Ensure that each AWS Simple Queue Service (SQS) queue is configured to use a Dead Letter Queue (DLQ) in order to help maintain the queue flow and avoid losing data by detecting and mitigating failures and service disruptions on time. A Dead Letter Queue is an SQS queue useful for debugging your application or your messaging system, that can isolate messages that can't be processed successfully for later analysis.
This rule can help you with the following compliance standards:
- NIST4
For further details on compliance standards supported by Conformity, see here.
This rule can help you work with the AWS Well-Architected Framework.
This rule resolution is part of the Conformity Security & Compliance tool for AWS.
excellence
Enabling Dead Letter Queues (DLQs) for your SQS queues can help you troubleshoot incorrect message transmission operations that can lead to data loss. Use DLQs to decrease the number of unprocessed messages and reduce the possibility of exposing your queues to poison pill messages (i.e. messages that are received but can't be processed for some reason).
Audit
To determine if Dead Letter Queues are enabled for your AWS SQS queues, perform the following:
Remediation / Resolution
To create and configure a Dead Letter Queue in order to prevent endless processing of invalid messages for your AWS SQS queues, perform the following actions:
References
- AWS Documentation
- Amazon SQS FAQs
- Working with Amazon SQS Messages
- Amazon SQS Dead-Letter Queues
- Tutorial: Configuring an Amazon SQS Dead-Letter Queue
- AWS Command Line Interface (CLI) Documentation
- sqs
- list-queues
- get-queue-attributes
- create-queue
- set-queue-attributes
Unlock the Remediation Steps
Free 30-day Trial
Automatically audit your configurations with Conformity
and gain access to our cloud security platform.

You are auditing:
SQS Dead Letter Queue
Risk level: Low