# InvalidParameterValue: The redrive policy for queue 'my-queue' is invalid. Reason: The dead-letter queue ARN is not valid. - **ID:** `cloud/aws-sqs-redrive-policy-invalid` - **Domain:** cloud - **Category:** config_error - **Error Code:** `InvalidParameterValue` - **Verification:** ai_generated - **Fix Rate:** 88% ## Root Cause The dead-letter queue ARN specified in the redrive policy does not exist, is in a different region, or the source queue does not have permission to send messages to it. ## Version Compatibility | Version | Status | Introduced | Deprecated | |---------|--------|------------|------------| | AWS SDK for Python (boto3): 1.34.0 | active | — | — | | SQS: 2012-11-05 | active | — | — | | Terraform AWS Provider: 5.70.0 | active | — | — | ## Workarounds 1. **Verify the dead-letter queue ARN using AWS CLI: aws sqs get-queue-attributes --queue-url --attribute-names QueueArn. Then update the redrive policy with the correct ARN.** (95% success) ``` Verify the dead-letter queue ARN using AWS CLI: aws sqs get-queue-attributes --queue-url --attribute-names QueueArn. Then update the redrive policy with the correct ARN. ``` 2. **Attach a resource-based policy to the dead-letter queue allowing the source queue to send messages: aws sqs set-queue-attributes --queue-url --attributes Policy='{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":"*","Action":"sqs:SendMessage","Resource":"","Condition":{"ArnEquals":{"aws:SourceArn":""}}}]}'** (90% success) ``` Attach a resource-based policy to the dead-letter queue allowing the source queue to send messages: aws sqs set-queue-attributes --queue-url --attributes Policy='{"Version":"2012-10-17","Statement":[{"Effect":"Allow","Principal":"*","Action":"sqs:SendMessage","Resource":"","Condition":{"ArnEquals":{"aws:SourceArn":""}}}]}' ``` 3. **Ensure both queues are in the same AWS region; if not, create a new dead-letter queue in the same region as the source queue.** (85% success) ``` Ensure both queues are in the same AWS region; if not, create a new dead-letter queue in the same region as the source queue. ``` ## Dead Ends - **** — Recreating queues does not fix the ARN mismatch or permission issue; the new queues have different ARNs unless explicitly specified. (80% fail) - **** — This only delays the problem; messages still get stuck in the source queue if processing fails repeatedly, and the redrive policy remains invalid. (90% fail) - **** — The redrive policy requires an ARN, not a URL; using a URL causes the same invalid parameter error. (95% fail)