How to configure AWS Amplify build notifications to include commit/PR message? - amazon-web-services

I am using AWS amplify to host my react app. The source code is on GitHub.
I have a lambda listening to AWS SNS and pushes a message to Slack to inform about the deployment status.
I want to achieve that the Slack notification includes PR name (or commit message if it was directly pushed to the branch instead of merging the PR).
I cannot find the commit message/PR name within SNS message. Is it possible to get this information retrieved?
The SNS event I get looks like
{
"Records": [
{
"EventSource": "aws:sns",
"EventVersion": "1.0",
"EventSubscriptionArn": "arn:aws:sns:xx-central-x:xxxxxxx:amplify-xxxxxx_main:aaaaaaaa-2189-bbbb-8ca3-cccccccccccc",
"Sns": {
"Type": "Notification",
"MessageId": "aaaaaaaa-107b-bbbb-a47b-cccccccccccc",
"TopicArn": "arn:aws:sns:xx-central-x:001700307000:amplify-xxxxxx_main",
"Subject": null,
"Message": "\"Build notification from the AWS Amplify Console for app: https://main.xxxxx.amplifyapp.com/. Your build status is STARTED. Go to https://link.com to view details on your build. \"",
"Timestamp": "2021-08-05T08:36:37.919Z",
"SignatureVersion": "1",
"Signature": "DaPEZM6+WumrAg==",
"SigningCertUrl": "https://sns.xx-central-x.amazonaws.com/SimpleNotificationService-xxxxx.pem",
"UnsubscribeUrl": "https://sns.xx-central-x.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:xx-central-x:xxxxx:amplify-xxxxxx_main:aaaaaaaa-2189-bbbb-8ca3-cccccccccccc",
"MessageAttributes": {}
}
}
]
}

Related

How to send scheduled custom message using Amazon EventBridge

I'm trying to build an Amazon EventBridge rule that runs on a schedule(weekly), to put an event in the SQS.
There are multiple options to choose from, as to what message is to be sent as an event.
I understand that it's essentially a JSON object, which can be set to a custom JSON, or the default(or some seletive fields from this) Something like:
{
"version": "0",
"id": "6a7e8feb-b491-4cf7-a9f1-bf3703467718",
"detail-type": "EC2 Instance State-change Notification",
"source": "aws.ec2",
"account": "111122223333",
"time": "2017-12-22T18:43:48Z",
"region": "us-west-1",
"resources": [
"arn:aws:ec2:us-west-1:123456789012:instance/i-1234567890abcdef0"
],
"detail": {
"instance-id": " i-1234567890abcdef0",
"state": "terminated"
}
}
AWS EventBridge: https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-create-rule-schedule.html
EB Events: https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-events.html
My question is: How can I send a JSON Object that has a different parameters every time?
Say I want to publish this object, with a date-range different, with
activeFrom: Today-7 days
activeTill: Today's date.
{
"dummyId": "xyz",
"activeFrom": "2021-07-09T18:43:48Z",
"activeTill": "2021-07-15T18:43:48Z"
}
You can let the EventBridge trigger a lambda function on schedule. In that lambda, you can bake your JSON and send the event to SQS.

