This lab is currently in Beta, content may be updated as we refine the material
LABINTERMEDIATE

SQS DLQ Incident Workflow

Build a poison-message handling workflow with SQS Dead Letter Queues, CloudWatch alarms on DLQ depth, and Lambda-based redrive logic to recover and reprocess failed messages.

45 minutes
aws/devops
SQS DLQ Incident Workflow - Platform Engineering Hands-On Lab Icon

Lab Overview

When downstream consumers fail to process messages, those messages land in a Dead Letter Queue (DLQ). A DevOps Engineer Professional must know how to detect, alarm on, and remediate poison-message scenarios before the DLQ becomes a black hole of lost data.

In this lab you will:

  • Create an SQS Standard Queue with a redrive policy that routes failed messages to a DLQ after 3 receive attempts
  • Build a Python Lambda that processes messages and simulates poison-message failures when a message body contains "FAIL"
  • Wire the Lambda as an SQS event source and observe normal messages being processed while poison messages accumulate in the DLQ
  • Create a CloudWatch alarm on the DLQ's ApproximateNumberOfMessagesVisible metric and notify an SNS topic
  • Build a DLQ redrive Lambda that inspects DLQ messages and redrives them back to the main queue for reprocessing
  • Simulate a full incident: send poison messages, verify DLQ alarm fires, redrive messages, and confirm successful reprocessing

Every resource is tagged with lab=true and Course=dop-c02. All operations use the AWS CLI in us-east-1.

What You'll Learn

Create SQS Standard Queues with redrive policies that route poison messages to a DLQ after configurable receive attempts

Build a Python Lambda function that processes SQS messages and raises exceptions for poison-message simulation

Configure a Lambda SQS event source mapping with batch sizing and failure handling

Create a CloudWatch alarm on DLQ ApproximateNumberOfMessagesVisible and notify an SNS topic

Build a DLQ redrive Lambda that inspects failed messages and moves them back to the source queue

Simulate a complete poison-message incident, verify alarm triggering, redrive messages, and confirm reprocessing

Prerequisites

basic-aws-cli-familiarity

aws-associate-level-knowledge

completed-aws-devops-cli-operations-baseline-lab

Technologies Covered

awssqsdlqlambdacloudwatchsnspoison-messageredriveincident-responsedop-c02

Part of a Course

This lab is part of the AWS Certified DevOps Engineer - Professional (DOP-C02) course

View All Courses

Choose your plan

Simple, Transparent Pricing

Unlock full access to TeKanAid courses, labs, and bootcamps

Buying for a team? Private corporate training is available for up to 15 learners.View team training
MonthlyQuarterly

Pro

Course content without labs

$59/month

Renews automatically. Cancel anytime.

Final price verified at checkout.

  • Full access to all courses
  • Progress tracking
  • Certificate of completion
  • Community access
  • Bootcamp participation
  • New content access
Recommended

Premium

Full access with hands-on labs

$99/month

Renews automatically. Cancel anytime.

Final price verified at checkout.

  • Everything in Pro
  • Unlimited hands-on labs
  • Lab AI Assistant
  • Accelerator bootcamps with live office hours
  • Priority support
Get Access Now

Prefer a single course?

Purchase individual courses for a one-time fee of $79. Full access to course content, quizzes, certificates, and community features, lab access is not included.

Browse Courses

Try it free, no credit card

Three free ways to start. All bridge into the paid Premium catalog when you're ready.

▶ Start with free courses and labs🧩 Solve your first free puzzle📧 Get the free 7-day crash course

Not ready to commit? The crash course is email-only. No academy account required.

Ready to Get Started?

Start this hands-on lab and build real-world Platform Engineering skills

Get Access Now