Confirming AWS SNS Topic Subscription for Slack Webhook - amazon-web-services

I am integrating SNS and Slack. I have created a slack app with incoming webhook enabled. I have got the webhook URL. I created a subscription for a SNS Topic with HTTPS protocol and set the Endpoint the webhookURL. Now the subscription is PendingConfirmation. I didnot receive any confirmation message, not in the destined channel.
How do I confirm the subscription?

You don't need to create a lambda function or create an HTTPS subscription with Slack.
On your slack channel, add the "email integration" app. Once done, Slack will provide you an email address with slack.com domain.
Emails sent to this address will be imported into your slack channel.
Then, on SNS create an email subscription and provide the slack email above.

The reason you're not seeing it in Slack is because the default JSON format for SNS messages doesn't conform to the format required by Slack:
You have two options for sending data to the Webhook URL above:
Send a JSON string as the payload parameter in a POST request
Send a JSON string as the body of a POST request
For a simple message, your JSON payload could contain a text property at minimum. This is the text that will be posted to the channel.
As another user suggested you can use an AWS Lambda function to facilitate this. There are free, public solutions available already, such as this one (which I did not author, and have not used...only including as a reference point).

You can confirm the subscription WITHOUT lambda. It is easy.
I found a way to integrate AWS SNS with slack WITHOUT AWS Lambda or AWS chatbot.
Follow the video which show all the step clearly.
https://www.youtube.com/watch?v=CszzQcPAqNM
Steps to follow:
Create slack channel or use existing channel
Create a work flow with selecting Webhook
Create a variable name as SubscribeURL. The name is very important
Add the above variable in the message body of the workflow
Publish the workflow and get the url
Add the above Url as subscription of the SNS
You will see the subscription URL in the slack channel
Follow the URl and complete the subscription
Come back to the work flow and change the variable to Message
The publish the message in SNS. you will see the message in the slack channel.

You have create a lambda function that receives SNS feedback and POST it to your webhook URL.
When you create a subscription to your lambda topic you choose AWS Lambda as protocol and select the lambda that you just created.
More info about it here: https://medium.com/cohealo-engineering/how-set-up-a-slack-channel-to-be-an-aws-sns-subscriber-63b4d57ad3ea

I might be late on this topic but you can configure AWS Chatbot (slack application) to send all the notifications to your slack.
More info here : https://aws.amazon.com/chatbot/

Related

AWS Cloudwatch alarms repeated notifications to slack

I'm successfully deployed solution described in AWS blog that enables repeated notifications on CloudWatch Alarms utilizing the alarm’s state change event via Amazon EventBridge and AWS Step Function.
There is a site which describe this:
https://github.com/aws-samples/amazon-cloudwatch-alarms-repeated-notification-cdk
It is able to send valid e-mail notifications, but the problem is to send it to Slack channel. I was overwhelmed by the problem of an incorrect message format being sent to a slack channel.
I'm looking for solution which can send repeated notification to Slack or how to change that code.

aws calling lambda on cloudwatch alarm - Only email lists for this account are available

On AWS I'm trying to create a cloudwatch alarm that sends a notification to a sns topic that in turn triggers a lambda function that is subscribed to the topic, but have run into a bit of a snag in which my lambda is never triggered. I've followed several tutorials on how to do this, I've manually tested the sns -lambda connection and this is working as is attaching the notification trigger onto cloudwatch.
I've done this all through cloudformation.
I have also tried to configure it manually from the cloudwatch console and then noticed something strange. Underneath the Send a notification to select box as shown in the image below, there is a message which says Only email lists for this account are available. So I'm guessing from that, that somewhere in this account, there is a weird setting that needs to be changed?
Updated answer:
Is the CloudWatch alarm actually in the "Alarm" state? Can you add 2 more notifications to be triggered by the "OK" and "Insufficient data" state respectively?
by reading the original post, SNS should have the right permission to invoke the Lambda function.
previous answer:
That is a general message, it has nothing to do with your SNS topic settings. I reckon it's meant to say only emails opt-in to that SNS topic will get emails.
Q: How does Amazon SNS validate a subscription request to ensure that notifications will not be sent to users as spam?
As part of the subscription registration, Amazon SNS will ensure that notifications are only sent to valid, registered subscribers/end-points. To prevent spam and ensure that a subscriber end-point is really interested in receiving notifications from a particular topic, Amazon SNS requires an explicit opt-in from subscribers using a 2-part handshake:
i. When a user first calls the Subscribe API and subscribes an end-point, Amazon SNS will send a confirmation message to the specified end-point.
ii. On receiving the confirmation message at the end-point, the subscriber should confirm the subscription request by sending a valid response. Only then will Amazon SNS consider the subscription request to be valid. If there is no response to the challenge, Amazon SNS will not send any notifications to that end-point. The exact mechanism of confirming the subscription varies by the transport protocol selected:
For HTTP/HTTPS notifications, Amazon SNS will first POST the confirmation message (containing a token) to the specified URL. The application monitoring the URL will have to call the ConfirmSubscription API with the token included token.
For Email and Email-JSON notifications, Amazon SNS will send an email to the specified address containing an embedded link. The user will need to click on the embedded link to confirm the subscription request.
For SQS notifications, Amazon SNS will enqueue a challenge message containing a token to the specified queue. The application monitoring the queue will have to call the ConfirmSubscription API with the token.
Note: The explicit “opt-in” steps described above are not required for the specific case where you subscribe your Amazon SQS queue to your Amazon SNS topic – and both are “owned” by the same AWS account.

