Architecture
Event-Driven Architecture: Mastering Failure Handling with SQS Dead Letter Queues
•Zak Kann
AWSSQSEvent-Driven ArchitectureDistributed SystemsReliabilityObservability
Event-driven architectures enable loose coupling and horizontal scalability, but they introduce complex failure modes that don't exist in synchronous request/response systems. When a message consumer fails to process a message, the question isn't just "what went wrong?"—it's "how do we prevent this message from blocking the queue while preserving it for investigation?"
Dead Letter Queues (DLQs) are the foundational pattern for handling message processing failures in distributed systems. Yet most implementations treat them as afterthoughts: a place where failed messages go to die, generating alerts no one investigates until the queue depth becomes critical.
This guide provides a comprehensive framework for designing, implementing, and operating DLQ-based failure handling that turns message processing failures into actionable insights and automated recovery workflows.
Understanding Message Processing Failures
The Failure Taxonomy
Not all message processing failures are created equal. Understanding the failure categories is essential for designing appropriate retry and recovery strategies.
1. Transient Failures (Retriable)
- Downstream API timeouts or 5xx errors
- Database connection pool exhaustion
- Rate limiting from external services
- Temporary network partitions
2. Poison Messages (Non-Retriable)
- Malformed message payloads that fail schema validation
- Business logic violations (attempting to process a cancelled order)
- Messages referencing non-existent resources
- Messages that trigger application bugs (null pointer exceptions, division by zero)
3. Systemic Failures (Environment-Dependent)
- Missing configuration or secrets
- Insufficient IAM permissions
- Deployment issues (broken application code)
- Resource exhaustion (out of memory, disk full)
4. Business-Level Failures (Valid but Unprocessable)
- Duplicate messages that were already processed
- Out-of-order message arrival
- Stale messages where the time window for processing has passed
The key insight: only transient failures should trigger automatic retries. Poison messages need investigation and remediation. Systemic failures require infrastructure fixes. Business-level failures need domain-specific handling.
SQS Dead Letter Queue Architecture
Basic DLQ Configuration
SQS provides built-in DLQ support through a redrive policy. When a message exceeds the maximum receive count, SQS automatically moves it to the configured DLQ.
Terraform Implementation:
# Main processing queue
resource "aws_sqs_queue" "orders_queue" {
name = "orders-processing-queue"
visibility_timeout_seconds = 300 # 5 minutes
message_retention_seconds = 1209600 # 14 days
receive_wait_time_seconds = 20 # Long polling
# Redrive policy configuration
redrive_policy = jsonencode({
deadLetterTargetArn = aws_sqs_queue.orders_dlq.arn
maxReceiveCount = 3 # Messages fail after 3 attempts
})
tags = {
Purpose = "Order processing"
}
}
# Dead letter queue
resource "aws_sqs_queue" "orders_dlq" {
name = "orders-processing-dlq"
message_retention_seconds = 1209600 # 14 days - same as main queue
tags = {
Purpose = "Order processing failures"
}
}
# CloudWatch alarms for DLQ depth
resource "aws_cloudwatch_metric_alarm" "dlq_messages" {
alarm_name = "orders-dlq-messages-detected"
comparison_operator = "GreaterThanThreshold"
evaluation_periods = 1
metric_name = "ApproximateNumberOfMessagesVisible"
namespace = "AWS/SQS"
period = 300 # 5 minutes
statistic = "Average"
threshold = 0
alarm_description = "Alert when messages land in DLQ"
alarm_actions = [aws_sns_topic.ops_alerts.arn]
dimensions = {
QueueName = aws_sqs_queue.orders_dlq.name
}
}Advanced: Staged DLQ Pattern
For high-reliability systems, implement a staged DLQ approach with multiple retry tiers.
