bug: SQS used as a DLQ on a lambda produces AwsSolutions-SQS3

[jessebs]

What is the problem?

When setting up a basic SQS and using it as a DLQ for a lambda, I get an error from AwsSolutions that the queue is not used as a DLQ and does not have a DLQ enabled.

Reproduction Steps

import { Queue } from "aws-cdk-lib/aws-sqs"
import { Aspects, aws_lambda, StackProps } from "aws-cdk-lib"
import { Architecture } from "aws-cdk-lib/aws-lambda"
import * as cdk from "aws-cdk-lib"
import { AwsSolutionsChecks } from "cdk-nag"
import { Construct } from "constructs"

const app = new cdk.App()

export class TestStack extends cdk.Stack {
  constructor(scope: Construct, id: string, props?: StackProps) {
    super(scope, id)

    const dlq = new Queue(this, "DLQ")

    const lambda = new aws_lambda.Function(this, "Function", {
      handler: "index.handler", // The name of the method within your code that Lambda calls to execute your function
      code: aws_lambda.Code.fromInline(`
        exports.handler = async (event) => {
          console.log("Hello, CDK! You've hit", event.path);
        }
      `),
      runtime: aws_lambda.Runtime.NODEJS_20_X,
      architecture: Architecture.ARM_64,
      memorySize: 128,
      deadLetterQueueEnabled: true,
      deadLetterQueue: dlq
    })
  }
}

new TestStack(app, "TestStack")

Aspects.of(app).add(new AwsSolutionsChecks({ verbose: true }))

What did you expect to happen?

No AwsSolutions-SQS3 error

What actually happened?

[Error at /TestStack/DLQ/Resource] AwsSolutions-SQS3: The SQS queue is not used as a dead-letter queue (DLQ) and does not have a DLQ enabled. Using a DLQ helps maintain the queue flow and avoid losing data by detecting and mitigating failures and service disruptions on time.

cdk-nag version

2.28.63

Language

Typescript

Other information

No response

[dontirun]

Thanks for reporting!