AWS account Id in SNS topic event

Is there any way to get AWS Account Id in an SNS topic event to the subscriber? Actually, in my case, I want multiple customer account can trigger their s3 putObject to the given sns topic arn which is from my account and I have a lambda method which is subscribed to that topic. Now I'm getting event payload in my lambda handler whenever a customer puts an object to s3 bucket. But as I said, there would be many customer so my lambda need to process that coming event is from which customer? So I need customer account Id available in the sns event payload, is it possible?
Schema that is received by subscriber already contains Arns of both subscriber and topic. Here is the schema. We can parse the accountId from it.
`"TopicArn":"arn:aws:sns:us-east-2:123456789012:sns-lambda"`
"EventSubscriptionArn": "arn:aws:sns:us-east-2:123456789012:sns-lambda:21be56ed-a058-49f5-8c98-aedd2564c486"
It appears that your situation is:
Multiple AWS Accounts have Amazon S3 buckets with an Amazon S3 Event configured to trigger your AWS Lambda function
You want the ability to for the Lambda function to detect which account triggered the event
I don't think that this information is available. Here is a sample S3 Put event from the AWS Lambda "Test" console:
{
"Records": [
{
"eventVersion": "2.0",
"eventSource": "aws:s3",
"awsRegion": "ap-southeast-2",
"eventTime": "1970-01-01T00:00:00.000Z",
"eventName": "ObjectCreated:Put",
"userIdentity": {
"principalId": "EXAMPLE"
},
"requestParameters": {
"sourceIPAddress": "127.0.0.1"
},
"responseElements": {
"x-amz-request-id": "EXAMPLE123456789",
"x-amz-id-2": "EXAMPLE123/5678abcdefghijklambdaisawesome/mnopqrstuvwxyzABCDEFGH"
},
"s3": {
"s3SchemaVersion": "1.0",
"configurationId": "testConfigRule",
"bucket": {
"name": "example-bucket",
"ownerIdentity": {
"principalId": "EXAMPLE"
},
"arn": "arn:aws:s3:::example-bucket"
},
"object": {
"key": "test/key",
"size": 1024,
"eTag": "0123456789abcdef0123456789abcdef",
"sequencer": "0A1B2C3D4E5F678901"
}
}
}
]
}
There does not appear to be a field containing the Account ID of the source bucket.
To confirm this, I triggered an event on an S3 bucket and logged the event. I could not find any reference to an AWS Account ID.

Parsing SQS message pushed by SNS in Spring Boot

I'm currently using SNS to fan out messages to a few SQS queues.
Trying to parse the SQS message and was wondering if there is an out of the box message model to parse the queue message body in to because it's a SNS notification.
Is there such out-of-the-box model available for this kind of scenario?
E.g.: For S3+SNS events -> com.amazonaws.services.s3.event.S3EventNotification
I checked the SQS/ SNS Java SDKs and couldn't find anything similar.
Does this mean the model has to be built in the application code to parse such message bodies?
E.g.:
In the below example queue message, "Body" section is a SNS notification where as I'm interested in "Body -> "Message" section. Can the "Body" be parsed in to an out-of-the-box AWS model in this case?
{
"Body": {
"Type": "Notification",
"MessageId": "272a7e6b-ea5e-46c3-991f-3563d7cd3f09",
"Token": null,
"TopicArn": "arn:aws:sns:us-east-1:000000000000:contact-subscription-topic",
"Message": {
"type": "contactSubInstantiationMessage"
},
"SubscribeURL": null,
"Timestamp": "2020-10-20T03:54:14.022Z",
"SignatureVersion": "1",
"Signature": "EXAMPLEpH+..",
"SigningCertURL": "https://sns.us-east-1.amazonaws.com/SimpleNotificationService-0000000000000000000000.pem"
},
"Attributes": {
"ApproximateFirstReceiveTimestamp": "1603166057169",
"SenderId": "AIDAIT2UOQQY3AUEKVGXU",
"ApproximateReceiveCount": "1",
"SentTimestamp": "1603166054040"
},
"ReceiptHandle": "ibetdkwxaxkqzjxhrkqtgtbrneyylminkvatzwcounxxnubhdktzzkdqrgzxqsebrdfuuxpwnhbuyhvrcbrwxbfgvgdekcygsgauxtcmouzzhlyqvaazkpqmvmmpixbhnpfpldlgjzcnkmaupbikegthoqvdmxyjcvetpisdzxpxrtsrtxvpbmyln",
"MD5OfBody": "9657ff8451167353e3d11c492d99d15f",
"MessageId": "879b6742-8006-bef5-d233-f7b8c8bb33d7"
}
Appreciate your thoughts on this.
Thanks team!
The following post describes a way to eliminate the above mentioned SNS metadata by setting "RawMessageDelivery" to "true" for the subscription;
Amazon SNS -> SQS message body
https://docs.aws.amazon.com/sns/latest/dg/sns-large-payload-raw-message-delivery.html
Marking the issue as resolved.
Thanks.