# Primary queue with aggressive retries
resource "aws_sqs_queue" "primary" {
name = "orders-primary"
visibility_timeout_seconds = 60
redrive_policy = jsonencode({
deadLetterTargetArn = aws_sqs_queue.retry_tier_1.arn
maxReceiveCount = 2
})
}
# First retry tier: 5-minute delay
resource "aws_sqs_queue" "retry_tier_1" {
name = "orders-retry-tier-1"
visibility_timeout_seconds = 60
delay_seconds = 300 # 5-minute delay
redrive_policy = jsonencode({
deadLetterTargetArn = aws_sqs_queue.retry_tier_2.arn
maxReceiveCount = 2
})
}
# Second retry tier: 1-hour delay
resource "aws_sqs_queue" "retry_tier_2" {
name = "orders-retry-tier-2"
visibility_timeout_seconds = 60
delay_seconds = 900 # 15-minute delay (max allowed)
redrive_policy = jsonencode({
deadLetterTargetArn = aws_sqs_queue.final_dlq.arn
maxReceiveCount = 1
})
}
# Final DLQ for truly failed messages
resource "aws_sqs_queue" "final_dlq" {
name = "orders-final-dlq"
message_retention_seconds = 1209600
}This pattern provides:
- Fast retries for transient failures (immediate → 5 min → 15 min)
- Exponential backoff through queue delays
- Failure isolation by retry tier for better observability
Consumer Implementation Patterns
Pattern 1: Lambda with SQS Event Source
Lambda's SQS integration provides built-in retry behavior, but you must configure it correctly.
// Lambda handler for SQS processing
import { SQSHandler, SQSRecord } from 'aws-lambda';
import { DynamoDBClient, PutItemCommand } from '@aws-sdk/client-dynamodb';
import { SQSClient, DeleteMessageCommand } from '@aws-sdk/client-sqs';
const dynamodb = new DynamoDBClient({});
const sqs = new SQSClient({});
interface OrderEvent {
orderId: string;
customerId: string;
items: Array<{ sku: string; quantity: number; price: number }>;
timestamp: string;
}
export const handler: SQSHandler = async (event) => {
// Process records in batch, but track failures individually
const failedRecords: string[] = [];
for (const record of event.Records) {
try {
await processMessage(record);
} catch (error) {
console.error('Failed to process message', {
messageId: record.messageId,
error: error instanceof Error ? error.message : 'Unknown error',
body: record.body,
});
// Determine if error is retriable
if (isRetriable(error)) {
// Let SQS retry mechanism handle it
failedRecords.push(record.messageId);
} else {
// Poison message - log and delete to prevent retries
await logPoisonMessage(record, error);
await deleteMessage(record);
}
}
}
// Return failed message IDs to Lambda
// Lambda will only delete successfully processed messages
if (failedRecords.length > 0) {
return {
batchItemFailures: failedRecords.map(id => ({ itemIdentifier: id })),
};
}
};
async function processMessage(record: SQSRecord): Promise<void> {
const order: OrderEvent = JSON.parse(record.body);
// Validate message structure
if (!order.orderId || !order.customerId || !order.items) {
throw new Error('Invalid message schema');
}
// Process order
await DynamoDBClient.send(new PutItemCommand({
TableName: process.env.ORDERS_TABLE!,
Item: {
orderId: { S: order.orderId },
customerId: { S: order.customerId },
items: { S: JSON.stringify(order.items) },
processedAt: { S: new Date().toISOString() },
},
}));
console.log('Order processed successfully', { orderId: order.orderId });
}
function isRetriable(error: unknown): boolean {
if (error instanceof Error) {
// Network errors, timeouts
if (error.name === 'TimeoutError') return true;
if (error.message.includes('ECONNREFUSED')) return true;
if (error.message.includes('ETIMEDOUT')) return true;
// DynamoDB throttling
if (error.name === 'ProvisionedThroughputExceededException') return true;
// Generic AWS service errors
if (error.name === 'ServiceUnavailable') return true;
}
return false;
}
async function logPoisonMessage(record: SQSRecord, error: unknown): Promise<void> {
// Log to dedicated DynamoDB table for analysis
await dynamodb.send(new PutItemCommand({
TableName: process.env.POISON_MESSAGES_TABLE!,
Item: {
messageId: { S: record.messageId },
receiptHandle: { S: record.receiptHandle },
body: { S: record.body },
errorMessage: { S: error instanceof Error ? error.message : 'Unknown error' },
errorStack: { S: error instanceof Error ? error.stack || '' : '' },
detectedAt: { S: new Date().toISOString() },
queueName: { S: record.eventSourceARN.split(':').pop() || 'unknown' },
},
}));
}
async function deleteMessage(record: SQSRecord): Promise<void> {
const queueUrl = record.eventSourceARN; // Extract from ARN
await sqs.send(new DeleteMessageCommand({
QueueUrl: queueUrl,
ReceiptHandle: record.receiptHandle,
}));
}Lambda Event Source Mapping Configuration:
resource "aws_lambda_event_source_mapping" "sqs_trigger" {
event_source_arn = aws_sqs_queue.orders_queue.arn
function_name = aws_lambda_function.order_processor.arn
batch_size = 10
# Report batch item failures for partial batch success
function_response_types = ["ReportBatchItemFailures"]
# Scaling configuration
scaling_config {
maximum_concurrency = 10
}
}Pattern 2: ECS/Fargate Worker with Long-Running Consumers
For complex processing requiring longer execution times or specific runtime environments.
