'AWS Lambda is not sending error messages to AWS SQS DLQ

I'm trying to create via terraform, a lambda that triggered by Kinesis and her destination on failures will be AWS SQS.

I created and lambda and configured the source and destination

Kinesis config

When I'm sending a message to Kinesis queue, the lambda is triggered but not sending messages to the DLQ.

What am I missing?

my labmda source mapping:

resource "aws_lambda_event_source_mapping" "csp_management_service_integration_stream_mapping" {
  event_source_arn               = local.kinesis_csp_management_service_integration_stream_arn
  function_name                  = module.csp_management_service_integration_lambda.lambda_arn
  batch_size                     = var.shared_kinesis_configuration.batch_size
  bisect_batch_on_function_error = var.shared_kinesis_configuration.bisect_batch_on_function_error
  starting_position              = var.shared_kinesis_configuration.starting_position
  maximum_retry_attempts         = var.shared_kinesis_configuration.maximum_retry_attempts
  maximum_record_age_in_seconds  = var.shared_kinesis_configuration.maximum_record_age_in_seconds
  function_response_types        = var.shared_kinesis_configuration.function_response_types
  destination_config {
    on_failure {
      destination_arn = local.shared_default_sqs_error_handling_dlq_arn
    }
  }
}

resource "aws_iam_policy" "shared_deadletter_sqs_queue_policy" {
  name = "shared-deadletter-sqs-queue-policy"
  path = "/"
  policy = jsonencode({
    Version = "2012-10-17"
    Statement = [
      {
        Action   = [
          "sqs:SendMessage",
        ]
        Effect   = "Allow"
        Resource = [
          local.shared_default_sqs_error_handling_dlq_arn
        ]
      },
    ]
  })
}
amazon-sqsterraform-provider-awsamazon-kinesis


Solution 1:[1]

I think you are facing some permission issue, try attaching a role to your lambda function with access to AWS SQS DLQ.

Solution 2:[2]

  1. Is your DLQ encrypted by KMS? You will need top provide permissions to the KMS too in addition to SQS permissions

  2. How is Lambda reporting failure?

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 Sharique Masood
Solution 2 Jayesh Lalwani

Related Questions

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Terraform update Route53 DOMAIN NameServers

Amazon AWS S3 to Force Download Mp3 File instead of Stream It

How to enable terraform module only with a specific workspace

AWS RDS Postgres: WAL_LEVEL not set to 'logical' after changing rds.logical_replication = 1

Use terraform to set up a lambda function triggered by a scheduled event source

Use terraform to set up a lambda function triggered by a scheduled event source

Self stopping EC2 once task complete?

AWS - SWF - Asynchronous method

Why my cloudformation template is over 1 MB?

AWS elastic beanstalk - WARN install EACCES: permission denied, access '/tmp/.npm'

Aws step functions - Resume from failed step function activity instead of starting a new execution

Redirect Elastic Beanstalk URL to domain name

node-lambda - TypeError: handler is not a function