Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Adding SQS to manage messages in the SRE bot #666

Merged
merged 2 commits into from
Oct 2, 2024
Merged

Conversation

sylviamclaughlin
Copy link
Contributor

Summary | Résumé

Adding an SQS FIFO queue plus a dad letter queue to store unprocessed messages for the SRE bot. The use case is for the 💾 emoji to send and process messages using the queue.

@sylviamclaughlin sylviamclaughlin self-assigned this Oct 1, 2024
Copy link

github-actions bot commented Oct 1, 2024

Production: terraform

✅   Terraform Init: success
✅   Terraform Validate: success
✅   Terraform Format: success
✅   Terraform Plan: success
✅   Conftest: success

Plan: 4 to add, 0 to change, 0 to destroy
Show summary
CHANGE NAME
add aws_iam_role.sre_bot_sqs_access_role
aws_iam_role_policy.sre_bot_sqs_access_policy
aws_sqs_queue.sre_bot_dead_letter_queue
aws_sqs_queue.sre_bot_fifo_queue
Show plan
Resource actions are indicated with the following symbols:
  + create

Terraform will perform the following actions:

  # aws_iam_role.sre_bot_sqs_access_role will be created
  + resource "aws_iam_role" "sre_bot_sqs_access_role" {
      + arn                   = (known after apply)
      + assume_role_policy    = jsonencode(
            {
              + Statement = [
                  + {
                      + Action    = "sts:AssumeRole"
                      + Effect    = "Allow"
                      + Principal = {
                          + Service = "ecs-tasks.amazonaws.com"
                        }
                    },
                ]
              + Version   = "2012-10-17"
            }
        )
      + create_date           = (known after apply)
      + force_detach_policies = false
      + id                    = (known after apply)
      + managed_policy_arns   = (known after apply)
      + max_session_duration  = 3600
      + name                  = "sre_bot_sqs_access_role"
      + name_prefix           = (known after apply)
      + path                  = "/"
      + tags_all              = (known after apply)
      + unique_id             = (known after apply)

      + inline_policy {
          + name   = (known after apply)
          + policy = (known after apply)
        }
    }

  # aws_iam_role_policy.sre_bot_sqs_access_policy will be created
  + resource "aws_iam_role_policy" "sre_bot_sqs_access_policy" {
      + id          = (known after apply)
      + name        = "sre_bot_sqs_access_policy"
      + name_prefix = (known after apply)
      + policy      = (known after apply)
      + role        = (known after apply)
    }

  # aws_sqs_queue.sre_bot_dead_letter_queue will be created
  + resource "aws_sqs_queue" "sre_bot_dead_letter_queue" {
      + arn                               = (known after apply)
      + content_based_deduplication       = false
      + deduplication_scope               = (known after apply)
      + delay_seconds                     = 0
      + fifo_queue                        = true
      + fifo_throughput_limit             = (known after apply)
      + id                                = (known after apply)
      + kms_data_key_reuse_period_seconds = (known after apply)
      + max_message_size                  = 262144
      + message_retention_seconds         = 345600
      + name                              = "sre-bot-dead-letter-queue.fifo"
      + name_prefix                       = (known after apply)
      + policy                            = (known after apply)
      + receive_wait_time_seconds         = 0
      + redrive_allow_policy              = (known after apply)
      + redrive_policy                    = (known after apply)
      + sqs_managed_sse_enabled           = (known after apply)
      + tags_all                          = (known after apply)
      + url                               = (known after apply)
      + visibility_timeout_seconds        = 30
    }

  # aws_sqs_queue.sre_bot_fifo_queue will be created
  + resource "aws_sqs_queue" "sre_bot_fifo_queue" {
      + arn                               = (known after apply)
      + content_based_deduplication       = true
      + deduplication_scope               = (known after apply)
      + delay_seconds                     = 0
      + fifo_queue                        = true
      + fifo_throughput_limit             = (known after apply)
      + id                                = (known after apply)
      + kms_data_key_reuse_period_seconds = (known after apply)
      + max_message_size                  = 262144
      + message_retention_seconds         = 345600
      + name                              = "sre-bot-fifo-queue.fifo"
      + name_prefix                       = (known after apply)
      + policy                            = (known after apply)
      + receive_wait_time_seconds         = 0
      + redrive_allow_policy              = (known after apply)
      + redrive_policy                    = (known after apply)
      + sqs_managed_sse_enabled           = (known after apply)
      + tags_all                          = (known after apply)
      + url                               = (known after apply)
      + visibility_timeout_seconds        = 30
    }

Plan: 4 to add, 0 to change, 0 to destroy.

Warning: Argument is deprecated

  with module.sre_bot_bucket.aws_s3_bucket.this,
  on .terraform/modules/sre_bot_bucket/S3/main.tf line 8, in resource "aws_s3_bucket" "this":
   8: resource "aws_s3_bucket" "this" {

Use the aws_s3_bucket_versioning resource instead

(and 6 more similar warnings elsewhere)

─────────────────────────────────────────────────────────────────────────────

Saved the plan to: plan.tfplan

To perform exactly these actions, run the following command to apply:
    terraform apply "plan.tfplan"
Releasing state lock. This may take a few moments...
Show Conftest results
WARN - plan.json - main - Cloudwatch log metric pattern is invalid: ["aws_cloudwatch_log_metric_filter.sre_bot_error"]
WARN - plan.json - main - Missing Common Tags: ["aws_acm_certificate.sre_bot"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.sre-bot_group"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.sre_bot_dns"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_log_group.sre_bot_waf_log_group"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.sre_bot_error"]
WARN - plan.json - main - Missing Common Tags: ["aws_cloudwatch_metric_alarm.sre_bot_warning"]
WARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.aws_access_requests_table"]
WARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.sre_bot_data"]
WARN - plan.json - main - Missing Common Tags: ["aws_dynamodb_table.webhooks_table"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecr_repository.sre-bot"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_cluster.sre-bot"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_service.main"]
WARN - plan.json - main - Missing Common Tags: ["aws_ecs_task_definition.sre-bot"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.geodb_refresh_policy"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.sre-bot_secrets_manager"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_policy.sre_bot_bucket"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.sre-bot"]
WARN - plan.json - main - Missing Common Tags: ["aws_iam_role.sre_bot_sqs_access_role"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb.sre_bot"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_listener.sre_bot_listener"]
WARN - plan.json - main - Missing Common Tags: ["aws_lb_target_group.sre_bot"]
WARN - plan.json - main - Missing Common Tags: ["aws_route53_health_check.sre_bot_healthcheck"]
WARN - plan.json - main...

@sylviamclaughlin sylviamclaughlin requested a review from a team October 1, 2024 23:41
@sylviamclaughlin sylviamclaughlin merged commit 7081bfa into main Oct 2, 2024
7 checks passed
@sylviamclaughlin sylviamclaughlin deleted the feat/create_sqs branch October 2, 2024 16:19
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants