Durch die Nutzung von AWS re:Post stimmt du den AWS re:Post Nutzungsbedingungen
AWS re:Postre:Post

CloudFormation breaks on AWS::SQS::Queue with RedriveAllowPolicy property

0

We are specifying a RedriveAllowPolicy on our AWS::SQS::Queue in CloudFormation and are - again - receiving errors in CloudFormation without making any changes to our templates.

This happened a few weeks ago, too, so it is the second breaking change for this property we're seeing, which is unfortunate. The old thread was: https://forums.aws.amazon.com/thread.jspa?messageID=1000934&tstart=0

So, in accordance to that thread, we changed our template definition to be:

  TestQueue:
    Type: AWS::SQS::Queue
    Properties:
      VisibilityTimeout: 450
      RedriveAllowPolicy: '{"redrivePermission":"denyAll"}'
      RedrivePolicy:
        deadLetterTargetArn: !GetAtt TestDeadLetterQueue.Arn
        maxReceiveCount: 5

  TestDeadLetterQueue:
    Type: AWS::SQS::Queue
    Properties:
      MessageRetentionPeriod: 1209600

This worked for a few weeks, but now CloudFormation is throwing the following error for this exact template:

2021-12-14 10:33:14 UTC+0100 TestQueue CREATE_FAILED

Properties validation failed for resource TestQueue with message: #: extraneous key [RedriveAllowPolicy] is not permitted

Removing RedriveAllowPolicy: '{"redrivePermission":"denyAll"}' from the template solves the issue - but we want to set this policy, obviously.

I hope we're following the documentation at https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sqs-queues.html#aws-sqs-queue-redriveallowpolicy precisely.

Any help appreciated. This is quite a big blocker in our process right now.

Full template file to reproduce the error:

AWSTemplateFormatVersion: '2010-09-09'
Description: A prototype stack to test out CloudFormation definitions.
Metadata: {}
Transform: AWS::Serverless-2016-10-31

Resources:

  TestQueue:
    Type: AWS::SQS::Queue
    Properties:
      VisibilityTimeout: 450
      RedriveAllowPolicy: '{"redrivePermission":"denyAll"}'
      RedrivePolicy:
        deadLetterTargetArn: !GetAtt TestDeadLetterQueue.Arn
        maxReceiveCount: 5

  TestDeadLetterQueue:
    Type: AWS::SQS::Queue
    Properties:
      MessageRetentionPeriod: 1209600
  • A-Shevchenko
    vor 2 Jahren

    Your template worked just fine for me in us-west-2 region, stack is created, Redrive allow policy is visible as Deny all in console

  • janpapenbrock
    vor 2 Jahren

    Thank you for testing and for your comment!

    Just tried it myself and can reproduce - the exact same template works in us-west-2, but fails in eu-central-1. I just reproduced it again on eu-central-1, too, to be sure.

    Now I'm confused. I would not have expected for the region to make a difference.

    What is also noteworthy maybe is that creating the TestDeadLetterQueue resource takes 1 second in us-west-2 and 72 seconds in eu-central-1.

Themen
Management & UnternehmensführungServerlosAnwendungsintegration
Tags
AWS CloudFormationAmazon Simple Queue Service
Sprache
English
janpapenbrock
gefragt vor 2 Jahren1910 Aufrufe
1 Antwort
1
Akzeptierte Antwort

Hello,

I have deployed the provided sample template in eu-central-1 (Europe- Frankfurt) region, and Stack and Resources are deployed successfully in my account. I have used RedriveAllowPolicy: '{"redrivePermission":"denyAll"}' property for the resource AWS::SQS::Queue.

Probably try again and confirm the behavior from your end as well. Otherwise, I will suggest opening a support case so that engineer can troubleshoot and verify the issue.

Good luck.

SUPPORT-TECHNIKER
Satyam_G
beantwortet vor 2 Jahren
  • janpapenbrock
    vor 2 Jahren

    Hey Satyam_G,

    thanks for your answer and for checking!

    I re-tested and now the exact same stack definition deploys successfully on eu-central-1.

    Also, the creation time of the TestDeadLetterQueue is now at 1 second in eu-central-1, too, as opposed to 72 seconds in my previous try.

    So I imagine there has something been fixed in SQS in eu-central-1? Anyways, our problem is now solved, thank you!

Du bist nicht angemeldet. Anmelden um eine Antwort zu veröffentlichen.

Eine gute Antwort beantwortet die Frage klar, gibt konstruktives Feedback und fördert die berufliche Weiterentwicklung des Fragenstellers.

Richtlinien für die Beantwortung von Fragen

Relevanter Inhalt