4 posts tagged with "SNS"

Introduction​

In cloud operations, timely notifications are crucial. Whether dealing with a security incident from AWS GuardDuty, a backup failure, or any other significant event, having a streamlined process to receive and act upon alerts is essential. Traditionally, AWS users set up notifications through complex patterns involving AWS CloudTrail, EventBridge, and Lambda. However, AWS has recently introduced a new service designed to simplify this process significantly: AWS User Notifications.

In this blog, we'll walk through the benefits of this new service and how it streamlines the notification setup process compared to the traditional methods.

The Traditional Notification Setup​

Historically, setting up notifications involved several AWS services:

1. CloudTrail : Events captured by CloudTrail.
2. EventBridge : Rules in EventBridge to capture and process these events.
3. Lambda : Lambda functions to parse events and send formatted notifications.
4. SNS : For sending out emails or SMS notifications.

For instance, if AWS GuardDuty detected a potential security incident, you'd need to:

• Create a rule in EventBridge to catch GuardDuty findings.
• Write Lambda functions to process these events.
• Use SNS to send notifications, often requiring custom formatting in Lambda.

While effective, this setup can be complex and involves considerable manual configuration and coding.

The New AWS User Notifications Service​

AWS has introduced a more straightforward approach with the AWS User Notifications service. This new service allows you to set up notifications with minimal configuration, bypassing the need for complex EventBridge rules and Lambda functions.

Setting Up Notifications with AWS User Notifications​

Here's a step-by-step guide on how to set up notifications using the new service:

1. Access AWS User Notifications

   • Go to the AWS Management Console and search for "User Notifications."
   • Open the User Notifications configuration page.

2. Create a New Notification Configuration

   • Click “Create Notification Configuration.”
   • Provide a name for the notification, such as "GuardDuty Notification."
   • Optionally, add a description.

3. Choose the Notification Source

   • Select the source of your notification. For example, choose "CloudWatch" for monitoring AWS CloudWatch events.
   • Specify the type of events you want to receive notifications for, such as "GuardDuty findings."

4. Configure Notification Details

   • Choose the AWS region you want to monitor, such as "Virginia."
   • Set up advanced filters if needed. This helps narrow down the events you want to capture, like focusing only on critical findings.
   • Decide on the aggregation period (e.g., 5 minutes, 12 hours) if you want to aggregate notifications.

5. Specify Notification Recipients

   • Enter the email addresses or other notification channels where alerts should be sent. You can use AWS's built-in options or integrate with chat channels.

6. Review and Create

   • Review your configuration.
   • Click "Create Notification Configuration" to finalize.

Comparing AWS User Notifications with Traditional Methods​

Simplicity : User Notifications significantly reduce complexity by eliminating the need for multiple services like EventBridge and Lambda for basic notification setups. You configure everything in a single interface with minimal coding.

Customization : While traditional setups offer extensive customization through Lambda functions, User Notifications provide a more user-friendly approach with options for advanced filters and predefined notification formats.

Speed : The new service allows for quicker setup and deployment of notifications, making it easier to address urgent issues promptly without extensive configuration.

Use Cases​

1. GuardDuty Alerts : Set up notifications for any security findings immediately, ensuring you can respond to potential threats without delay.

2. AWS Config : Receive alerts for configuration changes, focusing on non-compliant changes to avoid information overload.

3. Backup Failures : Get notifications for failed backup jobs to ensure data protection measures are always active.

4. Health Checks : Monitor AWS service health events to stay informed about the operational status of your AWS environment.

Conclusion​

AWS User Notifications is a game-changer for simplifying the notification setup process. It reduces the complexity involved in configuring notifications and allows you to focus on addressing issues rather than managing notification infrastructure. By leveraging this new service, you can ensure that critical alerts are delivered promptly and efficiently.

For detailed guides and additional information, check out the AWS documentation and stay updated with the latest AWS features.

Feel free to reach out with any questions or comments, and don't forget to subscribe for more updates!

Centralized Management of AWS Services Using AWS Organizations​

AWS Organizations provides a unified way to manage and govern your AWS environment as it grows. This blog post details how you can use AWS Organizations to centrally manage your services, thereby simplifying administration, improving security, and reducing operational costs.

