Merge pull request #58 from ministryofjustice/fifo-bits

Automatically set the queue name if fifo_queue is true, add extra configuration for FIFO queues
ministryofjustice · Aug 21, 2023 · f672c94 · f672c94
2 parents 7447996 + 581c540
commit f672c94
Show file tree

Hide file tree

Showing 3 changed files with 29 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -118,11 +118,14 @@ No modules.
 |------|-------------|------|---------|:--------:|
 | <a name="input_application"></a> [application](#input\_application) | Application name | `string` | n/a | yes |
 | <a name="input_business_unit"></a> [business\_unit](#input\_business\_unit) | Area of the MOJ responsible for the service | `string` | n/a | yes |
+| <a name="input_content_based_deduplication"></a> [content\_based\_deduplication](#input\_content\_based\_deduplication) | Enables content-based deduplication for FIFO queues. | `bool` | `null` | no |
+| <a name="input_deduplication_scope"></a> [deduplication\_scope](#input\_deduplication\_scope) | Specifies whether message deduplication occurs at the message group or queue level. Valid values are `messageGroup` and `queue`. | `string` | `null` | no |
 | <a name="input_delay_seconds"></a> [delay\_seconds](#input\_delay\_seconds) | The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes). | `number` | `0` | no |
 | <a name="input_encrypt_sqs_kms"></a> [encrypt\_sqs\_kms](#input\_encrypt\_sqs\_kms) | If set to true, this will create aws\_kms\_key and aws\_kms\_alias resources and add kms\_master\_key\_id in aws\_sqs\_queue resource | `bool` | `false` | no |
 | <a name="input_environment_name"></a> [environment\_name](#input\_environment\_name) | Environment name | `string` | n/a | yes |
 | <a name="input_existing_user_name"></a> [existing\_user\_name](#input\_existing\_user\_name) | if set, will add access to this queue to the existing user, otherwise a new one is created | `string` | `""` | no |
 | <a name="input_fifo_queue"></a> [fifo\_queue](#input\_fifo\_queue) | FIFO means exactly-once processing. Duplicates are not introduced into the queue. | `bool` | `false` | no |
+| <a name="input_fifo_throughput_limit"></a> [fifo\_throughput\_limit](#input\_fifo\_throughput\_limit) | Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are `perQueue` (default) and `perMessageGroupId`. | `string` | `null` | no |
 | <a name="input_infrastructure_support"></a> [infrastructure\_support](#input\_infrastructure\_support) | The team responsible for managing the infrastructure. Should be of the form <team-name> (<team-email>) | `string` | n/a | yes |
 | <a name="input_is_production"></a> [is\_production](#input\_is\_production) | Whether this is used for production or not | `string` | n/a | yes |
 | <a name="input_kms_data_key_reuse_period_seconds"></a> [kms\_data\_key\_reuse\_period\_seconds](#input\_kms\_data\_key\_reuse\_period\_seconds) | The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). | `number` | `300` | no |

diff --git a/main.tf b/main.tf
@@ -1,6 +1,6 @@
 locals {
   # Generic configuration
-  queue_name = "${var.team_name}-${var.environment_name}-${var.sqs_name}"
+  queue_name = var.fifo_queue ? "${var.team_name}-${var.environment_name}-${var.sqs_name}.fifo" : "${var.team_name}-${var.environment_name}-${var.sqs_name}"
 
   # Tags
   default_tags = {
@@ -125,7 +125,7 @@ resource "aws_kms_key" "kms" {
 
 resource "aws_kms_alias" "alias" {
   count         = var.encrypt_sqs_kms ? 1 : 0
-  name          = "alias/${local.queue_name}"
+  name          = "alias/${replace(local.queue_name, ".", "-")}" # aliases can't have `.` in their name, so we replace them with a `-` (useful if this is a FIFO queue)
   target_key_id = aws_kms_key.kms[0].key_id
 }
 
@@ -143,7 +143,12 @@ resource "aws_sqs_queue" "terraform_queue" {
   kms_data_key_reuse_period_seconds = var.kms_data_key_reuse_period_seconds
   kms_master_key_id                 = var.encrypt_sqs_kms ? aws_kms_key.kms[0].arn : null
   redrive_policy                    = var.redrive_policy
-  fifo_queue                        = var.fifo_queue
+
+  # FIFO
+  fifo_queue                  = var.fifo_queue
+  content_based_deduplication = var.content_based_deduplication
+  deduplication_scope         = var.deduplication_scope
+  fifo_throughput_limit       = var.fifo_throughput_limit
 
   tags = local.default_tags
 }

diff --git a/variables.tf b/variables.tf
@@ -45,6 +45,24 @@ variable "fifo_queue" {
   default     = false
 }
 
+variable "content_based_deduplication" {
+  description = "Enables content-based deduplication for FIFO queues."
+  type        = bool
+  default     = null
+}
+
+variable "deduplication_scope" {
+  description = "Specifies whether message deduplication occurs at the message group or queue level. Valid values are `messageGroup` and `queue`."
+  type        = string
+  default     = null
+}
+
+variable "fifo_throughput_limit" {
+  description = "Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are `perQueue` (default) and `perMessageGroupId`."
+  type        = string
+  default     = null
+}
+
 variable "kms_data_key_reuse_period_seconds" {
   description = "The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours)."
   default     = 300