We are specifying a RedriveAllowPolicy on our AWS::SQS::Queue in CloudFormation and are - again - receiving errors in CloudFormation without making any changes to our templates.
This happened a few weeks ago, too, so it is the second breaking change for this property we're seeing, which is unfortunate. The old thread was: https://forums.aws.amazon.com/thread.jspa?messageID=1000934&tstart=0
So, in accordance to that thread, we changed our template definition to be:
TestQueue:
Type: AWS::SQS::Queue
Properties:
VisibilityTimeout: 450
RedriveAllowPolicy: '{"redrivePermission":"denyAll"}'
RedrivePolicy:
deadLetterTargetArn: !GetAtt TestDeadLetterQueue.Arn
maxReceiveCount: 5
TestDeadLetterQueue:
Type: AWS::SQS::Queue
Properties:
MessageRetentionPeriod: 1209600
This worked for a few weeks, but now CloudFormation is throwing the following error for this exact template:
2021-12-14 10:33:14 UTC+0100 TestQueue CREATE_FAILED
Properties validation failed for resource TestQueue with message: #: extraneous key [RedriveAllowPolicy] is not permitted
Removing RedriveAllowPolicy: '{"redrivePermission":"denyAll"}'
from the template solves the issue - but we want to set this policy, obviously.
I hope we're following the documentation at https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sqs-queues.html#aws-sqs-queue-redriveallowpolicy precisely.
Any help appreciated. This is quite a big blocker in our process right now.
Full template file to reproduce the error:
AWSTemplateFormatVersion: '2010-09-09'
Description: A prototype stack to test out CloudFormation definitions.
Metadata: {}
Transform: AWS::Serverless-2016-10-31
Resources:
TestQueue:
Type: AWS::SQS::Queue
Properties:
VisibilityTimeout: 450
RedriveAllowPolicy: '{"redrivePermission":"denyAll"}'
RedrivePolicy:
deadLetterTargetArn: !GetAtt TestDeadLetterQueue.Arn
maxReceiveCount: 5
TestDeadLetterQueue:
Type: AWS::SQS::Queue
Properties:
MessageRetentionPeriod: 1209600
Your template worked just fine for me in us-west-2 region, stack is created, Redrive allow policy is visible as Deny all in console
Thank you for testing and for your comment!
Just tried it myself and can reproduce - the exact same template works in
us-west-2
, but fails ineu-central-1
. I just reproduced it again on eu-central-1, too, to be sure.Now I'm confused. I would not have expected for the region to make a difference.
What is also noteworthy maybe is that creating the
TestDeadLetterQueue
resource takes 1 second in us-west-2 and 72 seconds in eu-central-1.