How to trigger AWS Lambda function when creating ELB Security Group?

I've just created a Lambda function that updates inbound rules of my Security Group with an "AmazonIpSpaceChanged" SNS trigger that runs every time the AWS IP JSON file is updated.
I would like to know if it is possible to make this function also run when creating a Security Group? If so, do I have to go through a CloudWatch / CloudTrail event or it is possible to create an "SNS" type event in my clufdormation stack that would trigger this function (like a test event below) ?
Example of a test event that works to test the function :
{
"Records": [
{
"EventVersion": "1.0",
"EventSubscriptionArn": "arn:aws:sns:EXAMPLE",
"EventSource": "aws:sns",
"Sns": {
"SignatureVersion": "1",
"Timestamp": "1970-01-01T00:00:00.000Z",
"Signature": "EXAMPLE",
"SigningCertUrl": "EXAMPLE",
"MessageId": "95df01b4-ee98-5cb9-9903-4c221d41eb5e",
"Message": "{\"create-time\": \"yyyy-mm-ddThh:mm:ss+00:00\", \"synctoken\": \"0123456789\", \"md5\": \"98f21d3824c3b2a4553315bcb0209c69\", \"url\": \"https://ip-ranges.amazonaws.com/ip-ranges.json\"}",
"Type": "Notification",
"UnsubscribeUrl": "EXAMPLE",
"TopicArn": "arn:aws:sns:EXAMPLE",
"Subject": "TestInvoke"
}
}
]
}
Thanks !

How do I use an SQS queue in one CloudFormation stack as a trigger to a lambda function in another CloudFormation stack?

What I did so far: I exported the Arn of the Queue and the QueueName from the stack where the queue is created and used them in the Events under the lambda function which I want to trigger and also defined the QueuePolicy in that stack to get the permissions to ReceiveMessage from the queue.
This approach is working when I first build both the stacks but the next time when I build, it is disabling the trigger under the Lambda triggers in the SQS queue definition. I was never successful in seeing it as a trigger under the lambda function.
Let me know what I'm doing wrong.
You can call the cloudformation stack action (create/update/delete...) with the NotificationArns option.
This will send a message for each stack resources event. Then it gives the habilities to trigger lambda.
The message follows this kind of payload :
{
"Records": [
{
"EventSource": "aws:sns",
"EventVersion": "1.0",
"EventSubscriptionArn": "arn:aws:sns:eu-west-1:12345678912:my-sns-topic:00000000-0000-0000-0000-000000000000",
"Sns": {
"Type": "Notification",
"MessageId": "00000000-0000-0000-0000-000000000000",
"TopicArn": "arn:aws:sns:eu-west-0:000000000000:my-sns-topic",
"Subject": "AWS CloudFormation Notification",
"Message": "
StackId='${STACK_ID}'\n
Timestamp='2018-01-01T00:00:00.000Z'\n
EventId='00000000-0000-0000-0000-000000000000'\n
LogicalResourceId='${STACK_NAME}'\n
Namespace='000000000000'\n
PhysicalResourceId='${STACK_ID}'\n
PrincipalId='ABCDEFGHIJKLMNOPQRSTU:1234567890123456789'\n
ResourceProperties='null'\
ResourceStatus='${RESOURCE_STATUS}'\n
ResourceStatusReason=''\n
ResourceType='AWS::CloudFormation::Stack'\n
StackName='${STACK_NAME}'\n
ClientRequestToken='null'\n
",
"Timestamp": "2018-01-01T00:00:00.000Z",
"SignatureVersion": "1",
"Signature": "_",
"SigningCertUrl": "_",
"UnsubscribeUrl": "_",
"MessageAttributes": {}
}
}
]
}