我在 Python 上使用 AWS CDK,想要创建具有死信队列的 SQS,并希望添加重新驱动允许策略以仅允许关联的队列并重新驱动它。
这是我的示例代码
from aws_cdk import sqs
from constructs import Construct
class MyStack(Stack):
def __init__(
self,
scope: Construct,
construct_id: str,
**kwargs,
) -> None:
super().__init__(scope, construct_id, **kwargs)
dead_letter_queue = sqs.Queue(
self,
dead_letter_queue_name,
queue_name=f"{dead_letter_queue_name}",
redrive_allow_policy=sqs.RedriveAllowPolicy(
redrive_permission=sqs.RedrivePermission.BY_QUEUE,
source_queues=[queue], # Require source IQueue (source queue) to be created first
),
)
queue = sqs.Queue(
self,
queue_name,
queue_name=f"{queue_name}",
dead_letter_queue=sqs.DeadLetterQueue(
max_receive_count=3,
queue=dead_letter_queue, # Require dead letter queue to be created first
),
)
两者都需要先创建对方,我只是 CDK 的新手,所以我该如何解决这个问题。
提前致谢。
我通过手动将策略附加到死信队列而不是使用重新驱动允许策略来解决此问题。
from a ws_cdk import (
aws_sqs as sqs,
aws_iam
)
from constructs import Construct
class MyStack(Stack):
def __init__(
self,
scope: Construct,
construct_id: str,
**kwargs,
) -> None:
super().__init__(scope, construct_id, **kwargs)
dead_letter_queue = sqs.Queue(
self,
dead_letter_queue_name,
queue_name=f"{dead_letter_queue_name}",
)
queue = sqs.Queue(
self,
queue_name,
queue_name=f"{queue_name}",
dead_letter_queue=sqs.DeadLetterQueue(
max_receive_count=3,
queue=dead_letter_queue, # Require dead letter queue to be created first
),
)
dead_letter_queue.add_to_resource_policy(
statement=aws_iam.PolicyStatement(
actions=[
"sqs:StartMessageMoveTask",
"sqs:ReceiveMessage",
"sqs:DeleteMessage",
"sqs:GetQueueAttributes",
"sqs:CancelMessageMoveTask",
"sqs:ListMessageMoveTasks",
],
effect=aws_iam.Effect.ALLOW,
principals=[aws_iam.ServicePrincipal("sqs.amazonaws.com")],
resources=[dead_letter_queue.queue_arn],
)
)
dead_letter_queue.add_to_resource_policy(
statement=aws_iam.PolicyStatement(
actions=["sqs:SendMessage"],
effect=aws_iam.Effect.ALLOW,
principals=[aws_iam.ServicePrincipal("sqs.amazonaws.com")],
resources=[queue.queue_arn],
)
)