This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Deadlettering is not working.

Posted on 06-07-2023 11:48 PM
ankit-pradhan
Bronze 5
Bronze 5
Reply posted on --/--/---- --:-- AM

Hi,

Deadlettering is not working . Followed below steps. Please tell us a solution. 

  1. Created a new google service account (say : svc-pubsub@myproject.iam.gserviceaccount.com) which is not attached service account.
  2. Created topics and subscriptions (my-topic , my-deadletter-topic, my-subscription , my-deadletter-subscription)
  3. my-deadletter-topic is configured as deadlettering policy for my-subscription.
  4. Given below roles to service account on topics (my-topic , my-deadletter-topic).
    4.1 ) "roles/pubsub.publisher",
    4.2 ) "roles/pubsub.subscriber"
    4.3 ) "roles/pubsub.viewer"
  5. Given below roles to service account on subscriptions (my-subscription , my-deadletter-subscription).
    5.1) "roles/pubsub.subscriber"
    5.2) "roles/pubsub.viewer"
  6. deadlettering is enabled on my-subscription with 10 maxAttempts.
  7. Started publishing message on my-topic from my-publisher-app. (Using google client library)
  8. Started stream pull from subscription (my-subscription) in my-subscriber-app. (Using google client library)
  9. I am sending nack always from subscriber in my-subscriber-app. (Using google client library)
  10. Messages are not getting written on my-deadletter-topic.
Solved Solved
0 4 2,538
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
ms4446
Staff
In response to ankit-pradhan
Reply posted on --/--/---- --:-- AM

Yes, you're correct. Google Cloud Pub/Sub uses a service account created and managed by Google, the service-{projectId}@gcp-sa-pubsub.iam.gserviceaccount.com service account, to forward undeliverable messages from a subscription to a dead-letter topic. This is mentioned in the official Google Cloud documentation you've referred to.

The Google-managed service account is the one that needs permission to publish to the dead-letter topic. This is because the Pub/Sub service, not your application or the service account your application uses, is what actually moves the message from the subscription to the dead-letter topic.

To allow the Google-managed service account to publish to the dead-letter topic, you need to grant the roles/pubsub.publisher role to the service-{projectId}@gcp-sa-pubsub.iam.gserviceaccount.com service account on the dead-letter topic.

Unfortunately, you can't configure Pub/Sub to use your own service account for dead-lettering. The process of forwarding messages to the dead-letter topic is managed by the Pub/Sub service, not by your application, so it needs to use the service account that is associated with the Pub/Sub service.

Here's how you can grant the required permissions:

  1. Go to the Google Cloud Console.
  2. Go to IAM & Admin.
  3. Click on IAM.
  4. Click on ADD.
  5. In the "New members" field, add the Google-managed service account (service-{projectId}@gcp-sa-pubsub.iam.gserviceaccount.com).
  6. In the "Role" dropdown, select "Pub/Sub Publisher".
  7. Click on SAVE.

After granting the necessary permissions to the Google-managed service account, the dead-lettering feature should work as expected.

View solution in original post

Jump to Solution
4 REPLIES 4
Top Solution Authors
View all