Skip to content
By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post
About re:Post

How do I get email notifications for my IAM Identity Center SCIM token expiration?

3 minute read
0

I want to receive emails that notify me when my AWS IAM Identity Center System for Cross-domain Identity Management (SCIM) access token expires.

Short description

To receive an email that notifies you when your IAM Identity Center SCIM token expires, create an AWS Health alert. Then, subscribe to an Amazon Simple Notification Service (Amazon SNS) topic and configure an Amazon EventBridge rule and target.

Note: If your SCIM access token expires, then your identity provider no longer synchronizes user and group information to IAM Identity Center. As a result, automatic provisioning can't make updates or create and delete information.

Resolution

Configure your managed notification subscription

To receive an alert for an AWS Health event, configure your managed notification subscription.

Create an Amazon SNS topic

Complete the following steps:

  1. Open the Amazon SNS console.
  2. In the navigation pane, choose Topics, and then choose Create topic.
  3. For Topic type, select Standard.
  4. For Name, enter a name for your topic.
  5. Choose Create topic.

Subscribe to the Amazon SNS topic

Complete the following steps:

  1. Open the Amazon SNS console.
  2. In the navigation pane, choose Topics, and then choose the topic that you created.
  3. Choose the Subscriptions tab, and then choose Create subscription.
  4. For Protocol, choose Email.
  5. For Endpoint, enter the email address where you want to receive notifications.
  6. Choose Create subscription.
  7. Open your email account. Find the email from Amazon SNS, and then select the Confirm subscription link in the email.

Create an EventBridge rule

To create an EventBridge rule, see Configuring an EventBridge rule to send notifications about events in AWS Health.

The following is an example event pattern for the EventBridge rule that sends emails when the AWS Health Dashboard generates the AWS_IAMIDENTITYCENTER_SCIM_BEARER_TOKEN_EXPIRY_NOTIFICATION event:

{
  "source": [
    "aws.health"
  ],
  "detail-type": [
    "AWS Health Event"
  ],
  "detail": {
    "service": [
      "IAMIDENTITYCENTER"
    ],
    "eventTypeCategory": [
      "accountNotification"
    ],
    "eventTypeCode": [
      "AWS_IAMIDENTITYCENTER_SCIM_BEARER_TOKEN_EXPIRY_NOTIFICATION"
    ]
  }
}

Configure the EventBridge rule target

Complete the following steps:

  1. Open the EventBridge console.
  2. In the navigation pane, choose Rules, and then choose the rule you created.
  3. Choose Targets.
  4. Choose Add target, and then choose SNS topic from the dropdown list.
  5. For Topic, select the Amazon SNS topic that you created.
  6. (Optional) Configure input transformation.
  7. Choose Next.
  8. In the Review and create section, review your settings.
  9. Choose Create rule.

When an AWS Health event that matches your rule occurs, EventBridge activates the rule and publishes a message to your Amazon SNS topic. Then, the Amazon SNS topic sends an email notification to your subscribed email address.

Related information

Rotate an access token

Topics
Security, Identity, & Compliance
Tags
AWS IAM Identity Center
Language
English
AWS OFFICIALUpdated 2 months ago
1 Comment

This article was reviewed and updated on 2026-03-06

AWS
MODERATOR
replied 2 months ago

Relevant content