Amazon Web Service (AWS)


Amazon Simple Queue Service (SQS) is a distributed message queuing service used to send, store and retrieve messages in various sizes without a need to maintain your own server. Messages are stored on multiple servers for redundancy and to ensure availability.
  • name - (Optional) The name of the queue. Queue names must be made up of only uppercase and lowercase ASCII letters, numbers, underscores, and hyphens, and must be between 1 and 80 characters long. For a FIFO (first-in-first-out) queue, the name must end with the .fifo suffix. If omitted, Terraform will assign a random, unique name. Conflicts with name_prefix
  • name_prefix - (Optional) Creates a unique name beginning with the specified prefix. Conflicts with name
  • visibility_timeout_seconds - (Optional) The visibility timeout for the queue. An integer from 0 to 43200 (12 hours). The default for this attribute is 30. For more information about visibility timeout, see AWS docs.
  • message_retention_seconds - (Optional) The number of seconds Amazon SQS retains a message. Integer representing seconds, from 60 (1 minute) to 1209600 (14 days). The default for this attribute is 345600 (4 days).
  • max_message_size - (Optional) The limit of how many bytes a message can contain before Amazon SQS rejects it. An integer from 1024 bytes (1 KiB) up to 262144 bytes (256 KiB). The default for this attribute is 262144 (256 KiB).
  • delay_seconds - (Optional) The time in seconds that the delivery of all messages in the queue will be delayed. An integer from 0 to 900 (15 minutes). The default for this attribute is 0 seconds.
  • receive_wait_time_seconds - (Optional) The time for which a ReceiveMessage call will wait for a message to arrive (long polling) before returning. An integer from 0 to 20 (seconds). The default for this attribute is 0, meaning that the call will return immediately.
  • policy - (Optional) The JSON policy for the SQS queue. For more information about building AWS IAM policy documents with Terraform, see the AWS IAM Policy Document Guide.
  • redrive_policy - (Optional) The JSON policy to set up the Dead Letter Queue, see AWS docs. Note: when specifying maxReceiveCount, you must specify it as an integer (5), and not a string ("5").
  • redrive_allow_policy - (Optional) The JSON policy to set up the Dead Letter Queue redrive permission, see AWS docs.
  • fifo_queue - (Optional) Boolean designating a FIFO queue. If not set, it defaults to false making it standard.
  • content_based_deduplication - (Optional) Enables content-based deduplication for FIFO queues. For more information, see the related documentation
  • sqs_managed_sse_enabled - (Optional) Boolean to enable server-side encryption (SSE) of message content with SQS-owned encryption keys. Defaults to false. See Encryption at rest.
  • kms_master_key_id - (Optional) The ID of an AWS-managed customer master key (CMK) for Amazon SQS or a custom CMK. For more information, see Key Terms.
  • kms_data_key_reuse_period_seconds - (Optional) The length of time, in seconds, for which Amazon SQS can reuse a data key to encrypt or decrypt messages before calling AWS KMS again. An integer representing seconds, between 60 seconds (1 minute) and 86,400 seconds (24 hours). The default is 300 (5 minutes).
  • deduplication_scope - (Optional) Specifies whether message deduplication occurs at the message group or queue level. Valid values are messageGroup and queue (default).
  • fifo_throughput_limit - (Optional) Specifies whether the FIFO queue throughput quota applies to the entire queue or per message group. Valid values are perQueue (default) and perMessageGroupId.
  • tags - (Optional) A map of tags to assign to the queue. If configured with a provider default_tags configuration block present, tags with matching keys will overwrite those defined at the provider-level.

Associating resources with a
Resources do not "belong" to a
Rather, one or more Security Groups are associated to a resource.
via Terraform:
The following HCL creates an SQS resource

resource "aws_sqs_queue" "terraform_queue" {
 name                      = "terraform-example-queue"
 delay_seconds             = 90
 max_message_size          = 2048
 message_retention_seconds = 86400
 receive_wait_time_seconds = 10
 redrive_policy = jsonencode({
   deadLetterTargetArn = aws_sqs_queue.terraform_queue_deadletter.arn
   maxReceiveCount     = 4

 tags = {
   Environment = "production"

via CLI:

--queue-name <value>
[--attributes <value>]
[--tags <value>]
[--cli-input-json | --cli-input-yaml]
[--generate-cli-skeleton <value>]
[--endpoint-url <value>]
[--output <value>]
[--query <value>]
[--profile <value>]
[--region <value>]
[--version <value>]
[--color <value>]
[--ca-bundle <value>]
[--cli-read-timeout <value>]
[--cli-connect-timeout <value>]
[--cli-binary-format <value>]


aws sqs create-queue --queue-name MyQueue --attributes file://create-queue.json

Best Practices for

Categorized by Availability, Security & Compliance and Cost

Ensure SQS encryption is enabled
Ensure SQS is not publicly accessible
Explore all the rules our platform covers
All Resources