AWS SES sends same 'bounceRecipients' through SNS mulitple times - amazon-web-services

after the usual hair pulling efforts, I finally made AWSSimple Email Service push notifications to my REST end point through SNS and successfully applied the required business logic on those recipients.
Points:
You must be pushing multiple emails to that Recipient that's why more than one (unique) bounce notifications are being pushed by SNS.
Yes. And every notification has its own "messageId"
But why I am getting bounce Notifications for single recipient repeatedly, only, why not other wrong recipients.?
Response/s is attached:
{
"notificationType": "Bounce",
"bounce": {
"bounceType": "Permanent",
"bounceSubType": "Suppressed",
"bouncedRecipients": [
{
"emailAddress": "abc.xyz.aws#gmail.com",
"action": "failed",
"status": "5.1.1",
"diagnosticCode": "Amazon SES has suppressed sending to this ..."
}
],
"timestamp": "2017-12-28T07:06:37.106Z",
"feedbackId": "010101609bef62ff-0f30cac8-ec3c-41f3-9eee-5f7d90ef3c46-000000",
"reportingMTA": "dns; amazonses.com"
},
"mail": {
"timestamp": "2017-12-28T07:03:44.000Z",
"source": "abcXYZ#gmail.com",
"sourceArn": "arn:aws:ses:com-xyz-9:9696845301:identity/abcXYZ#gmail.com",
"sourceIp": "10.eee.ppq.lmn",
"sendingAccountId": "12365498512",
"messageId": "010101609bf1b35c-889e815e-b84c-4b08-a283-ee5f3e9740f2-000000",
"destination": ["abc.xyz.aws#gmail.com"]
}
}
Another one and all others:
{
"notificationType": "Bounce",
"bounce": {
"bounceType": "Permanent",
"bounceSubType": "Suppressed",
"bouncedRecipients": [
{
"emailAddress": "abc.xyz.aws#gmail.com",
"action": "failed",
"status": "5.1.1",
"diagnosticCode": "Amazon SES has suppressed sending to this ..."
}
],
"timestamp": "2017-12-28T07:06:37.106Z",
"feedbackId": "010101609befa8f5-a41662a5-b84e-4048-bc3a-d1f1469c8f1a-000000",
"reportingMTA": "dns; amazonses.com"
},
"mail": {
"timestamp": "2017-12-28T07:04:05.192Z",
"source": "abcXYZ#gmail.com",
"sourceArn": "arn:aws:ses:com-xyz-9:9696845301:identity/abcXYZ#gmail.com",
"sourceIp": "10.eee.ppq.lmn",
"sendingAccountId": "12365498512",
"messageId": "010101609bef61bb-310b4f29-0b01-4ecd-b763-b295e26d0732-000000",
"destination": ["abc.xyz.aws#gmail.com"]
}
}
For further info:
HTTP end point is is Spring MVC based REST controller.
Searching:
Through searching I found these:
1- Duplicate delivery/bounce notifications being sent to my SNS topic?
2- Emails being sent multiple times - can I see AWS logs ?
Kindly can any one help/guide or point out what can be the issue?
Hope you people are having a great holiday season.

"bounceSubType": "Suppressed",
This recipient is on the global suppression list, which means no SES customer can send mail to this address. It also means that these bounces are handled differently and more quickly than some other kinds of bounces.
https://aws.amazon.com/blogs/ses/goodbye-blacklist-introducing-the-suppression-list/
The bottom line here is that this bounce is a red flag to you that you need to manage your recipient addresses more carefully. Continuing to send messages to recipients on the suppression list is a signal to AWS that you may not be monitoring your bounces, or that you may not really be sending messages to people who actually want to receive them... and that in turn could potentially lead to enforcement actions.
If the emails you send result in excessive bounces, complaints, or other issues, your sending abilities might be placed on probation or suspended. This process is called enforcement.
http://docs.aws.amazon.com/ses/latest/DeveloperGuide/e-faq.html

