Configure SNS Topic For AWS Config

Owned by Kumar Desai (Unlicensed)
Last updated: Oct 28, 2020 by Anuj Raghuram (Unlicensed)
2 min read

Overview

Before you begin

  • Ensure you have the permission to:

    • Create an SNS Topic

    • Configure an AWS Config of the region for which you want to monitor the real-time state change

  • To know more about SNS, refer to your Amazon Web Services documentation.

You’ll need to set up an AWS SNS Topic to enable the HyperCloudTM Platform (HCP) to collect configuration change and budget trigger data. You can configure SNS topics for your AWS resources in two ways:

Create a new SNS Topic  

Notes
To retrieve the HyperGrid SQS from the HyperCloud™ Platform:

  1. Log in to your HCP portal account.

  2. Navigate to Administration > System Settings > config.stream.sqs.arn.
    Example: arn:aws:sqs:us-east-2:<<HyperGridAccountID>>:config-queue

  3. Copy the HyperGrid SQS.

Mail us at support@hypergrid.com if you do not see this information under your System Settings.

Follow these steps to create a new SNS Topic:

  1. Sign in to your AWS Management Console.

  2. Open your Amazon SNS console.

  3. Create a new SNS Topic with the following name: hypergrid-config-topic.

  4. From the SNS Topic wizard, configure these settings under Access Policy:

    1. From the Define who can publish messages to the topic field – select Only the topic owner.

    2. From the Define who can subscribe to the topic field – select Only requesters with certain endpoints.

      • Enter the endpoint ARN of your HyperGrid SQS.

  5. The HyperGrid SRE subscribes HyperGrid SQS to the newly created SNS Topic.

Modify an existing SNS Topic

Notes

  • You will be modifying an existing SNS Topic associated with an ARN for HyperGrid AWS config on your AWS account and in the HCP Portal.

  • To view your SNS Topic on the HCP portal account:

    1. Log in to your HCP portal account.

    2. Navigate to System Settings > config.stream.sqs.arn.
      Example: arn:aws:sqs:us-east-2:<<HyperGridAccountID>>:config-queue

Mail us at support@hypergrid.com if you do not see this information under your System Settings.

Follow these steps to modify the access policy for an existing SNS Topic and subscribe your HyperGrid SQS to the SNS Topic. To do so, you’ll need to add the following JSON policy:

  1. Sign in to your AWS Management Console.

  2. Open your Amazon SNS Topic.

  3. Click Edit

  4. Add the JSON to your SNS Access policy to subscribe your HyperGrid SQS to SNS topic.

    { "Sid":"__console_sub_0", "Effect":"Allow", "Principal":{ "AWS":"*" }, "Action":[ "SNS:Subscribe", "SNS:Receive" ], "Resource":"arn:aws:sns:us-east-1:<<CustomerAccountID>>:Customer-Config-Topic", "Condition":{ "StringLike":{ "SNS:Endpoint":"arn:aws:sqs:us-west-2:<<HyperGridAccountID>>:HyperGrid-Config-Queue" } } }

     

  5. Contact the HyperGrid Support team to help you subscribe your HyperGrid SQS to the SNS topic.

  6. Navigate back to your AWS Config on the AWS Management Console.

  7. Verify that your AWS Config settings allow notifications to your SNS topic.

© 2020 CloudSphere