Integrate with Amazon SNS

The integration with Amazon Simple Notification System (SNS) allows you to configure SNS notifications that you can receive daily or any time there is a change to a Best Practice Check or alert. To learn how to configure your integration with SNS, review the procedure.


Procedure

  1. From the left navigation bar, choose Account Settings > Integrations > Configurations.

    The Integration Configurations page opens.
  2. From the drop-down menu, select Sns.
  3. Type the name of your SNS topic.
  4. Click Create.

    A message indicates that your integration was created successfully.

  5. Click OK.

    The page displays the new integration.

  6. Click (green plus sign) to review the details.

  7. In the Account section, provide the following parameters:

    • Name: name of the SNS topic
    • Topic ARN: the ARN value of the SNS topic

  8. Click Save.
  9. Click Send Test.

    An SNS message indicates that your configuration was successful. To learn about other configuration options and to turn on alerts, review the topic, Integration Configuration: Understanding Other Options.


Message Format and Content Examples

Here are some examples of message formats and content to help you parse the messages. 

Alerts SNS Message Format

class AlertSnsDetail
{
public string message;
public string accountId;
public string account;
public string importance;
public string moreInfo;
public AlertSnsResult[] result;
public AlertSnsCloudTrailResult[] cloudtrailResult;
}

class AlertSnsResult
{
public string identifier;
public Dictionary

Best Practice Check SNS Message Format

class BestPracticeSnsDetail
{
public string account;
public BestPracticeSnsItem[] items;
}

class BestPracticeSnsItem
{
public string title;
public string[] details;
}

Example SNS Message from an Alert

This is the entire message a user would receive from AWS. Inside of this is the Message attribute, which is what CloudCheckr includes in its notification.

{
"Message": "{\"message\":\"Alert 'Any security-related event' has been triggered\",\"accountId\":\"123456789012\",\"account\":\"30677\",\"importance\":null,\"result\":null,\"cloudtrailResult\":[{\"iamUser\":\"arn:aws:iam::123456789012:user/john.doe\",\"eventName\":\"GenerateCredentialReport\",\"eventDate\":\"2018-06-14T02:30:24\",\"service\":\"IAM\",\"userIp\":\"99.255.229.213\",\"responseType\":\"Success\",\"region\":\"US East (Northern Virginia)\"}],\"moreInfo\":\"https://app.cloudcheckr.com/#Alert/ResultsCloudTrail\"}",
"MessageId": "87f19c7c-865e-5393-9c9f-cfe77da8b555",
"Signature": "YhTNuD0jdltVab9vKCFo6Rt3ltWowwf0Qe4Q9HY1fdYrPeDeR06kiIm5OtwCU9Wxiq/tDKVliyDr3fe+4+yvNVXgMlFD6E0WC+F3w0IID6Rxf7Jkd9ILy3i/CZa+E8PAMhATa//z7ovCBC+B+1jhoSeJ9iuP4lyva48jkNxg/xUx1Tf6RcTsCir6NkR8o8nt50zrAJurgaOnNzt5SKXgNaFBDFORP5+L5E90JoW0W08xFLuz2Wb/oNmubYxXEWD04IzSqGlxqXihVI/kvaofwu0u6fHb9cMQUYPjF2hE5XodXngIu4P+gVhwN3YxbP2dHXy/sWSHhiNnb/T8yS7D3g==",
"SignatureVersion": "1",
"SigningCertURL": "https://sns.us-east-1.amazonaws.com/SimpleNotificationService-eaea6120e66ea12e88dcd8bcbddca752.pem",
"Subject": "Any security-related event was triggered",
"Timestamp": "2018-06-14T05:14:30.835Z",
"TopicArn": "arn:aws:sns:us-east-1:123456789012:third-party-account-test",
"Type": "Notification",
"UnsubscribeURL": "https://sns.us-east-1.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-east-1:123456789012:third-party-account-test:c2555eb6-8519-4f3e-8fb9-6fa3dcba1555"
}

Formatted Message Content

This is the content from the Message attribute formatted by CloudCheckr for legibility.

{
"account": "30677",
"accountId": "123456789012",
"cloudtrailResult": [
{
"eventDate": "2018-06-14T02:30:24",
"eventName": "GenerateCredentialReport",
"iamUser": "arn:aws:iam::123456789012:user/john.doe",
"region": "US East (Northern Virginia)",
"responseType": "Success",
"service": "IAM",
"userIp": "99.255.229.213"
}
],
"importance": null,
"message": "Alert 'Any security-related event' has been triggered",
"moreInfo": "https://app.cloudcheckr.com/#Alert/ResultsCloudTrail",
"result": null
}


How did we do?