How to confirm a slack subscription to an aws SNS topic?

I have a lambda function that notifies an SNS topic.
It currently sends an email each time I invoke the function so the lambda, the SNS piece and the email subscription are all working ok.
Now I want a Slack Integration.
I've created a channel called aws_int but I can't get it to receive the notification.
I am stuck on the need to 'verify the subscription'. I don't see how I would do this in the https connection to slack.
I don't understand how to do it manually using the console in aws because all the documentation keeps referring to using the 'Subscription Confirmation URL'
I can't find what that is.
but I cannot find what that is.
I found a post talking about the JSON being invalid: Confirming AWS SNS Topic Subscription for Slack Webhook but I don't understand how I would use that, maybe I could use Postman but I am not sure exactly how to format that POST.
So how can I integrate Slack and aws for an SNS topic, specifically how can I do the confirmation (which is required in order to activate it). This has to be a common need!
If I use the hook URL I get
Everything I am trying is just stacking up more Pending Confirmations, which btw I cannot delete...
Here's my postman attempt...
You really DON'T need Lambda. Just SNS and SLACK are enough.
I found a way to integrate AWS SNS with slack WITHOUT AWS Lambda or AWS chatbot. With this approach you can confirm the subscription easily.
Follow the video which show all the step clearly.
https://www.youtube.com/watch?v=CszzQcPAqNM
Steps to follow:
Create slack channel or use existing channel
Create a work flow with selecting Webhook
Create a variable name as "SubscribeURL". The name
is very important
Add the above variable in the message body of the
workflow Publish the workflow and get the url
Add the above Url as subscription of the SNS You will see the subscription URL in the
slack channel
Follow the URl and complete the subscription
Come back to the work flow and change the "SubscribeURL" variable to "Message"
The publish the
message in SNS. you will see the message in the slack channel.
It doesn't look like there is a way to confirm an SNS subscription to a Slack endpoint (email, webhook, whatever). If you want to use SNS as a decoupling layer, you'll need to add a lambda into the system, which can handle the confirmation process.
Lambda -> webhook -> SNS -> Lambda -> webhook -> Slack
Confirming AWS SNS Topic Subscription for Slack Webhook has some more information about this.
I would recommend just using the Lambda to send a message to slack, either calling another dedicated lambda, or just internally to the original one. There's a good tutorial here. If you really want to use SNS, then you could use your original lambda to trigger SNS, then have a new slack-dedicated lambda subscribe to the SNS topic.

Customize alarm message from AWS Cloudwatch

I got some alarm notifications from AWS Cloudwatch to my email but they are usually sent in a JSON format and the problem is that some of those emails are getting received by non-technical people in my company. I was wondering if that is possible to customize the emails sent by AWS SNS because I don't see any option in how to customize it.
If you are using Cloudwatch/Event/Rules then you can use "Input transfomer" to customize the contents of the email and then SNS will send that instead of JSON.
I am using this setup to get notified when user signs in AWS console.
In my case "Event Source" is "AWS Console Sign-in" but you can try with Cloudwatch and see if that gets you what you need.
See the screenshot, hope it helps.
https://docs.aws.amazon.com/AmazonCloudWatch/latest/events/CloudWatch-Events-Input-Transformer-Tutorial.html
https://forums.aws.amazon.com/thread.jspa?messageID=820808
you trigger a lambda function from your SNS topic, take the event and either send it via SNS or SES. SES supports sending HTML mails, SNS just plain text mails.
I normally do the following approach:
Alarm -> SNS -> Lambda -> SES (HTML)
received by non-technical people in my company
I'd use a basic HTML template with buttons and nice looking text :-)
I created a post and a GitHub repository for that:
https://medium.com/#sandro_volpicella/how-to-customise-cloudwatch-alarm-notifications-with-lambda-ses-html-and-cdk-f0094b07fed6
https://github.com/AlessandroVol23/cloudwatch-custom-email-cdk
I don't think you can change the notifications from SNS sent via e-mail.
If you really need to customize them, you should look into SNS notifications via SES (Simple Email Service)

SES: API to get delivery status of mails as json response

I want to get the delivery status of the mails sent through Amazon SES by hitting an API and saving the response in my database. I know of Amazon SNS and sending notification through email, but could not find a solution for this. Is there a solution to this?
There is no polling mechanism in SES for delivery status.
The SNS delivery/status notifications that SES provides, which you have indicated you are familiar with, is the standard mechanism for this.
Enable these and then subscribe an SQS queue, or a Lambda function, or even an HTTPS endpoint from your app, to the designated SNS topic. It should be relatively simple using any of these mechanisms to code a solution to store the reports in the database as they are provided to you by SES.