stackoom
  简体   繁体   中英

How to add a redrive policy (dead-letter queue / DLQ) to a SNS subscription, with Ansible and AWS

 原文  2019-11-22 12:56:18       amazon-web-services/ aws-lambda/ ansible/ amazon-sqs/ amazon-sns

Question

In an Ansible script I have:

- name: Subscribe lambda to SNS topic example1
  sns_topic:
    name: "example1-{{env_name}}"
    purge_subscriptions: no
    subscriptions:
      - endpoint: "arn:aws:lambda:{{ aws.region }}:{{ aws.account }}:function:{{repo_name}}-{{env_name}}"
        protocol: "lambda"

It works, and the result is that my lambda is subscribed to my SNS topic.

Now, I would want to add a DLQ to this subscription. I already have a SQS and I want to state it as my DLQ.

So I rewrite my code like this:

- name: Subscribe lambda to SNS topic example1
  sns_topic:
    name: "example1-{{env_name}}"
    purge_subscriptions: no
    subscriptions:
      - endpoint: "arn:aws:lambda:{{ aws.region }}:{{ aws.account }}:function:{{repo_name}}-{{env_name}}"
        protocol: "lambda"
        redrive_policy:
          dead_letter_target_arn: "arn:aws:{{ aws.region }}:{{ aws.account }}:dlq-for-example1"

This does not work and I didn't find anything in Ansible or by googling...

What am I doing wrong?

2 answers

solution1
 0  2020-05-22 13:07:40

Looks like you are missing sqs between arn:aws:{{aws.region}} on the last line.

dead_letter_target_arn: "arn:aws:sqs:{{ aws.region }}:{{ aws.account }}:dlq-for-example1"

solution2
 0  2020-08-06 21:55:27

The problem is that the Subscription property that is embedded in the SNS Topic only has two properties: Endpoint and Protocol (See Subscription Property ).

For more advanced settings, like RedrivePolicy, you need to use the stand-alone AWS::SNS::Subscription resource (See Subscription Resource ).

Since AWS::SNS::Subscription is stand-alone, you must include the TopicArn that the Subscription is bound to. Also note that the RedrivePolicy is in Json format.

Here's a simple example of the Cloud Formation syntax from Redrive Syntax :

{
  "Resources": {
    "mySubscription": {
      "Type" : "AWS::SNS::Subscription",
      "Properties" : {
        "Protocol": "sqs",
        "Endpoint": "arn:aws:sqs:us-east-2:123456789012:MyEndpoint",
        "TopicArn": "arn:aws:sns:us-east-2:123456789012:MyTopic",
        "RedrivePolicy": {
          "deadLetterTargetArn":
            "arn:aws:sqs:us-east-2:123456789012:MyDeadLetterQueue"
        }
      }
    }
  }
}

But I don't know how Ansible makes these translations.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question AWS SNS Topic Sub: Dead-letter queue (redrive policy) permissions denied AWS SQS dead-letter queue redrive policy How to add a Redrive policy to an SNS with an encrypted DLQ SNS redrive to Dead letter queue not working Amazon SQS - How to validate if a queue is a dead-letter queue? Does AWS SNS have Dead Letter Queue? AWS - What is the difference between setting a Dead Letter Queue on an SNS Subscription or on a Lambda function? Why my failed event is not sent to AWS Dead Letter Queue DLQ? Are all the messages in SQS batch sent to Dead Letter Queue after reaching the maximum redrive(Retry) policy number CloudFormation SQS Queue Redrive policy dependency on a DLQ created
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM