I have set up my first Service Hub service to receive Graph callRecords notifications.
I saw requests coming through successfully but not the messages:
I then realized that the Service Hub instance I'm viewing has the wrong Subscription ID. Along the way I accidentally created a new subscription with my script.
How do I associate the service hub instance to the correct subscription?
Thanks in advance!
How do I associate the service hub instance to the correct subscription
We can move Azure resources from one Resource Group to another or from one subscription to another.
Navigate to the Portal => Your Resource Group , there you will find an option to Move Resources
Select the Event Hub and click on Move to another Subscription, Select the Target Subscription and Resource Group which you want to move
Related
2 weeks back, I saw a notification in AWS saying, the one of the 3 AWS EC2 instance will be stopped because of the underlying hardware cause. I almost missed the dead line as I didn't the notification via email. Is there a way get these notification via email?
It would be much better if I can get the notifications using cloud watch to my email.
If you're on Business or Enterprise Support, AWS provides a solution named "AWS Health Aware" built on top of AWS Health API, it does exactly what you're after sends you notifications via several methods including emails regarding outages and planning maintenance that affect your account(s).
If you're on a Basic support plan you can easily built something similar yourself using based on [AWS Health events][2]
This is an example of capturing AWS Health events via EventBridge so they can be further send to a lambda or SNS
https://docs.aws.amazon.com/health/latest/ug/cloudwatch-events-health.html
What I've done in the is following:
Capturing AWS Health events via EventBridge in spoke accounts and forward them to the event bus in my hub account
In the hub account I would subscribe a lambda function for all events with source "aws.health" and then send email or slack message whatever works for you.
I think Amazon EventBridge is what you are looking for. With EventBridge you can detect and react to different events such as EC2 instances scheduled for updates. You can, for example, create a rule for detecting a specific health event and in the target section choose to receive an email through SNS or invoke a CloudWatch log group, etc. Read more here.
Is there a way to update the scheduled query notification email to something custom?
By default it is the email of the creator, however, this is often a service account with no true email recipient.
e.g with terraform provisioning, we would have a service account. We would want to update the email notification target from the SA to a support email so failures would be routed more correctly?
Ive checked the documentation and I could be missing it, but does not seem an option, unless Ive missed something via the CLI?
Thanks!
Since scheduled Query IDs always start with "scheduled_query_[runsID]", search for scheduled_query_ using advanced logs queries
Create a logs-based metric based on your BigQuery scheduled update log.
Create an alerting policy using the logs-based metric created in step 1.
While creating the alerting policy in step 3, select email as a notification channel.
In notification channel, add your email address to get all the notifications.
Let me try to explain to you what we are trying to do.
Saying it quickly: We want to give Pub/Sub Publisher (in our GoogleCloud) privileges to a GMail-API that is outside of our GoogleCloud.
What we have:
Following instructions here: https://developers.google.com/gmail/api/quickstart/ruby
We've created a project for GMail-API and the credentials in GoogleCloud, let's call it Cloud-A. (We'll not own this side in a production environment; this project and cloud will be managed by our customers' IT department.)
Next, we followed this other guide https://developers.google.com/gmail/api/guides/push
We created a Pub/Sub topic in our GoogleCloud (Cloud-B), we own this portion and it's the topic where we want to subscribe in order to listen for messages/notifications. (This topic is in a different account from the GMail-API that will be publishing messages that is Cloud-A).
So, following that last guide, it says that we need to give permissions to gmail-api-push#system.gserviceaccount.com and from my understanding what that means is that I'm giving privileges to GMail-API from Cloud-B to publish messages in Pub/Sub Cloud-B.
What I can't find out is a way to give permissions to Gmail-API from Cloud-A to publish messages in Pub/Sub Cloud-B.
To wrap up, I want to listen to Pub/Sub in Cloud-B that will receive notifications from Gmail-API in Cloud-A.
We used this https://github.com/googleapis/google-api-ruby-client/blob/master/generated/google/apis/gmail_v1/service.rb#L144 and I get an error saying that the topic doesn't exist (Probably because it is in Cloud-B and I'm configuring Cloud-A Gmail-Api)
I hope I was clear enough, we are not looking to given another project inside the same Google Cloud access to a Pub/Sub, it isn't even a service that we wrote since it is Gmail-Api and the only thing we are allowed to do is to send it the topic name we want it to publish in.
I'm not familiar with how the GMail-API publishes to Pub/Sub, but, if you have already figured out how to publish from GMail-API in project Cloud-A to a Pub/Sub topic in Cloud-A, you may try the following workarounds:
Alternative A:
Create the topic (topic-A) in project Cloud-A.
Create a pull subscription (subs-A) associated to topic-A also in project Cloud-A.
Create a service account (account-B) in project Cloud-B and grant it the Pub/Sub subscriber role for subscription subs-A.
Make your consumers (e.g. AppEngine, GKE, GCE) use service account account-B to pull messages from subs-A.
Alternative B:
Create the topic (topic-A) in project Cloud-A.
Create a push subscription (subs-A) associated to topic-A pointing to an endpoint of a service hosted in project Cloud-B (e.g. GCE, GKE, AppEngine, Cloud Function, etc.)
Alternative C:
Create the topic (topic-A) in project Cloud-A.
Create a pull or push subscription (subs-B) in project Cloud-B associated to topic-A in project Cloud-A. The user creating this subscription should have the Pub/Sub Editor role granted for topic-A.
Consume the messages from subs-B.
I am trying to receive an update when a new EC2 security group is created. Haven't had much luck. There have been a lot of resources online however they don't deal with what I'm trying to do. All I need is an SNS notification when a new security group is created for some reason this is proving harder than it should.
Any suggestions on how I may be able to get this to work?
Thanks
The AWS Config service should serve this purpose perfectly.
It allows you to 'listen' for changes on certain (or all) types of resources and perform certain actions in response.
In your situation you could set up listeners for EC2:SecurityGroup events and have these events trigger notifications being sent to an SNS endpoint of your choice.
See some of the docs on streaming AWS Config events to SNS here.
Three are two services of interest:
Amazon CloudWatch Events can use rules to trigger an action when something happens (eg a Security Group is created)
Amazon Config keeps track of historical configurations
For your use-case, I would recommend an Amazon CloudWatch Events Rule:
Service Name: EC2
Event Type: AWS API Call via CloudTrail
Specific Operation: CreateSecurityGroup
Add Target: Specify an SNS Topic to receive the notification
Our CTO received the following notification email from AWS:
You're receiving this message because you have at least one VPN Connection in the us-west-1 region. On May 27, 2014 at 16:00 UTC, we
will be performing 4 hours of emergent maintenance on the VPN endpoint
that has IP address 204.246.163.95. This will affect the following VPN
Connections of yours:
[id's expurgated]
If you have configured your VPN router to use both tunnels, then your
VPN Connection to VPC will switch over to the other tunnel for the
duration of the maintenance. If you have not configured your VPN
router to use both tunnels, then your VPN Connection to VPC will be
interrupted for the duration of the maintenance. We encourage you to
configure... etc. etc. etc.
Our CTO got this message because he was the one that originally set up the AWS account. He is not, however, the appropriate person to receive this message. I've done some rooting around AWS, and I have not yet figured out how to get these specific kinds of messages routed to the appropriate person. It's a little annoying that every single different AWS service has different ways of doing things... [sigh]. Anyway, can someone tell me how to specify which IAM user or group gets outage notifications or, if indeed, this is possible?
Note that I'm looking for a CLI-style solution that can be called from the AWS SDK. Get me in the ballpark, and I can make the appropriate calls through the .Net API.
AWS announced the Personal Health Dashboard in Dec. 2016.
As part of this service, you can now use Cloudwatch Events to subscribe to these notices.
So to get an email whenever something in your account needs attention:
Create an SNS topic
Add the email as a subscription to the topic
From the cloudwatch console, select Events, then add a rule
Pick event pattern, service name should be Health, and pick appropriate event type
Add your SNS topic to the list of targets
Ensure that the root credentials on the AWS Account have the correct contact details. This is the login that has full access on the Account (as opposed to an Identity and Access Management (IAM) login).
It is a good idea to keep the account contact details current, in case there are any issues with your Account (eg regaining access after forgetting a password, or receiving such notifications).