By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

CloudFormation breaks on AWS::SQS::Queue with RedriveAllowPolicy property

0

We are specifying a RedriveAllowPolicy on our AWS::SQS::Queue in CloudFormation and are - again - receiving errors in CloudFormation without making any changes to our templates.

This happened a few weeks ago, too, so it is the second breaking change for this property we're seeing, which is unfortunate. The old thread was: https://forums.aws.amazon.com/thread.jspa?messageID=1000934&tstart=0

So, in accordance to that thread, we changed our template definition to be:

  TestQueue:
    Type: AWS::SQS::Queue
    Properties:
      VisibilityTimeout: 450
      RedriveAllowPolicy: '{"redrivePermission":"denyAll"}'
      RedrivePolicy:
        deadLetterTargetArn: !GetAtt TestDeadLetterQueue.Arn
        maxReceiveCount: 5

  TestDeadLetterQueue:
    Type: AWS::SQS::Queue
    Properties:
      MessageRetentionPeriod: 1209600

This worked for a few weeks, but now CloudFormation is throwing the following error for this exact template:

2021-12-14 10:33:14 UTC+0100 TestQueue CREATE_FAILED

Properties validation failed for resource TestQueue with message: #: extraneous key [RedriveAllowPolicy] is not permitted

Removing RedriveAllowPolicy: '{"redrivePermission":"denyAll"}' from the template solves the issue - but we want to set this policy, obviously.

I hope we're following the documentation at https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-properties-sqs-queues.html#aws-sqs-queue-redriveallowpolicy precisely.

Any help appreciated. This is quite a big blocker in our process right now.

Full template file to reproduce the error:

AWSTemplateFormatVersion: '2010-09-09'
Description: A prototype stack to test out CloudFormation definitions.
Metadata: {}
Transform: AWS::Serverless-2016-10-31

Resources:

  TestQueue:
    Type: AWS::SQS::Queue
    Properties:
      VisibilityTimeout: 450
      RedriveAllowPolicy: '{"redrivePermission":"denyAll"}'
      RedrivePolicy:
        deadLetterTargetArn: !GetAtt TestDeadLetterQueue.Arn
        maxReceiveCount: 5

  TestDeadLetterQueue:
    Type: AWS::SQS::Queue
    Properties:
      MessageRetentionPeriod: 1209600
  • A-Shevchenko
    2 years ago

    Your template worked just fine for me in us-west-2 region, stack is created, Redrive allow policy is visible as Deny all in console

  • janpapenbrock
    2 years ago

    Thank you for testing and for your comment!

    Just tried it myself and can reproduce - the exact same template works in us-west-2, but fails in eu-central-1. I just reproduced it again on eu-central-1, too, to be sure.

    Now I'm confused. I would not have expected for the region to make a difference.

    What is also noteworthy maybe is that creating the TestDeadLetterQueue resource takes 1 second in us-west-2 and 72 seconds in eu-central-1.

Topics
Management & GovernanceServerlessApplication Integration
Tags
AWS CloudFormationAmazon Simple Queue Service
Language
English
janpapenbrock
asked 2 years ago1874 views
1 Answer
1
Accepted Answer

Hello,

I have deployed the provided sample template in eu-central-1 (Europe- Frankfurt) region, and Stack and Resources are deployed successfully in my account. I have used RedriveAllowPolicy: '{"redrivePermission":"denyAll"}' property for the resource AWS::SQS::Queue.

Probably try again and confirm the behavior from your end as well. Otherwise, I will suggest opening a support case so that engineer can troubleshoot and verify the issue.

Good luck.

SUPPORT ENGINEER
Satyam_G
answered 2 years ago
  • janpapenbrock
    2 years ago

    Hey Satyam_G,

    thanks for your answer and for checking!

    I re-tested and now the exact same stack definition deploys successfully on eu-central-1.

    Also, the creation time of the TestDeadLetterQueue is now at 1 second in eu-central-1, too, as opposed to 72 seconds in my previous try.

    So I imagine there has something been fixed in SQS in eu-central-1? Anyways, our problem is now solved, thank you!

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content