We have created different config rules for different resources in our AWS account. We have enabled the SNS subscription for the alerts. However, I want to add a filter policy to the subscription that it should give the alerts only for one specific configRule.
Can you please help me how to add filter policy for one specific configRule
Sadly you can't do this from SNS subscription level. This is because filter policies work only on message attributes, not message body.
The way around this, is to subscribe a lambda function to your SNS topic. The lambda would get the messages from the AWS Config, parse them, and distribute to other msg specific topics or other resources. Since its lambda function, you could program it to do pretty much anything what you want, including rising some alarms.
Related
I have a lambda function that is invoking around 60million times from one sns topic, in the sns topic metrics i could see it is publish around 600k msgs but I wanted to know how we can check which iam user has made the publish message request in that topic and how can we get the IP from which message are published?
As for as I know there is no way you can monitor what you are asking for. What you can do is to search ClouTrail logs and figure out yourself which user made how many requests to sns. There is also a way to put the logs(CloudTrail) in CloudWatch but it's not cheap process. If you are interested, you check this.
I have got a AWS CloudWatch Event set-up to trigger whenever a resource is not compliant with a rule in AWS config.
This rule then triggers a Lambda that sends a notification to a general channel to inform people that a rule has been breached.
However, I would ideally like to make use of the tag attached to a resource (as each AWS resource is tagged with the team that owns it) to be able to route these notifications to more specific locations. However, the data sent to the Lambda by the Cloudwatch Event does not contain this information. Is there a good way I can get the tags attached to an AWS resource when an AWS Cloudwatch event is triggered?
Sadly there is not. Your lambda would have to use AWS SDK to check the tags on the resource associated with the event, and then forward the event to different consumers, e.g. SQS queue, or custom EventBridge rule.
I am trying to get lambda in another account to get it invoked by RDS instance event notifications.
RDS event subscription is set to invoke SNS topic which triggers lambda in other account.
I have setup an entire stack using cloudformation. Things I achieved so far are
RDS events are able to invoke SNS topic, I have tested it using creating email subscription to SNS topic
SNS topic is able to trigger lambda in another account. I have tested it using publish messages in SNS topic. I can see that is flowing through in cloudwatch logs.
Part I am not able to get working is, RDS events triggering SNS and then Lamba in other account. Its very strage as individual bits are working fine but not end to end. Other observation is status of the SNS subscription in RDS events is shown as Active and I can see subscription log in lambda but nothing happens after I reboot RDS instance to test.
Also, I see this bizzare behaviour that subscription status is set to Null.
I followed below links for reference
https://jimmythompson.co.uk/blog/sns-and-lambda/
https://medium.com/pablo-perez/infrastructure-as-a-code-should-not-be-imperative-43d9a64e3998
Is there something I am missing? Any help is much appreciated.
Hi there I'm creating an alarm which I want to post to an SNS topic which triggers a lambda. I do not want the alarm to email anyone. However, i am repeatedly getting errors such as the following:
(Warning: this alarm is not configured to notify. Please modify this alarm and add an email address.)
Do I have to specify an email address?
This might be related to the way that the Alarm was created on the Scaling Policy.
When an Amazon SNS topic already exists and an Alarm is created on a Scaling Policy, the UI looks like this:
This allows an existing SNS topic to be selected.
However, when there is no SNS topic and the user clicks create topic, the UI looks like this:
It is possible that the interface is using the 2nd configuration and the "with these recipients" field is empty.
If so, you can cancel that selection and choose the SNS topic from the drop-down list.
In AWS, I am trying to detect Critical alerts in Guardduty and configure cloudwatch which will trigger mails when there is a critical alert in guardduty.
I found a link http://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html which uses Lambda to create fuctions which will do that but I was looking for more simpler ways without AWS lamda.
Is there is a way to directly configure a cloudwatch alarm which will keep an eye on Guardduty and can use SNS notifications to send mails to desired team.
I implemented the CloudWatch event as described in the link you posted. I get alerts via SNS. No Lambda required (although you COULD trigger a Lambda function instead of SNS if you wanted).