SNS Topic Child Stack AWSTemplateFormatVersion: ""ĪWS Chatbot is an interactive agent that makes it easy to monitor, operate, and troubleshoot your AWS workloads in your chat channels. Type: AWS::Chatbot::SlackChannelConfiguration This approach allowed us to deploy the SNS topic first before providing its Amazon Resource Name (ARN) to our EventBridge rule.ĬloudFormation Parent Stack AWSTemplateFormatVersion: ""ĭescription: URL of nested stack template To ensure seamless integration of these services, I separated each service into its own CloudFormation template. While manually creating an EventBridge rule and SNS topic for each region is not a difficult administrative task, I decided to utilize CloudFormation to automate the deployment and integration of these services. Since the S3 bucket location, EventBridge Rules, and SNS Topics are specific to regions, we needed to pre-deploy each service in all six regions we operate in. To create the solution, I divided it into four main components: I decided early on to leverage SNS to achieve alerting, then given my hatred of emails, Slack was my obvious preference for receiving them. However let's be honest, who sits and watches CloudTrail logs? Not me! One could argue that's the answer, events logged, a requirement met □. If enabled, AWS Cloud Trail will log any API calls for S3 that invoke public access:ĮventName": Bucket permissions that grant Upload/Delete access to everyone create potential security vulnerabilities by allowing anyone to add, modify, or remove items in a bucket. You must have monitoring and alerting in place to identify when S3 buckets become public. During a recent review, I discovered that we were not meeting one of the framework's requirements. As part of my role, I am responsible for ensuring that our business adheres to the AWS Well-Architected Framework.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |