- Newest
- Most votes
- Most comments
SNS notifications can be configured for AWS Config in general
Hi, compliance status changes events are sent to Amazon EventBridge, so you can configure a rule in EventBridge and send the event to the SNS topic or other target service (i.e Lambda function) to handle the event.
https://repost.aws/knowledge-center/config-resource-non-compliant
You can also do this in the AWS Config rule with a "Remediation Action" of type AWS-PublishSNSNotification, and specifying in the parameters the Topic's ARN, the message, and the IAM role's ARN that is allowed to publish messages to the SNS topic (keep in mind that this role should have a trust relationship with the Systems Manager (ssm) service). In CDK you can configure it with CfnRemediationConfiguration construct. In the web console you can access the "Manage remediation" option either in the list of rules by selecting the rule and then using the "Actions" drop down, or within the rule using the same drop down.
Please see more in
https://docs.aws.amazon.com/systems-manager-automation-runbooks/latest/userguide/automation-aws-publishsnsnotification.html
https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/aws-resource-config-remediationconfiguration.html
Relevant content
- asked 2 years ago
- asked 2 years ago
- asked 6 months ago
- AWS OFFICIALUpdated 17 days ago
- AWS OFFICIALUpdated 2 months ago
