Adding SQS to manage messages in the SRE bot

Production: terraform

✅ Terraform Init: success ✅ Terraform Validate: success ✅ Terraform Format: success ✅ Terraform Plan: success ✅ Conftest: success

Plan: 4 to add, 0 to change, 0 to destroy

Show summary

| CHANGE | NAME | |--------|-------------------------------------------------| | add | `aws_iam_role.sre_bot_sqs_access_role` | | | `aws_iam_role_policy.sre_bot_sqs_access_policy` | | | `aws_sqs_queue.sre_bot_dead_letter_queue` | | | `aws_sqs_queue.sre_bot_fifo_queue` |

Show plan

```terraform Resource actions are indicated with the following symbols: + create Terraform will perform the following actions: # aws_iam_role.sre_bot_sqs_access_role will be created + resource "aws_iam_role" "sre_bot_sqs_access_role" { + arn = (known after apply) + assume_role_policy = jsonencode( { + Statement = [ + { + Action = "sts:AssumeRole" + Effect = "Allow" + Principal = { + Service = "ecs-tasks.amazonaws.com" } }, ] + Version = "2012-10-17" } ) + create_date = (known after apply) + force_detach_policies = false + id = (known after apply) + managed_policy_arns = (known after apply) + max_session_duration = 3600 + name = "sre_bot_sqs_access_role" + name_prefix = (known after apply) + path = "/" + tags_all = (known after apply) + unique_id = (known after apply) + inline_policy { + name = (known after apply) + policy = (known after apply) } } # aws_iam_role_policy.sre_bot_sqs_access_policy will be created + resource "aws_iam_role_policy" "sre_bot_sqs_access_policy" { + id = (known after apply) + name = "sre_bot_sqs_access_policy" + name_prefix = (known after apply) + policy = (known after apply) + role = (known after apply) } # aws_sqs_queue.sre_bot_dead_letter_queue will be created + resource "aws_sqs_queue" "sre_bot_dead_letter_queue" { + arn = (known after apply) + content_based_deduplication = false + deduplication_scope = (known after apply) + delay_seconds = 0 + fifo_queue = true + fifo_throughput_limit = (known after apply) + id = (known after apply) + kms_data_key_reuse_period_seconds = (known after apply) + max_message_size = 262144 + message_retention_seconds = 345600 + name = "sre-bot-dead-letter-queue.fifo" + name_prefix = (known after apply) + policy = (known after apply) + receive_wait_time_seconds = 0 + redrive_allow_policy = (known after apply) + redrive_policy = (known after apply) + sqs_managed_sse_enabled = (known after apply) + tags_all = (known after apply) + url = (known after apply) + visibility_timeout_seconds = 30 } # aws_sqs_queue.sre_bot_fifo_queue will be created + resource "aws_sqs_queue" "sre_bot_fifo_queue" { + arn = (known after apply) + content_based_deduplication = true + deduplication_scope = (known after apply) + delay_seconds = 0 + fifo_queue = true + fifo_throughput_limit = (known after apply) + id = (known after apply) + kms_data_key_reuse_period_seconds = (known after apply) + max_message_size = 262144 + message_retention_seconds = 345600 + name = "sre-bot-fifo-queue.fifo" + name_prefix = (known after apply) + policy = (known after apply) + receive_wait_time_seconds = 0 + redrive_allow_policy = (known after apply) + redrive_policy = (known after apply) + sqs_managed_sse_enabled = (known after apply) + tags_all = (known after apply) + url = (known after apply) + visibility_timeout_seconds = 30 } Plan: 4 to add, 0 to change, 0 to destroy. Warning: Argument is deprecated with module.sre_bot_bucket.aws_s3_bucket.this, on .terraform/modules/sre_bot_bucket/S3/main.tf line 8, in resource "aws_s3_bucket" "this": 8: resource "aws_s3_bucket" "this" { Use the aws_s3_bucket_versioning resource instead (and 6 more similar warnings elsewhere) ───────────────────────────────────────────────────────────────────────────── Saved the plan to: plan.tfplan To perform exactly these actions, run the following command to apply: terraform apply "plan.tfplan" Releasing state lock. This may take a few moments... ```

Show Conftest results

```sh WARN - plan.json - main - Cloudwatch log metric pattern is invalid: ["aws_cloudwatch_log_metric_filter.sre_bot_error"] WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.sre_bot"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.sre-bot_group"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.sre_bot_dns"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.sre_bot_waf_log_group"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.sre_bot_error"] WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.sre_bot_warning"] WARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.aws_access_requests_table"] WARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.sre_bot_data"] WARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.webhooks_table"] WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.sre-bot"] WARN - plan.json - main - Missing Common Tags: ["aws_ecs_cluster.sre-bot"] WARN - plan.json - main - Missing Common Tags: ["aws_ecs_service.main"] WARN - plan.json - main - Missing Common Tags: ["aws_ecs_task_definition.sre-bot"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.geodb_refresh_policy"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.sre-bot_secrets_manager"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.sre_bot_bucket"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.sre-bot"] WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.sre_bot_sqs_access_role"] WARN - plan.json - main - Missing Common Tags: ["aws_lb.sre_bot"] WARN - plan.json - main - Missing Common Tags: ["aws_lb_listener.sre_bot_listener"] WARN - plan.json - main - Missing Common Tags: ["aws_lb_target_group.sre_bot"] WARN - plan.json - main - Missing Common Tags: ["aws_route53_health_check.sre_bot_healthcheck"] WARN - plan.json - main... ```

cds-snc / sre-bot

Adding SQS to manage messages in the SRE bot #666

Summary | Résumé

Production: terraform