Why Use AWS Organizations?​

AWS Organizations enables centralized management of billing, control access, compliance, security, and resource sharing across AWS accounts. Instead of managing services individually in each account, AWS Organizations lets you administer them from a single location.

Advantages of Centralized Management:​

a. Efficiency: Manage multiple AWS accounts from a single control point. b. Cost Savings: Reduce operational costs through centralized management. c. Enhanced Security: Apply consistent policies and compliance standards across all accounts. d. Simplified Operations: Streamline monitoring, backup, and administrative tasks.

Step-by-Step Guide to Centralized Backup Management​

Managing backups across multiple AWS accounts can be complex. AWS Backup allows you to centralize and automate data protection across AWS services. Here’s how you can set up centralized backup management using AWS Organizations:

1. Setting Up AWS Organizations:​

a. Create an AWS Organization: i) Navigate to the AWS Organizations console. ii) Click on "Create organization" and follow the prompts.

b. Add Accounts to Your Organization: i) Add existing accounts or create new ones. ii) Ensure all accounts you want to manage are part of the organization.

2. Enabling Centralized Backup:​

a. Navigate to AWS Backup: i) Open the AWS Backup console from the management account. ii) This is where you'll configure backup plans and policies.

b. Create a Backup Plan:

i) Click on "Create backup plan." ii) Define your backup rules (e.g., frequency, retention period).

• Specify the resources to back up (e.g., EC2 instances, RDS databases).

c. Assign the Backup Plan: i) Use tags to assign resources to the backup plan. ii) For instance, tag all EC2 instances you want to back up with Backup:Production.

3. Delegating Administration:​

a. Create a Delegated Administrator Account: i) Designate one account as the delegated administrator. ii) This account will handle backup management for all other accounts.

b. Set Up Cross-Account Roles: i) Create IAM roles in each member account. ii) Assign these roles the necessary permissions for backup operations. iii) Ensure the roles allow cross-account access to the delegated administrator account.

4. Configuring Backup Policies:​

a. Enable Backup Policies: i) From the AWS Backup console, enable backup policies. ii) Define and apply these policies to all accounts within the organization.

b. Monitor Backups: i) Use AWS Backup's centralized dashboard to monitor the status of your backups. ii) Set up notifications for backup failures or successes.

5. Using Additional AWS Services:​

AWS Organizations supports various other services that can be centrally managed. Some examples include:

• a. AWS GuardDuty: Centralized threat detection.
• b. AWS Config: Compliance auditing and monitoring.
• c. AWS CloudTrail: Logging and monitoring account activity.
• d. AWS Identity and Access Management (IAM): Centralized access control and user management.

Ready to take your cloud infrastructure to the next level? Please reach out to us Contact Us

Conclusion​

Leveraging AWS Organizations can streamline the management of your AWS environment, ensuring consistent backup policies, enhancing security, and reducing operational overhead. Centralized management not only simplifies your administrative tasks but also provides a unified view of your organization's compliance and security posture.

When it comes to choosing the right container service for your application, AWS offers a myriad of options, each tailored to specific needs and use cases. This guide aims to provide a comprehensive overview of when and how to use various AWS container services, based on our extensive research and industry experience.

Please refer The Ultimate AWS ECS and EKS Tutorial

Understanding Containers and Their Use Cases​

Containers have revolutionized the way applications are developed and deployed. They offer portability, consistency, and efficiency, making them ideal for various scenarios, from microservices architectures to machine learning orchestration.

Service Orchestration​

Service orchestration involves managing and coordinating multiple services or microservices to work together seamlessly. Containers play a crucial role in this by ensuring that each service runs in its isolated environment, thereby reducing conflicts and improving scalability.

Popular Options for Service Orchestration​

1. Kubernetes Service

   • Pros: Fully managed, scalable, extensive community support.
   • Cons: Complex setup, significant operational overhead.

2. Red Hat OpenShift on AWS (ROSA)

   • Overview: A third-party service similar to Kubernetes, managed by OpenShift.
   • Pros: Robust management platform, popular among enterprise clients.
   • Cons: Similar complexity to Kubernetes.

