Email notification of EventBridge event data via SNS

TOC

Email notification of EventBridge event data via SNS

The following page shows how to invoke Lambda functions from EventBridge.

In this article, we will show you how to integrate EventBridge with SNS to notify event dates via email.

Environment

Diagram of email notification of EventBridge event data via SNS

The basic configuration is the same as the page introduced at the beginning of this article.

We will specify SNS as the destination for EventBridge integration and notify event data by e-mail.

CloudFormation template files

The above configuration is built using CloudFormation.
The CloudFormation templates are located at the following URL

https://github.com/awstut-an-r/awstut-fa/tree/main/102

Explanation of key points of the template files

This page focuses on how to notify EventBridge event data by e-mail via SNS.

SNS

Resources:
  Topic:
    Type: AWS::SNS::Topic
    Properties:
      Subscription:
        - Endpoint: !Ref MailAddress
          Protocol: email
      TopicName: !Ref Prefix
Code language: YAML (yaml)

Create a SNS topic.
Specify the email address to be notified in the topic.

For more information, please refer to the following page

EventBridge

Resources:
  EventsRule:
    Type: AWS::Events::Rule
    Properties:
      EventBusName: !Ref EventBusName
      EventPattern:
        source:
          - !Ref Prefix
      Name: !Sub "${Prefix}-EventsRule"
      State: ENABLED
      Targets:
        - Arn: !Ref TopicArn
          Id: !Ref TopicName
Code language: YAML (yaml)

Specify the aforementioned SNS topic as the target of the EventBridge rule.

Resource-based Policy for SNS

In order for EventBridge to work with SNS, it is necessary to give EventBridge permission to publish messages to SNS.

Resources:
  TopicPolicy:
    Type: AWS::SNS::TopicPolicy
    Properties:
      PolicyDocument:
        Statement:
          - Principal:
              Service: events.amazonaws.com
            Action: sns:Publish
            Effect: Allow
            Resource: !Ref TopicArn
      Topics:
        - !Ref TopicArn
Code language: YAML (yaml)

Resource-based policies are used to grant SNS-related access privileges to EventBridge.

For Lambda, Amazon SNS, Amazon SQS, and Amazon CloudWatch Logs resources, EventBridge uses resource-based policies.
Using resource-based policies for Amazon EventBridge

Note that access rights to SNS cannot be granted by an identity-based policy.
Specifically, even if you create an IAM role that allows the action sns:Publish and associate it with an EventBridge rule, it will not work as intended.

(Reference)Lambda Function

Resources:
  Function1:
    Type: AWS::Lambda::Function
    Properties:
      Code:
        ZipFile: |
          import boto3
          import datetime
          import json
          import os

          event_bus_name = os.environ['EVENT_BUS_NAME']
          detail_type = os.environ['DETAIL_TYPE']
          source = os.environ['SOURCE']

          client = boto3.client('events')

          def lambda_handler(event, context):
            detail = json.dumps(
              {
                'subject': 'EventBridge and SNS',
                'message': 'integration test.'
              }
            )

            entry = {
              'Time': datetime.datetime.now(),
              'Source': source,
              'Resources': [],
              'DetailType': detail_type,
              'Detail': detail,
              'EventBusName': event_bus_name
            }

            response = client.put_events(
              Entries=[entry,]
            )
            print(response)
      Environment:
        Variables:
          EVENT_BUS_NAME: default
          DETAIL_TYPE: eventbridge-sns-test
          SOURCE: !Ref Prefix
      FunctionName: !Sub "${Prefix}-function"
      Handler: !Ref Handler
      Runtime: !Ref Runtime
      Role: !GetAtt FunctionRole.Arn
Code language: YAML (yaml)

Send test messages to EventBridge by Python.

Architecting

Use CloudFormation to build this environment and check the actual behavior.

Create CloudFormation stacks and check resources in stacks

Create CloudFormation stacks.
For information on how to create stacks and check each stack, please refer to the following page

After checking the resources in each stack, information on the main resources created this time is as follows

EventBridge rule: fa-102-EventRule
SNS topic: fa-102
Lambda function 1: fa-102-function

Authentication of email address

If an email address is specified as a subscriber to an SNS topic, the email address must be authenticated.
The following authentication email will be sent to the specified email address.

Click “Confirm subscription” to proceed with the authentication.

The above page will appear, indicating that the authentication has been completed.

Resource Confirmation

Check each resource from the AWS Management Console.
First, check the SNS topic.

An email address is specified as a subscriber for the SNS topic.

The access policy shows that EventBridge is specified as the principal and is allowed to publish messages.
This allows EventBridge to send out event data to SNS.

Check the EventBridge rules.

You can see that the rule has been successfully created.

You can also confirm that the SNS topic is specified as the target.

Checking Operation

Now that everything is ready, execute the Lambda function.

The function has been successfully executed.

After waiting for a while, the following address is sent to the specified email address.

Indeed, we were able to notify EventBridge data via email via SNS.
The title of the email is “AWS Notification Message” and the body is the event data in JSON format.

Summary

We have introduced how to link EventBridge with SNS to send email notifications of event dates.