Can I post an alert to SNS topic?
Q: is it possible to send an alert via Amazon SNS?
A: yes, it is; one of possible implementations is explained below.
1. Brief introduction to Amazon SNS (Simple Notification Service)
Amazon SNS (Simple Notification Service) is a Web service coordinating and managing sending or delivering messages to subscribed endpoints (clients). User defines so called SNS topics (logical access points), and defines which subscriber(s) may receive the messages. Variety of communication protocols (AWS Lambda, AWS Simple Queue Service, SMS, HTTP/S or email) allows defining arbitrarily complex reaction to any particular monitoring event.
Note: it is assumed that the person reading this document is capable of setting up SNS topics and define, via AWS IAM (Identity and Access Management), a user (access credentials) to post messages to a SNS topic.
Step by step instructions on how to do that are beyond this article; please refer to the links mentioned above, and corresponding online documentation.
Below we provide step by step instructions on posting to SNS topics from IPHost Network Monitor alerts.
2. Instructions on posting to SNS topic from alert
2.1. Install AWS command-line interface utility
Please follow the corresponding online manual and install AWS command-line utility on the system where IPHost Network Monitor is running.
Use default settings when installing. In the below example, we assume you are using 64-bit Windows system. Otherwise, please replace installation path as required (i.e., use “C:\Program Files (x86)” instead of “C:\Program Files”).
You might wish to add the AWS CLI binaries installation path (by default, “C:\Program Files\Amazon\AWSCLI\bin\aws.exe”) to system PATH (that’s not required for the purpose of these instructions).
2.2. Create IAM credentials to post to SNS topic
From AWS management console, after having logged in, proceed to IAM dashboard and create user with “Publish” access to corresponding SNS topic(s). Generate access and secret access keys for it and write both down.
Note that predefined policy “AmazonSNSFullAccess” does well for testing/quick start, but we recommend, for security reasons, to only allow “Publish” access to certain SNS topics only.
The JSON definition of a policy for single SNS topic “Publish” access could look like
{ "Version": "2012-10-17", "Statement": [ { "Effect": "Allow", "Action": "sns: Publish", "Resource": "arn:aws:sns:us-east-1:12345456778:test" } ] }
where the “Resource” is ARN of the corresponding topic. You can find the ARN by selecting the corresponding topic from SNS dashboard (don’t use sample ARN above).
Note: by this moment, you should have four parameters ready:
- SNS topic ARN (its AWS identifier)
- AWS region, where SNS topics are served
- AWS access key
- AWS secret access key
2.3. Create script to post to SNS topic
Open a plain text editor, such as Notepad, and create a script we will use to post to SNS topic. For the sake of example, it is assumed the script file path is “C:\Scripts\post-to-sns.cmd” (if you choose a different name, please change the path to the script in the below settings).
Put the below lines into script
@echo off set AWS_ACCESS_KEY_ID=YOUR_AWS_ACCESS_KEY set AWS_SECRET_ACCESS_KEY=YOUR_AWS_SECRET_ACCESS_KEY set AWS_DEFAULT_REGION=us-east-1 "C:\Program Files\Amazon\AWSCLI\bin\aws.exe" sns publish --topic-arn "%1" --message "%~2"
(choose actual strings for the variables in bold, not the sample lines; if you use 32-bit Windows, adjust the path to aws.exe, as well).
Now test posting to SNS topic. Open elevated cmd.exe (Run as Administrator), and type the below command (change it if you chose a different script file name and/or location):
C:\Scripts\post-to-sns.cmd arn:aws:sns:us-east-1:12345456778:test "Test message"
(use actual topic ARN).
After you make sure the above posted message reaches the subscribers of the topic, follow next step.
2.4. Create simple action
If the previous setup steps have been correct, you will see notification, in your SNS console, of the message posted. Note: during testing, we recommend subscribing an email address to the SNS topic used, to get the messages in convenient manner.
As soon as you make sure the script posts to the topic, create a new simple action (in IPHost GUI client: “Settings > Alerts > Simple actions”, select “New > Execute program” and enter the below parameters:
Use the below simple action parameters:
- Mode: Run program
- Path: C:\Windows\System32\cmd.exe
- Arguments: /c C:\Scripts\post-to-sns.cmd "arn:aws:sns:us-east-1:12345456778:test" "$HostDNS / $MonitorName is now $NewState"
Once again, use actual ARN and other parameters.
At this moment you can add the new simple action to any alert and use “Alerting > Testing” tab of a monitor, to make sure you receive alerts via SNS, as well. Use that testing buttons for general troubleshooting of this and other simple actions.
Note: you can pass template variable to the second argument passed to the script (starting with $HostDNS), to tune the message to your taste.