3. AWS Elastic Container Service (ECS)

   • Overview: AWS's native container orchestration service.
   • Pros: Seamless integration with AWS services, flexible deployment options (EC2, Fargate).
   • Cons: Limited to AWS ecosystem.

Machine Learning Orchestration​

Deploying machine learning models in containers allows for a consistent and portable environment across different stages of the ML pipeline, from training to inference.

1. AWS Batch
   • Overview: A native service designed for batch computing jobs, including ML training and inference.
   • Pros: Simplifies job scheduling and execution, integrates well with other AWS ML services.
   • Cons: Best suited for batch jobs, may not be ideal for real-time inference.

Web Applications.Please check out our web services Refer website solutions
​

Containers can also streamline the deployment and management of web applications, providing a consistent environment across development, testing, and production.

1. AWS Elastic Beanstalk

   • Overview: A legacy service that simplifies application deployment and management.
   • Pros: Easy to use, good for traditional web applications.
   • Cons: Considered outdated, fewer modern features compared to newer services.

2. AWS App Runner

   • Overview: A newer service that simplifies running containerized web applications and APIs.
   • Pros: Supports container deployments, integrates with AWS ECR.
   • Cons: Limited to ECR for container images, still relatively new.

Serverless Options​

For applications that don't require a full-fledged orchestration setup, serverless options like AWS Lambda can be a good fit.

1. AWS Lambda

   • Pros: Scalable, supports multiple languages, cost-effective for short-running functions.
   • Cons: Limited to 15-minute execution time, may require step functions for longer processes.

2. Amazon EC2 vs. Amazon LightSail

   • Amazon EC2: Provides full control over virtual machines, suitable for custom setups.
   • Amazon LightSail: Simplifies VM deployment with pre-packaged software, ideal for quick deployments like WordPress.

Decision Tree for Choosing AWS Container Services​

To help you choose the right service, consider the following decision tree based on your specific needs:

1. Service Orchestration Needed?

   • Yes: Consider Kubernetes, ROSA, or ECS.
   • No: Move to the next question.

2. Serverless Invocation?

   • Yes: If processing time < 15 minutes, use AWS Lambda. If > 15 minutes, consider App Runner.
   • No: Proceed to provisioned infrastructure options.

3. Provisioned Infrastructure?

   • Yes: Choose between Amazon EC2 for full control or Amazon LightSail for simplified setup.

4. Machine Learning Orchestration?

   • Yes: Use AWS Batch for batch jobs.
   • No: Skip to web application options.

5. Web Application Deployment?

   • Yes: Use Elastic Beanstalk for legacy applications or App Runner for modern containerized applications.

Conclusion​

AWS offers a robust set of services for container orchestration, machine learning, web applications, and serverless computing. Understanding the strengths and limitations of each service can help you make informed decisions and optimize your application architecture. Ready to take your cloud infrastructure to the next level? Please reach out to us Contact Us

In our interconnected digital world, managing email efficiently and securely is a critical aspect of business operations. This post delves into a sophisticated setup using Amazon Web Services (AWS) that ensures your organization's email communication remains robust and responsive. Specifically, we will explore using AWS Simple Email Service (SES) in conjunction with Simple Notification Service (SNS) and AWS Lambda to handle email bounces and complaints effectively.

Understanding the Components​

Before diving into the setup, let's understand the components involved:

• AWS SES: An email service that enables you to send and receive emails securely.
• AWS SNS: A flexible, fully managed pub/sub messaging and mobile notifications service for coordinating the delivery of messages to subscribing endpoints and clients.
• AWS Lambda: A serverless compute service that runs your code in response to events and automatically manages the underlying compute resources.

Read about SES Part - 1

The Need for Handling Bounces and Complaints​

Managing bounces and complaints efficiently is crucial for maintaining your organization’s email sender reputation. High rates of bounces or complaints can affect your ability to deliver emails and could lead to being blacklisted by email providers.

Step-by-Step Setup​

Step 1: Configuring SES​

First, configure your AWS SES to handle outgoing emails. This involves:

• Setting up verified email identities (email addresses or domains from which you'll send emails).
• Creating configuration sets in SES to specify how emails should be handled and tracked.