Related

AWS SMS with link in message body is not sent

I am trying to send SMS through AWS SNS. Message body includes a URL to the webpage for user invite.
Messages work for Australia but when I send similar message to New Zealand, it fails.
If I remove URL from message body, SMS is sent otherwise it fails.
Here is the AWS cloudwatch log
{
"notification": {
"messageId": "..........",
"timestamp": "2021-10-25 14:18:44.002"
},
"delivery": {
"numberOfMessageParts": 1,
"destination": "+64........",
"priceInUSD": 0.12146,
"smsType": "Transactional",
"providerResponse": "Phone is currently unreachable/unavailable",
"dwellTimeMs": 1011,
"dwellTimeMsUntilDeviceAck": 3192
},
"status": "FAILURE"
}
Looking through AWS forums it says that one one the possibilities for this response can be invalid message body.
Interestingly if I add https://google.com in message body, SMS is sent.
I encountered the same issue. All of a sudden all of our SMS failed to send (our texts include a link). I tried sending various links all failed to send; however, www.google

SNS: SMS not delivered?

I using sns of aws to send sms, when I log cloudwatch i see:
{
"notification": {
"messageId": "ac8d8d02-491d-58bf-ace8-xxxxxx",
"timestamp": "2021-01-01 00:03:54.576"
},
"delivery": {
"phoneCarrier": "Viettel",
"mnc": 4,
"numberOfMessageParts": 1,
"destination": "+843293xxxxx",
"priceInUSD": 0.0525,
"smsType": "Transactional",
"mcc": 452,
"providerResponse": "Message has been accepted by phone carrier",
"dwellTimeMs": 361,
"dwellTimeMsUntilDeviceAck": 2604
},
"status": "SUCCESS"
}
But in my phone, I don't get any message, How I fix it?
For several countries, senders are required to use a pre-registered alphabetic sender ID.
To request a sender ID from AWS Support, file a support request. Some countries require senders to meet specific requirements or abide by certain restrictions in order to obtain approval.
In these cases, AWS Support might contact you for additional information after you submit your sender ID request.
For further information about this, you can read this docs.

Where is the GCP Cloud Scheduler HTTP body?

I am trying to work with a cron job on GCP Cloud Scheduler. I am using the HTTP target with the "GET" method.
I am trying to post messages to a discord channel but first need to GET the body my server webhook sends back to me. The CRON job runs successfully but I cannot find the body of what the webhook returned on the GCP Cloud Scheduler. I have checked the logs as well, it does not contain the body. Here is what the log has:
{
"insertId": "a06j1cfzy21xe",
"jsonPayload": {
"targetType": "HTTP",
"jobName": "projects/website-274422/locations/us-central1/jobs/discord_sec_bot",
"url": "https://discordapp.com/api/webhooks/<redacted>/<redacted>",
"#type": "type.googleapis.com/google.cloud.scheduler.logging.AttemptFinished"
},
"httpRequest": {
"status": 200
},
"resource": {
"type": "cloud_scheduler_job",
"labels": {
"project_id": "website-274422",
"job_id": "discord_sec_bot",
"location": "us-central1"
}
},
"timestamp": "2020-08-10T21:42:13.290867117Z",
"severity": "INFO",
"logName": "projects/website-274422/logs/cloudscheduler.googleapis.com%2Fexecutions",
"receiveTimestamp": "2020-08-10T21:42:13.290867117Z"
}
Could anyone tell me where I could find what my GET request received?
Although it's not mentioned directly in the documentation I don't think it's possible to see this. I am not sure what do you want to do, however if you need any information to pass to the logs you can use response status. I have done quick test on my cloud function, which was randomly sending response status from 200 to 204.
For each job I get 2 different log items. In the 2nd one there is following field with random status:
httpRequest: {
status: 201
}
According this is only chance to see anything returned by the endpoint to logs. You can use this status to code some information.

