Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Enable SNS Delivery Status Logging configuration in cloudformation

Tags:

amazon-sns

amazon-cloudformation

amazon-cloudwatch

I'm trying to set up an SNS topic with AWS CloudFormation. I'm able to get the topics and its SQS subscriptions up and running, but I couldn't find a way to specify the delivery status logging options (the ones that tell the topic to write its logs to cloudwatch).

The official SNS/Cloudformation docs say nothing about this capability.

I found here that apparently it's not implemented yet. Does anyone have up-to-date status about this?

Below is the template (fragment) I have:

SNSBouncesTopic:
  Type: AWS::SNS::Topic
  Properties: 
    DisplayName: SNS-Bounces
    Subscription: 
     - Endpoint: !GetAtt
        - SQSBouncesQueue
        - Arn
       Protocol: sqs
    TopicName: SNS-Bounces

The SQSBouncesQueue is another resource of the stack that handles the SNS messages.

like image 723
SebaGra Avatar asked Nov 26 '19 15:11

SebaGra

People also ask

How do you get SNS topic Arn in CloudFormation?

In your CloudFormation template, if you simply reference your SNS topic, then you'll get the ARN. So you can use that as input to your nested CloudFormation template.

1 Answers

At the moment, CloudFormation does not support enabling SNS Delivery Status Logging.

You'll need to use either the console, SDK or CLI. If you still need to use CloudFormation workflow then review the following workaround below :

This workaround involves using a Lambda-backed custom resource to enable SNS Delivery Status logging by adding the necessary attributes to the SNS Topic.

A custom resource essentially triggers a Lambda function when your CFN stack is created, updated, or deleted.

To set up the topic attributes, you would need the following:

a) An IAM role with the permissions for the SNS service to assume the role. It should include the following: 

  Permissions : 
  Actions : 
  "logs:CreateLogGroup"
  "logs:CreateLogStream”
  "logs:PutLogEvents”
  "logs:PutMetricFilter"
  "logs:PutRetentionPolicy"

b) An SNS Topic

c) The custom resource that takes in the IAM Role ARN and the SNS Topic ARN and invokes a Lambda function that sets the topic attributes accordingly.

In the Lambda function, you will need to specify the SNS TopicArn, set the topic attributes using set_topic_attributes() method. For the AttributeName, you will have to specify it as “LambdaSuccessFeedbackRoleArn” to set the attribute for a successful delivery and as “LambdaFailureFeedbackRoleArn” to set the attribute for a failed delivery.

Note:

  1. The AttributeValue for both successful and failed would be the ARN of an IAM Role with access to modify the CloudWatch logs.

  2. This function should be called twice, once to set the attribute for a successful delivery and another to set the attribute for a failed delivery.

like image 158
syumaK Avatar answered Jan 04 '23 02:01

syumaK
Sign in to Comment

Related questions

How to add custom Metric and Alarm to AWS Lambda function via aws-cdk
How do I specify another AWS account's Event Bus as a target of an EventBridge rule using CloudFormation or CDK?
How to get username in AWS Cloudformation template file?
How to protect an AWS CloudFormation stack from deletion?
How to enable cloudwatch logs and assign custom domain name in cloudformation
How to send Cloudwatch log details via email?
How do I enable Encryption at Rest on DynamoDB with CloudFormation
AWS CloudFormation Transform - How do I properly return an error message?
Reading a secret using CloudFormation
How to add an Internet Gateway to a VPC using AWS CDK?
How to get RDS instance hostname in CDK app?
AWS CDK - how does one debug a hanging deploy?
AWS: How to update an existing S3 bucket-policy via CloudFormation?
How to specify multiple buckets in a bucketpolicy in a cfn template?
How to specify both IPv6 and v4 in Security Groups in CloudFormation?
Permissions on Global Secondary Index
AWS LoadBalancer to Listen on multiple ports
How to add a Redis AUTH token to a ElastiCache via a CloudFormation template?
sam package vs aws cloudformation package
Create AWS Athena view programmatically

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!