Integrate with Amazon SNS

Introduction

The integration with Amazon Simple Notification System (SNS) allows you to configure SNS notifications that you can receive daily or any time there is a change to a Best Practice Check or alert.

To learn how to configure your integration with SNS, review the procedure.


Procedure

  1. From the left navigation bar, choose Account Settings > Integrations > Configurations.
  2.  

       
    The Integration Configurations page opens.
           

  3. From the drop-down menu, select Sns.
  4.  

  5. Type the name of your SNS topic.
  6.  

  7. Click Create.
  8.  
    A message indicates that your integration was created successfully.

  9. Click OK.

  10. The page displays the new integration.


     

  11. Click (green plus sign) to review the details.
  12.    

     

  13. In the Account section, there are some SNS-specific parameters for you to fill out. Enter in the appropriate information as detailed by the below parameters:
  14.  

    Parameter Description
    Name Name of the SNS topic
    Topic ARN The ARN value of the SNS topic
  15. Click Save.
  16.  

  17. Click Send Test.
  18.  
    An SNS message indicates that your configuration was successful.

  19. To learn about other configuration options and to turn on alerts, review the topic, Integration Configuration – Understanding Other Options.

Message Format and Content Examples

Here are some examples of message formats and content to help you parse the messages.
 

Alerts SNS Message Format

class AlertSnsDetail
  {
      public string message;
      public string accountId;
      public string account;
      public string importance;
      public string moreInfo;
      public AlertSnsResult[] result;
      public AlertSnsCloudTrailResult[] cloudtrailResult;
  }

  class AlertSnsResult
  {
      public string identifier;
      public Dictionary parameters;
  }

  class AlertSnsCloudTrailResult
  {
      public string iamUser;
      public string eventName;
      public DateTime? eventDate;
      public string service;
      public string userIp;
      public string responseType;
      public string region;
  }

 

Best Practice Check SNS Message Format

class BestPracticeSnsDetail
  {
      public string account;
      public BestPracticeSnsItem[] items;
  }

  class BestPracticeSnsItem
  {
      public string title;
      public string[] details;
  }

 

Example SNS Message from an Alert

This is the entire message a user would receive from AWS. Inside of this is the Message attribute, which is what CloudCheckr includes in its notification.

{
    "Message": "{\"message\":\"Alert 'Any security-related event' has been triggered\",\"accountId\":\"123456789012\",\"account\":\"30677\",\"importance\":null,\"result\":null,\"cloudtrailResult\":[{\"iamUser\":\"arn:aws:iam::123456789012:user/john.doe\",\"eventName\":\"GenerateCredentialReport\",\"eventDate\":\"2018-06-14T02:30:24\",\"service\":\"IAM\",\"userIp\":\"99.255.229.213\",\"responseType\":\"Success\",\"region\":\"US East (Northern Virginia)\"}],\"moreInfo\":\"https://app.cloudcheckr.com/#Alert/ResultsCloudTrail\"}",
    "MessageId": "87f19c7c-865e-5393-9c9f-cfe77da8b555",
    "Signature": "YhTNuD0jdltVab9vKCFo6Rt3ltWowwf0Qe4Q9HY1fdYrPeDeR06kiIm5OtwCU9Wxiq/tDKVliyDr3fe+4+yvNVXgMlFD6E0WC+F3w0IID6Rxf7Jkd9ILy3i/CZa+E8PAMhATa//z7ovCBC+B+1jhoSeJ9iuP4lyva48jkNxg/xUx1Tf6RcTsCir6NkR8o8nt50zrAJurgaOnNzt5SKXgNaFBDFORP5+L5E90JoW0W08xFLuz2Wb/oNmubYxXEWD04IzSqGlxqXihVI/kvaofwu0u6fHb9cMQUYPjF2hE5XodXngIu4P+gVhwN3YxbP2dHXy/sWSHhiNnb/T8yS7D3g==",
    "SignatureVersion": "1",
    "SigningCertURL": "https://sns.us-east-1.amazonaws.com/SimpleNotificationService-eaea6120e66ea12e88dcd8bcbddca752.pem",
    "Subject": "Any security-related event was triggered",
    "Timestamp": "2018-06-14T05:14:30.835Z",
    "TopicArn": "arn:aws:sns:us-east-1:123456789012:third-party-account-test",
    "Type": "Notification",
    "UnsubscribeURL": "https://sns.us-east-1.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:us-east-1:123456789012:third-party-account-test:c2555eb6-8519-4f3e-8fb9-6fa3dcba1555"
}

 

Formatted Message Content

This is the content from the Message attribute above, then formatted by CloudCheckr for legibility.

{
    "account": "30677",
    "accountId": "123456789012",
    "cloudtrailResult": [
        {
            "eventDate": "2018-06-14T02:30:24",
            "eventName": "GenerateCredentialReport",
            "iamUser": "arn:aws:iam::123456789012:user/john.doe",
            "region": "US East (Northern Virginia)",
            "responseType": "Success",
            "service": "IAM",
            "userIp": "99.255.229.213"
        }
    ],
    "importance": null,
    "message": "Alert 'Any security-related event' has been triggered",
    "moreInfo": "https://app.cloudcheckr.com/#Alert/ResultsCloudTrail",
    "result": null
}

See Also:
Integration Configuration – Understanding Other Options
Integration Configurations
Integrate with ServiceNow
Integrate with Slack
Integrate with PagerDuty
Integrate with Syslog
Best Practice Report
Configure Best Practice Check Notification