]
    }
  }

  subscriptions = {
    sqs = {
      protocol = "sqs"
      endpoint = module.sqs.queue_arn
    }
  }

  tags = {
    Environment = "dev"
  }
}

module "sqs" {
  source = "terraform-aws-modules/sqs/aws"

  name = "pub-sub"

  create_queue_policy = true
  queue_policy_statements = {
    sns = {
      sid     = "SNSPublish"
      actions = ["sqs:SendMessage"]

      principals = [
        {
          type        = "Service"
          identifiers = ["sns.amazonaws.com"]
        }
      ]

      condition = [{
        test     = "ArnEquals"
        variable = "aws:SourceArn"
        values   = [module.sns.topic_arn]
      }]
    }
  }

  tags = {
    Environment = "dev"
  }
}

Examples

Conditional Creation

The following values are provided to toggle on/off creation of the associated resources as desired:

module "sqs" {
  source  = "terraform-aws-modules/sqs/aws"

  # Disable creation of all resources
  create = false

  # Enable creation of queue policy
  create_queue_policy = true

  # Enable creation of dead letter queue
  create_dlq = true

  # Enable creation of dead letter queue policy
  create_dlq_queue_policy = true

  # ... omitted
}

Requirements

Name Version
terraform >= 1.5.7
aws >= 6.0

Providers

Name Version
aws >= 6.0

Modules

No modules.

Resources

Name Type
aws_sqs_queue.dlq resource
aws_sqs_queue.this resource
aws_sqs_queue_policy.dlq resource
aws_sqs_queue_policy.this resource
aws_sqs_queue_redrive_allow_policy.dlq resource
aws_sqs_queue_redrive_allow_policy.this resource
aws_sqs_queue_redrive_policy.dlq resource
aws_sqs_queue_redrive_policy.this resource
aws_caller_identity.current data source
aws_iam_policy_document.dlq data source
aws_iam_policy_document.this data source
aws_partition.current data source
aws_region.current data source