How to send Cloudwatch log details via email?

The diagram below is what I am trying to achieve. In brief, to send CloudTrail logs to CloudWatch log group then scan it for certain events and finally send email alerts if there is an concerting event.
I am following this official documentation which also has a sample CloudFormation templates: http://docs.aws.amazon.com/awscloudtrail/latest/userguide/use-cloudformation-template-to-create-cloudwatch-alarms.html
Using the CloudFormation templates above, I have been able to send the email alerts. However the alerts are very basic; it does not send key information like which user initiated this event, when did it occur etc.
Logically thinking AWS::Logs::MetricFilter should pass the value to AWS::CloudWatch::Alarm which would then send the information. I have looked at the documentation of both MetricFilter and Alarm services. Dimension comes closer to what I want but not yet able to read the information from logs.
I would have thought this is a common use case and there would be documentation. Am I missing something glaringly obvious here? Has anyone here solved this issue?
AWS::Logs::MetricFilter block:
"AuthorizationFailuresMetricFilter": {
"Type": "AWS::Logs::MetricFilter",
"Properties": {
"LogGroupName": { "Ref" : "LogGroupName" },
"FilterPattern": "{ ($.errorCode = \"*UnauthorizedOperation\") || ($.errorCode = \"AccessDenied*\") }",
"MetricTransformations": [
{
"MetricNamespace": "CloudTrailMetrics",
"MetricName": "AuthorizationFailureCount",
"MetricValue": "1"
}
]
}
},
AWS::CloudWatch::Alarm block
"AuthorizationFailuresAlarm": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"AlarmName" : "CloudTrailAuthorizationFailures",
"AlarmDescription" : "Alarms when an unauthorized API call is made.",
"AlarmActions" : [{ "Ref" : "AlarmNotificationTopic" }],
"Dimensions": [
{
"Name": "errorCode",
"Value": ""
},
{
"Name": "userIdentity",
"Value": ""
}
],
"MetricName" : "AuthorizationFailureCount",
"Namespace" : "CloudTrailMetrics",
"ComparisonOperator" : "GreaterThanOrEqualToThreshold",
"EvaluationPeriods" : "1",
"Period" : "300",
"Statistic" : "Sum",
"Threshold" : "1"
}
},
This is not possible.
Amazon CloudWatch Logs will accept information from AWS CloudTrail and, upon finding messages that match a pre-defined filter, will increment a metric count.
An Amazon CloudWatch alarm can then be triggered when the metric exceeds a certain threshold. However, there is no direct connection between the incoming data that generated the metrics and the alarm that triggers based upon the threshold.
Think of it like a turnstile counting people who enter a subway. The turnstile counts the number of people, but does not retain information about the people who passed through. In the same way, the CloudWatch alarm counts the events but does not have any information about the events that were counted.

How to add SQS message attributes in SNS subscription?

