Ensure that each AWS Simple Queue Service (SQS) queue is configured to use a Dead Letter Queue (DLQ) in order to help maintain the queue flow and avoid losing data by detecting and mitigating failures and service disruptions on time. A Dead Letter Queue is an SQS queue useful for debugging your application or your messaging system, that can isolate messages that can't be processed successfully for later analysis.
This rule can help you with the following compliance standards:
This rule can help you work with the AWS Well-Architected Framework
This rule resolution is part of the Cloud Conformity Security & Compliance tool for AWS
excellence
Enabling Dead Letter Queues (DLQs) for your SQS queues can help you troubleshoot incorrect message transmission operations that can lead to data loss. Use DLQs to decrease the number of unprocessed messages and reduce the possibility of exposing your queues to poison pill messages (i.e. messages that are received but can't be processed for some reason).
Audit
To determine if Dead Letter Queues are enabled for your AWS SQS queues, perform the following:
Remediation / Resolution
To create and configure a Dead Letter Queue in order to prevent endless processing of invalid messages for your AWS SQS queues, perform the following actions:
References
- AWS Documentation
- Amazon SQS FAQs
- Working with Amazon SQS Messages
- Amazon SQS Dead-Letter Queues
- Tutorial: Configuring an Amazon SQS Dead-Letter Queue
- AWS Command Line Interface (CLI) Documentation
- sqs
- list-queues
- get-queue-attributes
- create-queue
- set-queue-attributes
Unlock the Remediation Steps
Gain free unlimited access
to our full Knowledge Base
Over 750 rules & best practices
for and
Get started for FREE
You are auditing:
SQS Dead Letter Queue
Risk level: Low