Subscription filter policy for AWS backup failures

Question

I have created a topic and subscribed with an email endpoint, targeting to be mailed for any anomalies such as aborted backups and failed backups through an email.
Have created a rule in Event bridge to collect backup job state change event and pointed to the SNS topic.

Have tried a  subscription filtering policy on the topic as below:

{
  "state": [
    {
      "anything-but": [
        "CREATED",
        "PENDING",
        "RUNNING",
        "COMPLETED"
      ]
    }
  ]
}

yet the result is not as expected.

Answer

We would have to use a custom event pattern in order to get notifications just for getting alerts when a backup job failed and aborted.

1. Create an event pattern and use below customer Pattern using Json editor.
                      {
                        "source": ["aws.backup"],
                         "detail-type": ["Backup Job State Change"],
                        "detail": {
                         "state": ["FAILED", "ABORTED"]
                                      }
                      }
2. Create SNS topic and add the below statement to the Access policy. Modify the Resource name with your SNS topic
                    {
                      "Sid": "My-statement-id",
                       "Effect": "Allow",
                       "Principal": {
                       "Service": "backup.amazonaws.com"
                                          },
                      "Action": "SNS:Publish",
                       "Resource": "arn:aws:sns:eu-west-1:111111111111:exampletopic"
                  }
3. There is no need to use any subscription filtering policy with this event bridge pattern.
4. Once the SNS created do not forget to confirm the subscription.
5. Once the subscription confirmed, create a backup and abort it and create another backup job such that it get fails.
6. You should see only email alerts for failed backup job and aborted backup job

Subscription filter policy for AWS backup failures

相关内容