AWS RDS event subscription with lambda in another account - amazon-web-services

I am trying to get lambda in another account to get it invoked by RDS instance event notifications.
RDS event subscription is set to invoke SNS topic which triggers lambda in other account.
I have setup an entire stack using cloudformation. Things I achieved so far are
RDS events are able to invoke SNS topic, I have tested it using creating email subscription to SNS topic
SNS topic is able to trigger lambda in another account. I have tested it using publish messages in SNS topic. I can see that is flowing through in cloudwatch logs.
Part I am not able to get working is, RDS events triggering SNS and then Lamba in other account. Its very strage as individual bits are working fine but not end to end. Other observation is status of the SNS subscription in RDS events is shown as Active and I can see subscription log in lambda but nothing happens after I reboot RDS instance to test.
Also, I see this bizzare behaviour that subscription status is set to Null.
I followed below links for reference
https://jimmythompson.co.uk/blog/sns-and-lambda/
https://medium.com/pablo-perez/infrastructure-as-a-code-should-not-be-imperative-43d9a64e3998
Is there something I am missing? Any help is much appreciated.

Related

How to send SSM (Agent) status notification to SNS within AWS

My question is
Is there any other way to monitor the SSM status and send the event notification to SNS instead of configuring the SNS Topic from the executor by providing NotificationConfig ?
I encounter a scenario where within our staging environment, there is an SNS top with a subscription that can always receive the SSM(systems manager) status notification, and it will trigger a lambda function to send notifications to our Slack App. Was done by our previous colleague.
However, within our production environment, I can't set up such a topic that can always receive the SSM status notification.
Within the staging, the SSM agent is triggered through a python lambda function. It sends commands with the PowerShell script without configuring the NotificationConfig argument. I wonder how this event is sent to the SNS topic.
I follow AWS' documentation which assigns the SNS Topic to the executor of the command. I know this way. (https://docs.aws.amazon.com/systems-manager/latest/userguide/monitoring-sns-rc-send.html)
Many Thanks.
You can capture any AWS event using EventBridge.

How to get forecasted AWS alerts/outages in email?

2 weeks back, I saw a notification in AWS saying, the one of the 3 AWS EC2 instance will be stopped because of the underlying hardware cause. I almost missed the dead line as I didn't the notification via email. Is there a way get these notification via email?
It would be much better if I can get the notifications using cloud watch to my email.
If you're on Business or Enterprise Support, AWS provides a solution named "AWS Health Aware" built on top of AWS Health API, it does exactly what you're after sends you notifications via several methods including emails regarding outages and planning maintenance that affect your account(s).
If you're on a Basic support plan you can easily built something similar yourself using based on [AWS Health events][2]
This is an example of capturing AWS Health events via EventBridge so they can be further send to a lambda or SNS
https://docs.aws.amazon.com/health/latest/ug/cloudwatch-events-health.html
What I've done in the is following:
Capturing AWS Health events via EventBridge in spoke accounts and forward them to the event bus in my hub account
In the hub account I would subscribe a lambda function for all events with source "aws.health" and then send email or slack message whatever works for you.
I think Amazon EventBridge is what you are looking for. With EventBridge you can detect and react to different events such as EC2 instances scheduled for updates. You can, for example, create a rule for detecting a specific health event and in the target section choose to receive an email through SNS or invoke a CloudWatch log group, etc. Read more here.

Cloudwatch Alarm to Slack

I'm pretty new to AWS but I did some research about my issue and I couldn't find an answer anywhere so hopefully someone can help me with this.
I would like to be notified on Slack whenever someone logs in with a Root account on any of my AWS accounts. I have set up Cloudtrail at the Organisation level to monitor cloudtrail logs on all my AWS account. I have set up a Cloudwatch alarm to trigger whenever a root account is used, the alarm is then sent to a SNS topic that sends it to a Lambda that triggers a message to Slack.
All of this is working fine. However, the message I receive from SNS is basically the following: The alarm (root_login) has been trigerred
Ideally I would want to receive the Cloudwatch event that shows me more information like the IP Address of the user, the AWS account where it occured, etc...
Basically I would like to receive the Cloudwatch event log to the lambda instead of the Cloudwatch alarm trigger. Is that something that is possible?
Thanks
Yes that is possible. Here are some instructions from the AWS site on the aws-sns-to-slack-publisher. The page contains the steps you need to take to deploy .
Here is an example of publishing a health event to slack.
You will ofcourse need to modify the code to meet your requirements.

AWS Cloudwatch Guardduty link

In AWS, I am trying to detect Critical alerts in Guardduty and configure cloudwatch which will trigger mails when there is a critical alert in guardduty.
I found a link http://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings_cloudwatch.html which uses Lambda to create fuctions which will do that but I was looking for more simpler ways without AWS lamda.
Is there is a way to directly configure a cloudwatch alarm which will keep an eye on Guardduty and can use SNS notifications to send mails to desired team.
I implemented the CloudWatch event as described in the link you posted. I get alerts via SNS. No Lambda required (although you COULD trigger a Lambda function instead of SNS if you wanted).

Freshdesk integration with AWS lambda

Is that possible if the user create a ticket in freshdesk that needs to be trigger the AWS lambda function.
That shouldn't be that hard. I would like to recommend using the following architecture
FreshDesk Ticket Trigger
FreshDesk Ticket Trigger Handler Published Message to SNS Topic
AWS Lambda Configured to SNS Topic as Event Source
AWS Lambda Code Accepts the SNS topic message (as Input) and performs the necessary processing
The advantages of using SNS rather directly calling Lambda are
Reducing the exposure of AWS API to only SNS topic and completely sealing rest of the API (IAM Privileges)
Possibility of Fan-Out Architecture [Multiple Lambda Functions can listen to the same SNS topic - near zero configuration]
For anyone landing on this topic.
It's possible with Freshdesk Marketplace app. With onTicketCreate product event, any actions can be written to execute with a Serverless function. It's completely run in Freshworks platform cloud.
If required, it can call your AWS Lambda.