SNS redrive to Dead letter queue not working

Question

I have a queue with a policy:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "sns.amazonaws.com"
      },
      "Action": "sqs:SendMessage",
      "Resource": "arn:aws:sqs:us-west-2:*:example-dlq",
      "Condition": {
        "ArnEquals": {
          "aws:SourceArn": "arn:aws:sns:us-west-2:*:example-sns"
        }
      }
    }
  ]
}

I also have an SNS created and a subscription, that has a redrive policy:

{
  "deadLetterTargetArn": "arn:aws:sqs:us-west-2:*:example-dlq"
}

The subscription endpoint is a lambda, so the lambda fails 3 times (I can see that in the log), but the message never reaches the DLQ.

What could be wrong? I've read the documentation and it does not need any extra step to work (https://docs.aws.amazon.com/sns/latest/dg/sns-configure-dead-letter-queue.html). My only difference is that in the example the endpoint is another queue instead of a Lambda.

Thanks in advance

Answer 1

Okay I will answer my own question.

SNS delivers the message into the lambda but it does not care if it's failing or not (throwing an error), so the Dead Letter Queue for SNS only works when Lambda service is unavailable.

As this is an async event, you can set in the lambda a retry config and dead letter queue.

Or you can use SQS instead of SNS.