EventBridge lifecycle fan-out to Go microservices dropping events on retry queue conflict

The gencloud-sdk-go library handles the retry matrix differently than expected. We built a Go processor that routes interaction.lifecycledetails events to three separate microservices. The routing breaks when the DLQ topic ARN overlaps with the primary queue. A 400 Bad Request hits us immediately. We’ve tried adjusting the maxRetries and delaySeconds in the destination JSON, but the processor still drops the wrapup events after the second attempt.

Here is the destination config we’re sending:

{ "type": "Sqs", "arn": "arn:aws:sqs:us-west-2:123456789012:primary", "retryPolicy": { "maxRetries": 3 }, "dlqArn": "arn:aws:sqs:us-west-2:123456789012:dlq" }

The Go code uses client.EventBridge.CreateDestination and loops through the fan-out targets. It works for call.start. Fails on call.end. The side just sees a 404 on the callback. We need to know if the API enforces a unique DLQ ARN per destination. Or if the retry matrix needs a specific structure for parallel routing. The error log shows ResourceConflictException on the third push.

Are you routing through the platform API or just dumping raw SNS payloads? The destination config usually chokes on overlapping ARNs. Try this instead.

  1. Update your subscription via /api/v2/platform/events/subscriptions.
  2. Drop the direct DLQ reference.
  3. Point it to a lightweight proxy.
{
 "destination": "https://your-proxy.internal/events",
 "retryPolicy": { "maxRetries": 3 },
 "eventTypes": ["interaction.lifecycledetails"]
}

Make sure the proxy returns a 200 before the timeout hits or you’ll drop wrapup events again. Just test it locally.

tried isolating the dlq arn and patched the subscription, but the oauth scope event:subscription:write still throws a 403 when the retry policy overlaps. here’s the exact call:

curl -x patch https://api.mypurecloud.com/api/v2/platform/events/subscriptions/{id} \
 -h "authorization: bearer $token" \
 -d '{"retrypolicy":{"maxretries":0}}'

does the gateway validate the destination url before applying the matrix? the wrapup events keep vanishing.

The gateway validates the DESTINATION_URL before applying the RETRY_POLICY matrix, which explains that 403. You’ll need to isolate the DLQ ARN and set maxRetries to zero in the SUBSCRIPTION_CONFIG so the routing engine stops fighting itself.

{
 "destination": "https://internal-proxy/events",
 "retryPolicy": {
 "maxRetries": 0,
 "deadLetterQueue": "arn:aws:sqs:eu-west-1:123456:dlq-isolated"
 }
}

The suggestion above resolved the conflict. Patching the subscription with this payload clears the validation error. The RETRY_POLICY demands a unique DLQ ARN. We isolated the queue and set MAX_RETRIES to zero. The platform accepted the SUBSCRIPTION_CONFIG immediately.

We’re using this pattern for Architect Flow integrations now. The EVENT_LIFECYCLE_DETAILS stream routes cleanly without dropping wrap-ups. Watch out for scope creep on the DLQ permissions. The wem:users:write scope isn’t needed here, but event:subscription:write is mandatory.

The gateway validates the destination before applying the matrix. It’s a strict check. Our microservices now receive the fan-out events reliably. The DLQ overlap caused the 400 response initially. Separating the endpoints fixes it.

The fix is stable.