h1. Request Details
h2. Background
Our current on-going project Accom Pricing Log (ainlog) provide an evidence for pricing ops to handle dispute on why we give certain price to customers. Since ainlog depends on SQS to prevent missing prominent log as our main storage will be on elasticsearch, we try to add more preventive action to keep our log in many circumstance. Therefore to enable this step, ainlog need to have message producer role to allow processing failure log on ainlog.
previous request for reference :
https://29022131.atlassian.net/browse/TOSD-4158
h2. Purpose
We need additional permission from ainlog-app to ainlog SQS to allow processing failure logs which occur on ainlog-app machine
h2. Impact
Unhandle failure logs means there is possibility we could lose any prominent log
h2. Risk
Increase number of outbond network size from ainlog
h2. Resources
h3. SQS Queue
h4. Configuration
{code}
tags = {
Name = "ainlog-log-3487a182c39349bc"
Service = "ainlog"
ProductDomain = "ain"
Environment = "production"
Description = "Queue for logging"
}
{code}
h4. SQS Policy
{code}
producers = ["ainlog-app"]
allowed_actions = [
"sqs:SendMessage",
"sqs:SendMessageBatch",
"sqs:ChangeMessageVisibility",
"sqs:ChangeMessageVisibilityBatch",
"sqs:GetQueueAttributes",
"sqs:GetQueueUrl",
"sqs:PurgeQueue"
]
{code}