The integration with Amazon Simple Notification System (SNS) allows you to configure SNS notifications that you can receive daily or any time there is a change to a Best Practice Check or alert. To learn how to configure your integration with SNS, review
the procedure.
Procedure
From the left navigation bar, choose Account Settings > Integrations > Configurations.
The Integration Configurations page opens.
From the drop-down menu, select Sns.
Type the name of your SNS topic.
Click Create.
A message indicates that your integration was created successfully.
Click OK.
The page displays the new integration.
Click
(green plus sign) to review the details.
In the Account section, provide the following parameters:
Here are some examples of message formats and content to help you parse the messages.
Alerts SNS Message Format
class AlertSnsDetail { public string message; public string accountId; public string account; public string importance; public string moreInfo; public AlertSnsResult[] result; public AlertSnsCloudTrailResult[] cloudtrailResult; }
class AlertSnsResult { public string identifier; public Dictionary
Best Practice Check SNS Message Format
class BestPracticeSnsDetail { public string account; public BestPracticeSnsItem[] items; }
class BestPracticeSnsItem { public string title; public string[] details; }
Example SNS Message from an Alert
This is the entire message a user would receive from AWS. Inside of this is the Message attribute, which is what CloudCheckr includes in its notification.
{ "Message": "{\"message\":\"Alert 'Any security-related event' has been triggered\",\"accountId\":\"123456789012\",\"account\":\"30677\",\"importance\":null,\"result\":null,\"cloudtrailResult\":[{\"iamUser\":\"arn:aws:iam::123456789012:user/john.doe\",\"eventName\":\"GenerateCredentialReport\",\"eventDate\":\"2018-06-14T02:30:24\",\"service\":\"IAM\",\"userIp\":\"99.255.229.213\",\"responseType\":\"Success\",\"region\":\"US East (Northern Virginia)\"}],\"moreInfo\":\"https://app.cloudcheckr.com/#Alert/ResultsCloudTrail\"}", "MessageId": "87f19c7c-865e-5393-9c9f-cfe77da8b555", "Signature": "YhTNuD0jdltVab9vKCFo6Rt3ltWowwf0Qe4Q9HY1fdYrPeDeR06kiIm5OtwCU9Wxiq/tDKVliyDr3fe+4+yvNVXgMlFD6E0WC+F3w0IID6Rxf7Jkd9ILy3i/CZa+E8PAMhATa//z7ovCBC+B+1jhoSeJ9iuP4lyva48jkNxg/xUx1Tf6RcTsCir6NkR8o8nt50zrAJurgaOnNzt5SKXgNaFBDFORP5+L5E90JoW0W08xFLuz2Wb/oNmubYxXEWD04IzSqGlxqXihVI/kvaofwu0u6fHb9cMQUYPjF2hE5XodXngIu4P+gVhwN3YxbP2dHXy/sWSHhiNnb/T8yS7D3g==", "SignatureVersion": "1", "SigningCertURL": "https://sns.us-east-1.amazonaws.com/SimpleNotificationService-eaea6120e66ea12e88dcd8bcbddca752.pem", "Subject": "Any security-related event was triggered", "Timestamp": "2018-06-14T05:14:30.835Z", "TopicArn": "arn:aws:sns:us-east-1:123456789012:third-party-account-test", "Type": "Notification", "UnsubscribeURL": "https://sns.us-east-1.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-east-1:123456789012:third-party-account-test:c2555eb6-8519-4f3e-8fb9-6fa3dcba1555" }
Formatted Message Content
This is the content from the Message attribute formatted by CloudCheckr for legibility.
(green plus sign) to review the details.