The documentation for AWS SNS and SQS have sections about message attributes. But there is no explanation how to have SQS message attributes when that queue is subscribed to a SNS topic.
Is there a way to configure AWS SNS to add particular message attributes to the SQS messages send via the subscription?
From aws documentation:
To use message attributes with Amazon SQS endpoints, you must set the subscription attribute, Raw Message Delivery, to True. For more information about raw message delivery, see Appendix: Large Payload and Raw Message Delivery.
https://docs.aws.amazon.com/sns/latest/dg/SNSMessageAttributes.html
https://docs.aws.amazon.com/sns/latest/dg/large-payload-raw-message.html
Added an example from real-life project. Hopefully it helps to clarify things.
The message published to the sns topic is following:
aws sns publish --topic-arn arn:aws:sns:us-west-2:xxx:pollution-event --message '{"operatorId":3375001,"eventTypeId":1,"eventLevelId":1,"validFrom":"2018-03-10T09:00:00Z","validTo":"2018-03-11T09:00:00Z"}' --message-attributes '{"Type" : { "DataType":"String", "StringValue":"Orchestration.Services.Model.Pollution.PollutionMessage"}}'
Enable Raw Delivery is false (default). The message received by sqs contains only content, there are no attributes
{
"Type": "Notification",
"MessageId": "78d5bc6f-142c-5060-a75c-ef29b774ec66",
"TopicArn": "arn:aws:sns:eu-west-2:xxx:pollution-event",
"Message": "{\"validFrom\": \"2018-03-10T09:00:00Z\",\"validTo\": \"2018-03-11T09:00:00Z\",\"eventLevelId\": 1,\"eventTypeId\": 1,\"operatorId\": 3375001}",
"Timestamp": "2018-04-17T11:33:44.770Z",
"SignatureVersion": "1",
"Signature": "xxx==",
"SigningCertURL": "https://sns.eu-west-2.amazonaws.com/SimpleNotificationService-xxx.pem",
"UnsubscribeURL": "https://sns.eu-west-2.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:eu-west-2:xxx",
"MessageAttributes": {
"Type": {
"Type": "String",
"Value": "Orchestration.Services.Model.Pollution.PollutionMessage"
},
"AWS.SNS.MOBILE.MPNS.Type": {
"Type": "String",
"Value": "token"
},
"AWS.SNS.MOBILE.MPNS.NotificationClass": {
"Type": "String",
"Value": "realtime"
},
"AWS.SNS.MOBILE.WNS.Type": {
"Type": "String",
"Value": "wns/badge"
}
}
}
Enable Raw delivery is true. The message contains the message attributes and proper content
Note: See other answer for better response, using Raw Message Delivery
While the Using Amazon SNS Message Attributes documentation sending Amazon SNS message attributes to Amazon SQS, it appears that the attributes are sent in the body of the message rather than being attached as message attributes on the resulting Amazon SQS messages.
For example, I did the following:
Created an Amazon SNS topic
Created an Amazon SQS queue and subscribed it to the SNS topic
Published a message to SNS
I published via the AWS Command-Line Interface (CLI):
aws sns publish --topic-arn arn:aws:sns:ap-southeast-2:123456789012:foo --message msg --subject subj --message-attributes '{"somename" : { "DataType":"String", "StringValue":"somevalue"}}'
(I got syntax help from map datatype in aws cli)
The resulting message in SQS showed the attributes as part of the message:
{
"Type" : "Notification",
"MessageId" : "53e3adad-723a-5eae-a7b7-fc0468ec2d37",
"TopicArn" : "arn:aws:sns:ap-southeast-2:123456789012:foo",
"Subject" : "subj",
"Message" : "msg",
"Timestamp" : "2017-05-29T12:48:22.186Z",
...
"MessageAttributes" : {
"somename" : {"Type":"String","Value":"somevalue"}
}
}
It would be much nicer if these attributes were attached to the SQS message as official SQS attributes. Alas, it seems this is not the case.
Enabled Raw message delivery type while adding SQS subscription for the topic inside SNS
If you are here because you have a SQS queue that is subscribed to an SNS topic, you checked that your subscription has set the Raw Message Delivery to True but you still cannot read an attribute on your SQS message:
Make sure that your SQS client is not filtering out message attributes.
The code below will only include myAttribute when receiving messages from the SQS queue:
SQS.receiveMessage({
QueueUrl: queueUrl,
VisibilityTimeout: 20,
WaitTimeSeconds: 10,
MessageAttributeNames: [
"myAttribute"
],
},...
If you want to read the value of some attribute other than myAttribute you will have to specify it (white list) or replace "myAttribute" with "All" to include all SQS attributes.
SQS.receiveMessage({
MessageAttributeNames: [
"myAttribute", "myOtherAttribute"
],
},...
Reference: https://docs.aws.amazon.com/AWSSimpleQueueService/latest/APIReference/API_ReceiveMessage.html