Inputs

Name Description Type Default Required
content_based_deduplication Enables content-based deduplication for FIFO queues bool null no
create Whether to create SQS queue bool true no
create_dlq Determines whether to create SQS dead letter queue bool false no
create_dlq_queue_policy Whether to create SQS queue policy bool false no
create_dlq_redrive_allow_policy Determines whether to create a redrive allow policy for the dead letter queue bool true no
create_queue_policy Whether to create SQS queue policy bool false no
deduplication_scope Specifies whether message deduplication occurs at the message group or queue level string null no
delay_seconds The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes) number null no
dlq_content_based_deduplication Enables content-based deduplication for FIFO queues bool null no
dlq_deduplication_scope Specifies whether message deduplication occurs at the message group or queue level string null no
dlq_delay_seconds The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes) number null no
dlq_fifo_throughput_limit Specifies whether the Dead Letter Queue FIFO queue throughput quota applies to the entire queue or per message group string null no
dlq_kms_data_key_reuse_period_seconds The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours) number null no
dlq_kms_master_key_id The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK string null no
dlq_message_retention_seconds The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days) number null no
dlq_name This is the human-readable name of the queue. If omitted, Terraform will assign a random name string null no
dlq_queue_policy_statements A map of IAM policy statements for custom permission usage 
map(object({
    sid           = optional(string)
    actions       = optional(list(string))
    not_actions   = optional(list(string))
    effect        = optional(string, "Allow")
    resources     = optional(list(string))
    not_resources = optional(list(string))
    principals = optional(list(object({
      type        = string
      identifiers = list(string)
    })))
    not_principals = optional(list(object({
      type        = string
      identifiers = list(string)
    })))
    condition = optional(list(object({
      test     = string
      variable = string
      values   = list(string)
    })))
    # TODO - remove at next breaking change
    conditions = optional(list(object({
      test     = string
      variable = string
      values   = list(string)
    })))
  }))
 null no
dlq_receive_wait_time_seconds The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds) number null no
dlq_redrive_allow_policy The JSON policy to set up the Dead Letter Queue redrive permission, see AWS docs any {} no
dlq_sqs_managed_sse_enabled Boolean to enable server-side encryption (SSE) of message content with SQS-owned encryption keys bool true no
dlq_tags A mapping of additional tags to assign to the dead letter queue map(string) {} no
dlq_visibility_timeout_seconds The visibility timeout for the queue. An integer from 0 to 43200 (12 hours) number null no
fifo_queue Boolean designating a FIFO queue bool false no
fifo_throughput_limit Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group string null no
kms_data_key_reuse_period_seconds The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours) number null no
kms_master_key_id The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK string null no
max_message_size The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 1048576 bytes (1024 KiB). The default for this attribute is 262144 (256 KiB) number null no
message_retention_seconds The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days) number null no
name This is the human-readable name of the queue. If omitted, Terraform will assign a random name string null no
override_dlq_queue_policy_documents List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank sids will override statements with the same sid list(string) [] no
override_queue_policy_documents List of IAM policy documents that are merged together into the exported document. In merging, statements with non-blank sids will override statements with the same sid list(string) [] no
queue_policy_statements A map of IAM policy statements for custom permission usage 
map(object({
    sid           = optional(string)
    actions       = optional(list(string))
    not_actions   = optional(list(string))
    effect        = optional(string, "Allow")
    resources     = optional(list(string))
    not_resources = optional(list(string))
    principals = optional(list(object({
      type        = string
      identifiers = list(string)
    })))
    not_principals = optional(list(object({
      type        = string
      identifiers = list(string)
    })))
    condition = optional(list(object({
      test     = string
      variable = string
      values   = list(string)
    })))
    # TODO - remove at next breaking change
    conditions = optional(list(object({
      test     = string
      variable = string
      values   = list(string)
    })))
  }))
 null no
receive_wait_time_seconds The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds) number null no
redrive_allow_policy The JSON policy to set up the Dead Letter Queue redrive permission, see AWS docs any {} no
redrive_policy The JSON policy to set up the Dead Letter Queue, see AWS docs. Note: when specifying maxReceiveCount, you must specify it as an integer (5), and not a string ("5") any {} no
region Region where the resource(s) will be managed. Defaults to the Region set in the provider configuration string null no
source_dlq_queue_policy_documents List of IAM policy documents that are merged together into the exported document. Statements must have unique sids list(string) [] no
source_queue_policy_documents List of IAM policy documents that are merged together into the exported document. Statements must have unique sids list(string) [] no
sqs_managed_sse_enabled Boolean to enable server-side encryption (SSE) of message content with SQS-owned encryption keys bool true no
tags A mapping of tags to assign to all resources map(string) {} no
use_name_prefix Determines whether name is used as a prefix bool false no
visibility_timeout_seconds The visibility timeout for the queue. An integer from 0 to 43200 (12 hours) number null no

Outputs

Name Description
dead_letter_queue_arn The ARN of the SQS queue
dead_letter_queue_arn_static The ARN of the SQS queue. Use this to avoid cycle errors between resources (e.g., Step Functions)
dead_letter_queue_id The URL for the created Amazon SQS queue
dead_letter_queue_name The name of the SQS queue
dead_letter_queue_url Same as dead_letter_queue_id: The URL for the created Amazon SQS queue
queue_arn The ARN of the SQS queue
queue_arn_static The ARN of the SQS queue. Use this to avoid cycle errors between resources (e.g., Step Functions)
queue_id The URL for the created Amazon SQS queue
queue_name The name of the SQS queue
queue_url Same as queue_id: The URL for the created Amazon SQS queue

Authors

Module is maintained by Anton Babenko with help from these awesome contributors.

License

Apache 2 Licensed. See LICENSE for full details.

About

Terraform module to create AWS SQS resources πŸ‡ΊπŸ‡¦

registry.terraform.io/modules/terraform-aws-modules/sqs/aws

Topics

aws sqs aws-sqs terraform-module

Resources

Readme

License

Apache-2.0 license

Code of conduct

Code of conduct

Contributing

Contributing

Security policy

Security policy
Activity
Custom properties

Stars

104 stars

Watchers

8 watching

Forks

232 forks
Report repository

Releases 19

v5.1.0 Latest
Oct 22, 2025
+ 18 releases

Sponsor this project

  •  
Learn more about GitHub Sponsors

Packages

No packages published

Contributors 19

+ 5 contributors

Languages