austoonz
1/9/2019 - 6:42 AM

CloudFormation: SQS Queue subscribed to SNS Topic

A CloudFormation template sample to subscribe an SQS Queue to an SNS Topic.

SQS-SNS-Subscription
content_copyfile_download
---
AWSTemplateFormatVersion: '2010-09-09'

Description: SQS Queue subscribed to an SNS Topic

Parameters:

  SourceSNSTopicArn:
    Type: String
    Description: SNS Topic Arn to subscribe the SQS Queue to

Metadata:

  AWS::CloudFormation::Interface:
    ParameterLabels:
      SourceSNSTopicArn:
        default: SNS Topic Arn

Resources:

  SQSQueue:
    Type: AWS::SQS::Queue
    Properties:
      VisibilityTimeout: 180
      RedrivePolicy:
        deadLetterTargetArn: !GetAtt DeadLetterQueue.Arn
        maxReceiveCount: 3
      Tags:
        -
          Key: StackId
          Value: !Ref AWS::StackId

  SQSQueuePolicy:
    Type: AWS::SQS::QueuePolicy
    Properties:
      Queues:
        - !Ref SQSQueue
      PolicyDocument:
        Id: AllowIncomingAccess
        Statement:
          -
            Effect: Allow
            Principal:
              AWS:
                - !Ref AWS::AccountId
            Action:
              - sqs:SendMessage
              - sqs:ReceiveMessage
            Resource:
              - !GetAtt SQSQueue.Arn
          -
            Effect: Allow
            Principal: '*'
            Action:
              - sqs:SendMessage
            Resource:
              - !GetAtt SQSQueue.Arn
            Condition:
              ArnEquals:
                aws:SourceArn: !Ref SourceSNSTopicArn

  DeadLetterQueue:
    Type: AWS::SQS::Queue
    Properties:
      VisibilityTimeout: 160
      Tags:
        -
          Key: StackId
          Value: !Ref AWS::StackId

  SNSSubscription:
    Type: AWS::SNS::Subscription
    Properties:
      TopicArn: !Ref SourceSNSTopicArn
      Endpoint: !GetAtt SQSQueue.Arn
      Protocol: sqs
      RawMessageDelivery: true

  SQSQueueAgeOfOldestMessage:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmName: SQSQueue_AgeOfOldestMessage
      AlarmDescription: Alarms if the SQS Queue has messages in it for too long
      ComparisonOperator: GreaterThanThreshold
      Dimensions:
        - Name: QueueName
          Value: !GetAtt SQSQueue.QueueName
      DatapointsToAlarm: 2
      EvaluationPeriods: 3
      MetricName: ApproximateAgeOfOldestMessage
      Namespace: AWS/SQS
      Period: 300
      Statistic: Maximum
      Threshold: 30
      TreatMissingData: notBreaching
      Unit: Seconds

  DeadLetterQueueApproximateNumberOfMessagesVisible:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmName: DeadLetterQueue_ApproximateNumberOfMessagesVisible
      AlarmDescription: Alarms if the Dead Letter Queue has too many messages
      ComparisonOperator: GreaterThanOrEqualToThreshold
      Dimensions:
        - Name: QueueName
          Value: !GetAtt DeadLetterQueue.QueueName
      DatapointsToAlarm: 2
      EvaluationPeriods: 3
      MetricName: ApproximateNumberOfMessagesVisible
      Namespace: AWS/SQS
      Period: 300
      Statistic: Maximum
      Threshold: 1
      TreatMissingData: notBreaching

Outputs:

  SQSQueueArn:
    Value: !GetAtt SQSQueue.Arn