CODEWITHSUNDEEP
amazon-web-servicesamazon-cloudwatchamazon-snscloudwatch-alarms
Madhu
Madhu

Reputation: 429

How to exclude cloudwatch alarns from SNS topic using filter policy?

I have one SNS topic and it has two subscriptions, one is pagerduty API and other is pagerdutyEmail. I want to exclude alarms from pagerduty Email subscription using subscription filter policy for that topic.

I am not sure how I should exclude it, Does filter policy has like option

I tried to use below but doesnt work.

  "AlarmArn": [
    {
      "prefix": "arn:aws:cloudwatch"
    }
  ]
}

Upvotes: 3

Views: 1847

Answers (3)

Otavio Ferreira
Otavio Ferreira

Reputation: 966

As of today, SNS supports payload-based message filtering too. Therefore, you can now filter the events coming from your CloudWatch alarms. More info: https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-sns-payload-based-message-filtering/

Upvotes: 0

Devesh
Devesh

Reputation: 21

I don't think that the Subscription filter policy would allow you to filter the Cloudwatch Alarms based on Alarm ARN or any other metadata that is sent in the Cloudwatch JSON payload.

The filter policy expects a MessageAttributes field in the payload sent to the SNS topic, and that field should contain the attributes based on which you would like to add your filter policy to filter your notifications.

The JSON payload sent by a Cloudwatch Alarm doesn't contain those attributes as can be seen in the sample payload below:

{
    "Type": "Notification",
    "MessageId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "TopicArn": "arn:aws:sns:eu-west-1:000000000000:cloudwatch-alarms",
    "Subject": "ALARM: \"Example alarm name\" in EU - Ireland",
    "Message": "{\"AlarmName\":\"Example alarm name\",\"AlarmDescription\":\"Example alarm description.\",\"AWSAccountId\":\"000000000000\",\"NewStateValue\":\"ALARM\",\"NewStateReason\":\"Threshold Crossed: 1 datapoint (10.0) was greater than or equal to the threshold (1.0).\",\"StateChangeTime\":\"2017-01-12T16:30:42.236+0000\",\"Region\":\"EU - Ireland\",\"OldStateValue\":\"OK\",\"Trigger\":{\"MetricName\":\"DeliveryErrors\",\"Namespace\":\"ExampleNamespace\",\"Statistic\":\"SUM\",\"Unit\":null,\"Dimensions\":[],\"Period\":300,\"EvaluationPeriods\":1,\"ComparisonOperator\":\"GreaterThanOrEqualToThreshold\",\"Threshold\":1.0}}",
    "Timestamp": "2017-01-12T16:30:42.318Z",
    "SignatureVersion": "1",
    "Signature": "Cg==",
    "SigningCertUrl": "https://sns.eu-west-1.amazonaws.com/SimpleNotificationService-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.pem",
    "UnsubscribeUrl": "https://sns.eu-west-1.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:eu-west-1:000000000000:cloudwatch-alarms:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}

I've tested a filter policy using one of the key-value pairs available in the Cloudwatch payload but it didn't work for me.

Refer Doc:
https://docs.aws.amazon.com/sns/latest/dg/sns-subscription-filter-policies.html

You may have to write a Lambda Function using your preferred client library and use Pagerduty Events API to work out a solution.

Refer:
https://developer.pagerduty.com/docs/tools-libraries/client-libraries/ https://developer.pagerduty.com/docs/events-api-v2/trigger-events/

Upvotes: 2

Milan Gatyás
Milan Gatyás

Reputation: 2777

The filter above actually matches the messages with the AlarmArn with prefix arn:was:cloudwatch.

You might try to use anything-but command.

"AlarmArn": [{
    "anything-but": [{
        "prefix": "arn.aws.cloudwatch"
    }]
}]

See https://docs.aws.amazon.com/sns/latest/dg/sns-subscription-filter-policies.html for more information

Upvotes: 0

Related Questions