DLT configuration exists, but it is not fully automated and still requires manual human intervention, making it unsuitable for CI/CD and IaC-driven environments.
Missing Automations (3 Gaps)
- Publisher Permission
roles/pubsub.publisher is NOT automatically granted on the DLT topic- Required for Pub/Sub to publish failed messages
- Subscriber Permission
roles/pubsub.subscriber is NOT automatically granted for DLT consumers- Must be manually configured per application
- DLT Subscription Creation
- No automatic subscription is created for the DLT topic
- Consumers must manually create and manage DLT subscriptions
Impact
- Runtime-only failures
- Environment drift
- Broken CI/CD & IaC workflows
- Messages will fall into an endless retry loop though DLT is configured
- DLT appears configured but is non-functional by default
Why This Matters
DLT without IAM automation is half-implemented reliability.
- It looks configured
- It deploys successfully
- It fails only at runtime
- It results in endless retry loops for any failure
- It requires tribal knowledge to diagnose and fix
This is worse than not supporting DLT at all.
DLT configuration exists, but it is not fully automated and still requires manual human intervention, making it unsuitable for CI/CD and IaC-driven environments.
Missing Automations (3 Gaps)
roles/pubsub.publisheris NOT automatically granted on the DLT topicroles/pubsub.subscriberis NOT automatically granted for DLT consumersImpact
Why This Matters
DLT without IAM automation is half-implemented reliability.
This is worse than not supporting DLT at all.