feat(sqs): support for permission settings for dead letter source queues

[badmintoncryer]

This PR allows for the configuration of constraints on source queues that can designate this queue as their dead letter queue.

declare const sourceQueue: sqs.IQueue;

// Only the sourceQueue can specify this queue as the dead-letter queue.
const queue1 = new sqs.Queue(this, 'Queue1', {
  redriveAllowPolicy: {
    sourceQueues: [sourceQueue],
  }
});

// No source queues can specify this queue as the dead-letter queue.
const queue2 = new sqs.Queue(this, 'Queue2', {
  redriveAllowPolicy: {
    redrivePermission: sqs.RedrivePermission.DENY_ALL,
  }
});

Closes #19766.

---

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache-2.0 license

[lpizzinidev]

Thanks 👍
I left some notes for minor adjustments.

[badmintoncryer]

@lpizzinidev Thank you for your review! I addressed your comments.

[lpizzinidev]

Thanks for clarifying 👍
The implementation of the deadLetterQueue property is pretty old and I think we should stick to the CloudFormation definition when possible for new props to avoid confusion.

[badmintoncryer]

Thank you for the confirmation. And I understand the policy on naming as well.

[GavinZZ]

I understood this logic from reading the docs trings above, but in general this ternary condition is quite confusing for people who look at this piece of code for the first time. Would be nice to have a comment here explaining it (i.e. when sourcePolicy is provided, default to use allow all permission ...).

Fairly minor change, and I'm happy to approve this PR.

[badmintoncryer]

@GavinZZ I've updated comments. Please confirm it again.

[GavinZZ]

Thank you for the contribution! Happy to approve once the CI passes.

[badmintoncryer]

@GavinZZ Do you know why the CI has failed?? https://github.com/aws/aws-cdk/actions/runs/7680150613/job/20931832477?pr=28745

This problem seems to have occurred in other PRs as well.

Run ./tools/@aws-cdk/prlint
  env:
    GITHUB_TOKEN: ***
    PR_NUMBER: 
    PR_SHA: 
    REPO_ROOT: /home/runner/work/aws-cdk/aws-cdk
⌛  Fetching PR number [2](https://github.com/aws/aws-cdk/actions/runs/7680150613/job/20931832477?pr=28745#step:4:2)87[4](https://github.com/aws/aws-cdk/actions/runs/7680150613/job/20931832477?pr=28745#step:4:4)[5](https://github.com/aws/aws-cdk/actions/runs/7680150613/job/20931832477?pr=28745#step:4:5)
Error: Bad credentials

[badmintoncryer]

@GavinZZ
The above problem seems to be resolved. However, the CodeBuild job status remains 'pending' even though it has finished successfully. How can I resolve it ?

[GavinZZ]

We're actively working on a fix on this issue. Sorry for the inconvenience.

[GavinZZ]

@mergify update

[mergify]

update

✅ Branch has been successfully updated

[GavinZZ]

LGTM, thanks for contributing!

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).

[aws-cdk-automation]

AWS CodeBuild CI Report

• CodeBuild project: AutoBuildv2Project1C6BFA3F-wQm2hXv2jqQv
• Commit ID: af747d4
• Result: SUCCEEDED
• Build Logs (available for 30 days)

Powered by github-codebuild-logs, available on the AWS Serverless Application Repository

[mergify]

Thank you for contributing! Your pull request will be updated from main and then merged automatically (do not update manually, and be sure to allow changes to be pushed to your fork).