/aws-config-compliance-notifications

An AWS Lambda function to send notification emails when the compliance status of an AWS Config Rule changes

Primary LanguageJavaScriptMIT LicenseMIT

AWS Config Compliance Notifications

Lambda function to send notification emails when the compliance status of an AWS Config Rule changes

Prerequisites:

Setup:

  • Check out this project
  • Modify the FROM and EMAILS Lambda environment variables in function.json. FROM should be the from address you want your notification emails to come from. EMAILS should be a semicolon separated list of email addresses to send notifications to.
  • Modify the role setting in function.json to point to your AWS IAM Lambda execution role with the appropriate settings. The value should be the IAM role's ARN.
  • Deploy the Lambda function to your AWS account using the apex command line tool.
  • In the AWS SNS console, add the new Lambda function as a subscription to the SNS topic that AWS Config sends notifications to.

Example IAM Lambda Execution Role:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*"
    },
    {
       "Effect": "Allow",
       "Action": [
         "ses:SendEmail", 
         "ses:SendRawEmail"
       ],
       "Resource":"*"
     }
  ]
}