Ensure AWS Lambda function is configured for a DLQ

Error: AWS Lambda function is not configured for a DLQ

Bridgecrew Policy ID: BC_AWS_GENERAL_64
Checkov Check ID: CKV_AWS_116
Severity: LOW

AWS Lambda function is not configured for a DLQ


Setting up a DLQ offers the possibility to investigate errors or failed requests to the connected Lambda function.

As an alternative it is possible to configure an on-failure destination target, which forwards a failed event to a DLQ, SNS Topic, Lambda function or EventBridge.

It is always important to understand why your application/function failed and to ensure that no data was dropped or compromised. Lambda functions are often used to process security related data like CloudTrail events and a failed delivery to a dependent system can result in an unnoticed security breach.

Fix - Buildtime


  • Resource: aws_lambda_function
  • Argument: dead_letter_config
resource "aws_lambda_function" "test_lambda" {
+ dead_letter_config {
+   target_arn = "test"
+ }


  • Resource: AWS::Lambda::Function
  • Argument: Properties.DeadLetterConfig
Type: AWS::Lambda::Function
+ DeadLetterConfig:
+   TargetArn: "test"