// ECS worker consuming from SQS
import { SQSClient, ReceiveMessageCommand, DeleteMessageCommand,
ChangeMessageVisibilityCommand } from '@aws-sdk/client-sqs';
const sqs = new SQSClient({});
const QUEUE_URL = process.env.QUEUE_URL!;
const VISIBILITY_TIMEOUT = 300; // 5 minutes
class SQSWorker {
private running = true;
async start(): Promise<void> {
console.log('Worker starting', { queueUrl: QUEUE_URL });
// Graceful shutdown handling
process.on('SIGTERM', () => this.shutdown());
process.on('SIGINT', () => this.shutdown());
while (this.running) {
await this.poll();
}
}
private async poll(): Promise<void> {
try {
const response = await sqs.send(new ReceiveMessageCommand({
QueueUrl: QUEUE_URL,
MaxNumberOfMessages: 10,
WaitTimeSeconds: 20, // Long polling
VisibilityTimeout: VISIBILITY_TIMEOUT,
AttributeNames: ['ApproximateReceiveCount'],
}));
if (!response.Messages || response.Messages.length === 0) {
return;
}
// Process messages concurrently
await Promise.allSettled(
response.Messages.map(msg => this.processMessage(msg))
);
} catch (error) {
console.error('Polling error', { error });
await this.sleep(5000); // Back off on errors
}
}
private async processMessage(message: any): Promise<void> {
const receiveCount = parseInt(message.Attributes?.ApproximateReceiveCount || '0');
try {
// Extend visibility timeout for long-running operations
await this.extendVisibility(message.ReceiptHandle);
// Process the message
await this.handleMessage(JSON.parse(message.Body));
// Delete on success
await sqs.send(new DeleteMessageCommand({
QueueUrl: QUEUE_URL,
ReceiptHandle: message.ReceiptHandle,
}));
console.log('Message processed successfully', {
messageId: message.MessageId
});
} catch (error) {
console.error('Message processing failed', {
messageId: message.MessageId,
receiveCount,
error: error instanceof Error ? error.message : 'Unknown',
});
// If not retriable or exceeded max attempts, delete to prevent reprocessing
if (!this.isRetriable(error) || receiveCount >= 3) {
await this.handlePoisonMessage(message, error);
await sqs.send(new DeleteMessageCommand({
QueueUrl: QUEUE_URL,
ReceiptHandle: message.ReceiptHandle,
}));
}
// Otherwise, let visibility timeout expire for retry
}
}
private async extendVisibility(receiptHandle: string): Promise<void> {
await sqs.send(new ChangeMessageVisibilityCommand({
QueueUrl: QUEUE_URL,
ReceiptHandle: receiptHandle,
VisibilityTimeout: VISIBILITY_TIMEOUT + 60, // Add 1 minute buffer
}));
}
private isRetriable(error: unknown): boolean {
// Same logic as Lambda example
return error instanceof Error &&
(error.name === 'TimeoutError' ||
error.message.includes('ECONNREFUSED'));
}
private async handlePoisonMessage(message: any, error: unknown): Promise<void> {
// Log to CloudWatch, send to monitoring system, etc.
