From cfe15d99e2faf74efa782281c654b0d48c4d2c18 Mon Sep 17 00:00:00 2001
From: Sourav Kundu <skundu.dev@gmail.com>
Date: Thu, 12 Sep 2024 16:25:12 -0500
Subject: [PATCH] #19 fix for CKV_AWS_116

---
 lambda.tf | 6 +++++-
 sqs.tf    | 4 ++++
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 sqs.tf

diff --git a/lambda.tf b/lambda.tf
index bc0f226..0b369c9 100644
--- a/lambda.tf
+++ b/lambda.tf
@@ -25,10 +25,14 @@ resource "aws_lambda_function" "lambda_run" {
       log_stream_name = aws_cloudwatch_log_stream.log_stream.name
     }
   }
+  #https://docs.prismacloud.io/en/enterprise-edition/policy-reference/aws-policies/aws-general-policies/ensure-that-aws-lambda-function-is-configured-for-a-dead-letter-queue-dlq
+  dead_letter_config {
+    target_arn = aws_sqs_queue.dlq.arn
+  }
+
   #checkov:skip=CKV_AWS_50: Not applicable in this use case: X-Ray tracing is enabled for Lambda
   #checkov:skip=CKV_AWS_115: Not applicable in this use case: Ensure that AWS Lambda function is configured for function-level concurrent execution limit
   #checkov:skip=CKV_AWS_117: This AWS Lambda function does not require access to anything inside a VPC
-  #checkov:skip=CKV_AWS_116: Not applicable in this use case
   #checkov:skip=CKV_AWS_173: Not applicable in this use case
   #checkov:skip=CKV_AWS_272: Not applicable in this use case: Ensure AWS Lambda function is configured to validate code-signing
 }
diff --git a/sqs.tf b/sqs.tf
new file mode 100644
index 0000000..a4aee02
--- /dev/null
+++ b/sqs.tf
@@ -0,0 +1,4 @@
+#https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sqs_queue
+resource "aws_sqs_queue" "dlq" {
+  name = "${var.name}-lambda-dlq"
+}
\ No newline at end of file