Skip to content

Latest commit

 

History

History
50 lines (46 loc) · 1.95 KB

File metadata and controls

50 lines (46 loc) · 1.95 KB

AWS Config Compliance Notifications

Lambda function to send notification emails when the compliance status of an AWS Config Rule changes

Prerequisites:

Setup:

  • Check out this project
  • Modify the FROM and EMAILS Lambda environment variables in function.json. FROM should be the from address you want your notification emails to come from. EMAILS should be a semicolon separated list of email addresses to send notifications to.
  • Modify the role setting in function.json to point to your AWS IAM Lambda execution role with the appropriate settings. The value should be the IAM role's ARN.
  • Deploy the Lambda function to your AWS account using the apex command line tool.
  • In the AWS SNS console, add the new Lambda function as a subscription to the SNS topic that AWS Config sends notifications to.

Example IAM Lambda Execution Role:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*"
    },
    {
       "Effect": "Allow",
       "Action": [
         "ses:SendEmail", 
         "ses:SendRawEmail"
       ],
       "Resource":"*"
     }
  ]
}