console.error('Poison message detected', {
messageId: message.MessageId,
body: message.Body,
error: error instanceof Error ? error.message : 'Unknown',
});
}
private async handleMessage(data: any): Promise<void> {
// Your business logic here
console.log('Processing message', { data });
}
private shutdown(): void {
console.log('Shutdown signal received, finishing current work...');
this.running = false;
}
private sleep(ms: number): Promise<void> {
return new Promise(resolve => setTimeout(resolve, ms));
}
}
// Start worker
const worker = new SQSWorker();
worker.start().catch(error => {
console.error('Worker failed', { error });
process.exit(1);
});DLQ Monitoring and Alerting Strategy
Multi-Tier Alert Configuration
# Immediate alert for any DLQ messages
resource "aws_cloudwatch_metric_alarm" "dlq_any_messages" {
alarm_name = "dlq-messages-detected-immediate"
comparison_operator = "GreaterThanThreshold"
evaluation_periods = 1
metric_name = "ApproximateNumberOfMessagesVisible"
namespace = "AWS/SQS"
period = 60
statistic = "Maximum"
threshold = 0
treat_missing_data = "notBreaching"
alarm_description = "DLQ has messages - investigate immediately"
alarm_actions = [aws_sns_topic.critical_alerts.arn]
dimensions = {
QueueName = aws_sqs_queue.orders_dlq.name
}
}
# Warning for accumulating messages
resource "aws_cloudwatch_metric_alarm" "dlq_accumulation" {
alarm_name = "dlq-messages-accumulating"
comparison_operator = "GreaterThanThreshold"
evaluation_periods = 2
metric_name = "ApproximateNumberOfMessagesVisible"
namespace = "AWS/SQS"
period = 300
statistic = "Average"
threshold = 50
treat_missing_data = "notBreaching"
alarm_description = "DLQ accumulating messages - systemic issue"
alarm_actions = [aws_sns_topic.critical_alerts.arn]
dimensions = {
QueueName = aws_sqs_queue.orders_dlq.name
}
}
# Age of oldest message alert
resource "aws_cloudwatch_metric_alarm" "dlq_old_messages" {
alarm_name = "dlq-messages-aging"
comparison_operator = "GreaterThanThreshold"
evaluation_periods = 1
metric_name = "ApproximateAgeOfOldestMessage"
namespace = "AWS/SQS"
period = 3600 # 1 hour
statistic = "Maximum"
threshold = 86400 # 24 hours
treat_missing_data = "notBreaching"
alarm_description = "DLQ has messages older than 24 hours"
alarm_actions = [aws_sns_topic.ops_alerts.arn]
dimensions = {
QueueName = aws_sqs_queue.orders_dlq.name
}
}Custom Metrics for Failure Analysis
// Publish custom metrics for failure categorization
import { CloudWatchClient, PutMetricDataCommand } from '@aws-sdk/client-cloudwatch';
const cloudwatch = new CloudWatchClient({});
async function publishFailureMetric(
failureType: 'transient' | 'poison' | 'systemic' | 'business',
queueName: string
): Promise<void> {
await cloudwatch.send(new PutMetricDataCommand({
Namespace: 'CustomApp/SQS',
MetricData: [{
MetricName: 'MessageProcessingFailures',
Value: 1,
Unit: 'Count',
Timestamp: new Date(),
Dimensions: [
{ Name: 'QueueName', Value: queueName },
{ Name: 'FailureType', Value: failureType },
],
}],
}));
}DLQ Recovery Workflows
Automated Redrive with SQS Redrive API
AWS provides a managed redrive capability to move messages from DLQ back to source queue.
