An AWS Lambda function to send notification emails when the compliance status of an AWS Config Rule changes
Switch branches/tags
Nothing to show
Clone or download
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
functions/config-notification Adding IAM Role information Feb 23, 2017
.gitignore Adding IntelliJ project files to Git ignore Feb 22, 2017
LICENSE Initial commit Feb 22, 2017
README.md Adding IAM Role information Feb 23, 2017
project.json Adding Lambda function code and Apex files. Feb 22, 2017

README.md

AWS Config Compliance Notifications

Lambda function to send notification emails when the compliance status of an AWS Config Rule changes

Prerequisites:

Setup:

  • Check out this project
  • Modify the FROM and EMAILS Lambda environment variables in function.json. FROM should be the from address you want your notification emails to come from. EMAILS should be a semicolon separated list of email addresses to send notifications to.
  • Modify the role setting in function.json to point to your AWS IAM Lambda execution role with the appropriate settings. The value should be the IAM role's ARN.
  • Deploy the Lambda function to your AWS account using the apex command line tool.
  • In the AWS SNS console, add the new Lambda function as a subscription to the SNS topic that AWS Config sends notifications to.

Example IAM Lambda Execution Role:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:*"
    },
    {
       "Effect": "Allow",
       "Action": [
         "ses:SendEmail", 
         "ses:SendRawEmail"
       ],
       "Resource":"*"
     }
  ]
}