Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 7 Next »

Before you begin
Ensure you have permissions to create SNS Topic and configure AWS Config for the region you would like to monitor real time state change.
Overview
This topic describes the steps to setup an AWS SNS Topic so HyperCloud™ can collect configuration changes and budget triggers. There are 2 ways to configure SNS topics and use them for AWS resources:

  1. Create a new SNS Topic and configure AWS Config Settings to send notifications to these newly created SNS topics
  2. Modify an existing SNS topic which are already setup to receive notification from AWS Config

Create a new SNS Topic for Config Stream 
This topic describes the steps to create a new SNS topic if the AWS Account does not have an existing SNS topic readily available.
Note: Obtain the HyperGrid SQS from *HyperCloud™ Portal  System Settings * config.stream.sqs.arn for example: arn:aws:sqs:us-east-2:<<HyperGridAccountID>>:config-queue. Contact support@hypergrid.com in case this information is not available.

  1. From SNS, create a topic with the following name: hypergrid-config-topic
  2. In the SNS topic wizard, under Access Policy configure the following:
    1. Define who can publish messages to the topic - Only the topic owner
    2. Define who can subscribe to the topic – select *Only requesters with certain endpoints  enter the endpoint ARN of HyperGrid SQS*
  3. Next, HyperGrid SRE will subscribe the HyperGrid SQS to the SNS topic created in this topic.

Modify an existing SNS topic for Config Stream
This topic describes the steps to modify the access policy of an existing SNS topic so HyperGrid SQS can subscribe to the SNS Topic. Use the following JSON policy allow HyperGrid SQS to subscribe to the SNS topic.
Note: This will be an ARN for the config-queue created on the HyperGrid AWS account and is also configured in the *HyperCloud™ Portal  System Settings * config.stream.sqs.arn for example: arn:aws:sqs:us-east-2:<<HyperGridAccountID>>:config-queue. Contact support@hypergrid.com in case this information is not available.

  1. From the *AWS console  SNS*  select the SNS Topic and click Edit

  2. Under the Access policy  Add the following JSON to permit HyperGrid SQS to subscribe to SNS topic.

    {
    "Sid": "__console_sub_0",
    "Effect": "Allow",
    "Principal": {
    "AWS": "*"
    },
    "Action": [
    "SNS:Subscribe",
    "SNS:Receive"
    ],
    "Resource": "arn:aws:sns:us-east-1:<<CustomerAccountID>>:Customer-Config-Topic",
    "Condition": {
    "StringLike": {
    "SNS:Endpoint": "arn:aws:sqs:us-west-2:<<HyperGridAccountID>>:HyperGrid-Config-Queue"
    }
    }
    }
  3. Notify the HyperGrid Support team to subscribe the HyperGrid SQS to the SNS topic created for AWS Config stream.
  4. Return to AWS config and ensure that the AWS config settings are configured to send notifications to this SNS topic config-topic
  • No labels

© 2020 CloudSphere