import { SQSClient, StartMessageMoveTaskCommand,
ListMessageMoveTasksCommand } from '@aws-sdk/client-sqs';
const sqs = new SQSClient({});
async function redriveMessages(
dlqArn: string,
sourceQueueArn: string,
maxMessages?: number
): Promise<string> {
const response = await sqs.send(new StartMessageMoveTaskCommand({
SourceArn: dlqArn,
DestinationArn: sourceQueueArn,
MaxNumberOfMessagesPerSecond: maxMessages || 10,
}));
console.log('Redrive task started', { taskHandle: response.TaskHandle });
return response.TaskHandle!;
}
async function checkRedriveStatus(taskHandle: string): Promise<void> {
const response = await sqs.send(new ListMessageMoveTasksCommand({
SourceArn: dlqArn,
}));
const task = response.Results?.find(t => t.TaskHandle === taskHandle);
if (task) {
console.log('Redrive status', {
status: task.Status,
approximateNumberOfMessagesMoved: task.ApproximateNumberOfMessagesMoved,
approximateNumberOfMessagesToMove: task.ApproximateNumberOfMessagesToMove,
});
}
}Manual Recovery with Filtering
For selective message recovery when only some messages should be retried:
import { SQSClient, ReceiveMessageCommand, SendMessageCommand,
DeleteMessageCommand } from '@aws-sdk/client-sqs';
async function selectiveRedrive(
dlqUrl: string,
targetQueueUrl: string,
filterFn: (message: any) => boolean
): Promise<void> {
const sqs = new SQSClient({});
let processedCount = 0;
let redriveCount = 0;
while (true) {
const response = await sqs.send(new ReceiveMessageCommand({
QueueUrl: dlqUrl,
MaxNumberOfMessages: 10,
WaitTimeSeconds: 1,
}));
if (!response.Messages || response.Messages.length === 0) {
break;
}
for (const message of response.Messages) {
processedCount++;
const body = JSON.parse(message.Body || '{}');
if (filterFn(body)) {
// Redrive this message
await sqs.send(new SendMessageCommand({
QueueUrl: targetQueueUrl,
MessageBody: message.Body,
}));
redriveCount++;
}
// Delete from DLQ
await sqs.send(new DeleteMessageCommand({
QueueUrl: dlqUrl,
ReceiptHandle: message.ReceiptHandle!,
}));
}
}
console.log('Selective redrive complete', {
processedCount,
redriveCount,
deletedCount: processedCount - redriveCount,
});
}
// Example: Redrive only recent messages
await selectiveRedrive(
DLQ_URL,
SOURCE_QUEUE_URL,
(message) => {
const timestamp = new Date(message.timestamp);
const hoursSinceCreation = (Date.now() - timestamp.getTime()) / (1000 * 60 * 60);
return hoursSinceCreation < 24; // Only redrive messages less than 24 hours old
}
);Production Best Practices
1. Set Appropriate Visibility Timeouts
Rule of thumb: Visibility timeout should be 6x your expected processing time.
Expected processing time: 30 seconds
Visibility timeout: 180 seconds (3 minutes)
This accounts for:
- Normal processing variance
- Occasional slowdowns
- Graceful shutdown time
If your timeout is too short, messages will become visible again while still being processed, causing duplicates.
2. Configure Message Retention Carefully
resource "aws_sqs_queue" "production_queue" {
# Keep messages for 4 days instead of default 14
message_retention_seconds = 345600
# Match DLQ retention to main queue
# Prevents losing messages if main queue processes faster than expected
}3. Implement Idempotency
Every message consumer must be idempotent—processing the same message multiple times should produce the same result.
// Idempotency using DynamoDB conditional writes
async function processOrder(order: OrderEvent): Promise<void> {
try {
await dynamodb.send(new PutItemCommand({
TableName: 'orders',
Item: {
orderId: { S: order.orderId },
customerId: { S: order.customerId },
status: { S: 'processed' },
processedAt: { S: new Date().toISOString() },
},
// Only insert if orderId doesn't exist
ConditionExpression: 'attribute_not_exists(orderId)',
}));
console.log('Order processed', { orderId: order.orderId });
} catch (error) {
if (error.name === 'ConditionalCheckFailedException') {
// Already processed - this is fine
console.log('Order already processed (duplicate)', { orderId: order.orderId });
return;
}
throw error;
}
}4. Use FIFO Queues for Ordering Requirements
Standard SQS queues don't guarantee ordering. Use FIFO queues when order matters:
resource "aws_sqs_queue" "account_events_fifo" {
name = "account-events.fifo"
fifo_queue = true
content_based_deduplication = true
deduplication_scope = "messageGroup"
fifo_throughput_limit = "perMessageGroupId"
redrive_policy = jsonencode({
deadLetterTargetArn = aws_sqs_queue.account_events_dlq_fifo.arn
maxReceiveCount = 3
})
}
resource "aws_sqs_queue" "account_events_dlq_fifo" {
name = "account-events-dlq.fifo"
fifo_queue = true
}Important: FIFO queues have lower throughput (3,000 msg/sec with batching vs. unlimited for standard queues) and higher cost.
