From 6a047d85dd73539a81f8580dd706ce79736ee5f2 Mon Sep 17 00:00:00 2001 From: Michael Harrison Date: Tue, 23 Dec 2025 09:57:02 +0000 Subject: [PATCH 1/2] CCM-13638: configurable dlq retention period --- infrastructure/modules/sqs/README.md | 1 + infrastructure/modules/sqs/sqs_queue_deadletter_queue.tf | 2 +- infrastructure/modules/sqs/variables.tf | 6 ++++++ 3 files changed, 8 insertions(+), 1 deletion(-) diff --git a/infrastructure/modules/sqs/README.md b/infrastructure/modules/sqs/README.md index 23de60e..66fdead 100644 --- a/infrastructure/modules/sqs/README.md +++ b/infrastructure/modules/sqs/README.md @@ -18,6 +18,7 @@ | [create\_dlq](#input\_create\_dlq) | Create a DLQ | `bool` | `false` | no | | [default\_tags](#input\_default\_tags) | A map of default tags to apply to all taggable resources within the component | `map(string)` | `{}` | no | | [delay\_seconds](#input\_delay\_seconds) | Time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes). | `number` | `0` | no | +| [dlq\_message\_retention\_seconds](#input\_dlq\_message\_retention\_seconds) | The number of seconds Amazon SQS retains a message on the DLQ. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days) | `number` | `1209600` | no | | [environment](#input\_environment) | The name of the tfscaffold environment | `string` | n/a | yes | | [fifo\_queue](#input\_fifo\_queue) | Boolean designating a FIFO queue | `bool` | `false` | no | | [kms\_data\_key\_reuse\_period\_seconds](#input\_kms\_data\_key\_reuse\_period\_seconds) | The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours) | `number` | `300` | no | diff --git a/infrastructure/modules/sqs/sqs_queue_deadletter_queue.tf b/infrastructure/modules/sqs/sqs_queue_deadletter_queue.tf index dd62849..ed3914f 100644 --- a/infrastructure/modules/sqs/sqs_queue_deadletter_queue.tf +++ b/infrastructure/modules/sqs/sqs_queue_deadletter_queue.tf @@ -3,7 +3,7 @@ resource "aws_sqs_queue" "deadletter_queue" { name = "${local.csi}-dlq${var.fifo_queue ? ".fifo" : ""}" - message_retention_seconds = var.message_retention_seconds + message_retention_seconds = var.dlq_message_retention_seconds visibility_timeout_seconds = var.visibility_timeout_seconds fifo_queue = var.fifo_queue content_based_deduplication = var.content_based_deduplication diff --git a/infrastructure/modules/sqs/variables.tf b/infrastructure/modules/sqs/variables.tf index b26ff39..18fe88a 100644 --- a/infrastructure/modules/sqs/variables.tf +++ b/infrastructure/modules/sqs/variables.tf @@ -69,6 +69,12 @@ variable "message_retention_seconds" { default = null } +variable "dlq_message_retention_seconds" { + description = "The number of seconds Amazon SQS retains a message on the DLQ. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days)" + type = number + default = 1209600 +} + variable "visibility_timeout_seconds" { description = "The visibility timeout for the queue. An integer from 0 to 43200 (12 hours)" type = number From 5a68af8060fca5196fa828cd250d2b95c8f3c4a2 Mon Sep 17 00:00:00 2001 From: Michael Harrison Date: Tue, 23 Dec 2025 10:56:50 +0000 Subject: [PATCH 2/2] CCM-13638: update scan dependencies --- .tool-versions | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.tool-versions b/.tool-versions index 92c5000..9abd826 100644 --- a/.tool-versions +++ b/.tool-versions @@ -13,8 +13,8 @@ vale 3.6.0 # The section below is reserved for Docker image versions. # TODO: Move this section - consider using a different file for the repository template dependencies. -# docker/ghcr.io/anchore/grype v0.92.2@sha256:651e558f9ba84f2a790b3449c8a57cbbf4f34e004f7d3f14ae8f8cbeede4cd33 # SEE: https://github.com/anchore/grype/pkgs/container/grype -# docker/ghcr.io/anchore/syft v1.26.0@sha256:de078f51704a213906970b1475edd6006b8af50aa159852e125518237487b8c6 # SEE: https://github.com/anchore/syft/pkgs/container/syft +# docker/ghcr.io/anchore/grype v0.104.3@sha256:d340f4f8b3b7e6e72a6c9c0152f25402ed8a2d7375dba1dfce4e53115242feb6 # SEE: https://github.com/anchore/grype/pkgs/container/grype +# docker/ghcr.io/anchore/syft v1.39.0@sha256:6f13bb010923c33fb197047c8f88888e77071bd32596b3f605d62a133e493ce4 # SEE: https://github.com/anchore/syft/pkgs/container/syft # docker/ghcr.io/gitleaks/gitleaks:v8.24.0@sha256:b8e9bf46893c2f20e10bfb4b2e783adaef519dea981b01ca6221ac325e836040 # SEE: https://github.com/gitleaks/gitleaks/pkgs/container/gitleaks # docker/ghcr.io/igorshubovych/markdownlint-cli v0.37.0@sha256:fb3e79946fce78e1cde84d6798c6c2a55f2de11fc16606a40d49411e281d950d # SEE: https://github.com/igorshubovych/markdownlint-cli/pkgs/container/markdownlint-cli # docker/ghcr.io/make-ops-tools/gocloc latest@sha256:6888e62e9ae693c4ebcfed9f1d86c70fd083868acb8815fe44b561b9a73b5032 # SEE: https://github.com/make-ops-tools/gocloc/pkgs/container/gocloc