5. Monitor Consumer Lag
Track the age of the oldest message in the queue—this indicates consumer health:
// Custom metric for queue lag monitoring
import { SQSClient, GetQueueAttributesCommand } from '@aws-sdk/client-sqs';
import { CloudWatchClient, PutMetricDataCommand } from '@aws-sdk/client-cloudwatch';
async function publishQueueLagMetric(queueUrl: string, queueName: string): Promise<void> {
const sqs = new SQSClient({});
const cloudwatch = new CloudWatchClient({});
const attributes = await sqs.send(new GetQueueAttributesCommand({
QueueUrl: queueUrl,
AttributeNames: ['ApproximateAgeOfOldestMessage', 'ApproximateNumberOfMessagesVisible'],
}));
const age = parseInt(attributes.Attributes?.ApproximateAgeOfOldestMessage || '0');
const depth = parseInt(attributes.Attributes?.ApproximateNumberOfMessagesVisible || '0');
await cloudwatch.send(new PutMetricDataCommand({
Namespace: 'CustomApp/SQS',
MetricData: [
{
MetricName: 'QueueLag',
Value: age,
Unit: 'Seconds',
Dimensions: [{ Name: 'QueueName', Value: queueName }],
},
{
MetricName: 'QueueDepth',
Value: depth,
Unit: 'Count',
Dimensions: [{ Name: 'QueueName', Value: queueName }],
},
],
}));
}
// Run every minute
setInterval(() => publishQueueLagMetric(QUEUE_URL, 'orders-queue'), 60000);Debugging DLQ Messages
Lambda Function for DLQ Investigation
// Lambda triggered by DLQ for automated analysis
import { SQSHandler } from 'aws-lambda';
import { SNSClient, PublishCommand } from '@aws-sdk/client-sns';
const sns = new SNSClient({});
const ALERT_TOPIC_ARN = process.env.ALERT_TOPIC_ARN!;
export const handler: SQSHandler = async (event) => {
for (const record of event.Records) {
const failureDetails = analyzeFailure(record);
// Send detailed alert
await sns.send(new PublishCommand({
TopicArn: ALERT_TOPIC_ARN,
Subject: `DLQ Message Detected: ${failureDetails.category}`,
Message: JSON.stringify({
messageId: record.messageId,
failureCategory: failureDetails.category,
failureReason: failureDetails.reason,
messageBody: record.body,
recommendations: failureDetails.recommendations,
timestamp: new Date().toISOString(),
}, null, 2),
}));
}
};
interface FailureAnalysis {
category: 'schema' | 'business' | 'infrastructure' | 'unknown';
reason: string;
recommendations: string[];
}
function analyzeFailure(record: any): FailureAnalysis {
try {
const body = JSON.parse(record.body);
// Check for schema issues
if (!body.orderId || !body.customerId) {
return {
category: 'schema',
reason: 'Missing required fields',
recommendations: [
'Check message producer schema validation',
'Review API contract',
'Add schema validation before sending to SQS',
],
};
}
// Check for business logic issues
if (body.items && body.items.length === 0) {
return {
category: 'business',
reason: 'Empty order items',
recommendations: [
'Add validation in order creation endpoint',
'Review order submission workflow',
],
};
}
return {
category: 'unknown',
reason: 'Message appears valid but processing failed',
recommendations: [
'Check consumer application logs',
'Review infrastructure permissions',
'Test message processing manually',
],
};
} catch (error) {
return {
category: 'schema',
reason: 'Invalid JSON',
recommendations: [
'Check message producer encoding',
'Review serialization logic',
],
};
}
}Conclusion: Building Resilience Through Failure Design
Dead Letter Queues are not dumping grounds for broken messages—they're observability tools that surface systemic issues before they become critical failures. A well-designed DLQ strategy:
- Distinguishes failure types to route transient errors to retry mechanisms and poison messages to investigation workflows
- Provides actionable alerts with enough context to diagnose issues without diving into logs
- Enables recovery workflows that safely redrive messages after fixing root causes
- Surfaces trends through metrics that reveal degrading service dependencies or application bugs
The goal isn't to eliminate DLQ messages—it's to treat each one as a learning opportunity. When a message lands in your DLQ, your system is telling you something valuable about your architecture, dependencies, or assumptions. Listen to it.
Next Steps:
- Implement DLQ monitoring for your existing SQS queues
- Add failure categorization to your message consumers
- Set up automated alerts with actionable runbooks
- Build a redrive workflow for post-incident recovery
- Review visibility timeout and retry configurations for alignment with actual processing times
Event-driven systems built with thoughtful failure handling are inherently more reliable than synchronous systems that fail fast. DLQs give you the observability and recovery tools to achieve that reliability in production.