Step 2: Integrating SNS for Notifications​

The next step is to set up AWS SNS to receive notifications from SES. This is crucial for real-time alerts on email bounces or complaints:

• Create an SNS topic that SES will publish to when specified events (like bounces or complaints) occur.
• Configure your SES configuration set to send notifications to the created SNS topic.

{
  "Version": "2008-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Principal": {
        "Service": "ses.amazonaws.com"
      },
      "Action": "SNS:Publish",
      "Resource": "arn:aws:sns:us-east-1:<account number>:SES-tracking",
      "Condition": {
        "StringEquals": {
          "AWS:SourceAccount": "<account number>"
        },
        "StringLike": {
          "AWS:SourceArn": "arn:aws:ses:*"
        }
      }
    }
  ]
}

Step 3: Using AWS Lambda for Automated Responses​

With SNS in place, integrate AWS Lambda to automate responses based on the notifications:

• Create a Lambda function that will be triggered by notifications from the SNS topic.
• Program the Lambda function to execute actions like logging the incident, updating databases, or even triggering remedial workflows.

import boto3, os, json
from botocore.exceptions import ClientError

# Set the global variables
fromEmail= str(os.getenv('from_email','from email address'))
ccEmail = str(os.getenv('cc_email','cc email address'))
toEmail = str(os.getenv('cc_email','to email address'))

awsRegion = str(os.getenv('aws_region','us-east-1'))
# The character encoding for the email.
CHARSET = "UTF-8"

# Create a new SES resource and specify a region.
sesClient = boto3.client('ses',region_name=awsRegion)

def sendSESAlertEmail(eventData):
    message = eventData['Records'][0]['Sns']['Message']
    print("message = "+message)
    
    bouceComplaintMsg = json.loads(message)
    print("bouceComplaintMsg == "+str(bouceComplaintMsg))

    json_formatted_str_text = pp_json(message )
    if "bounce" in bouceComplaintMsg:
        print("Email is bounce")

        # The email body for recipients with non-HTML email clients.
        BODY_TEXT = "SES: Bounce email notification" +"\r\n"+json_formatted_str_text        

        bounceEmailAddress = bouceComplaintMsg['bounce']['bouncedRecipients'][0]['emailAddress'] 
        bounceReason = bouceComplaintMsg['bounce']['bouncedRecipients'][0]['diagnosticCode'] 
        print("bounceEmailAddress == "+bounceEmailAddress)
        print("bounceReason == "+bounceReason)

        subject = "SES Alert: Email to "+bounceEmailAddress+" has bounced"

        # The HTML body of the email.
        BODY_HTML = """<html>
        <head></head>
        <body>
        <p>Email to %(bounceEmailAddressStr)s has bounced</p>
        <p>Reason: %(bounceReasonStr)s</p>
        <p>Complete details:%(jsonFormattedStr)s</p>
        </body>
        </html>""" %  { "bounceEmailAddressStr": bounceEmailAddress, "bounceReasonStr": bounceReason, "jsonFormattedStr": json_formatted_str_text}
        sendSESEmail (subject, BODY_TEXT, BODY_HTML)
    else:
        print("Email is Complaint")

        # The email body for recipients with non-HTML email clients.
        BODY_TEXT = "SES: Complaint email notification" +"\r\n"+json_formatted_str_text         

        complaintEmailAddress = bouceComplaintMsg['complaint']['complainedRecipients'][0]['emailAddress'] 
        complaintReason = bouceComplaintMsg['complaint']['complaintFeedbackType']
        print("complaintEmailAddress == "+complaintEmailAddress)
        print("complaintReason == "+complaintReason)

        subject = "SES Alert: Email "+complaintEmailAddress+" has raised a Complaint"

        # The HTML body of the email.
        BODY_HTML = """<html>
        <head></head>
        <body>
        <p>Email %(complaintEmailAddressStr)s has raised a Complaint</p>
        <p>Reason: %(complaintReasonStr)s</p>
        <p>Complete details:%(jsonFormattedStr)s</p>
        </body>
        </html>""" %  { "complaintEmailAddressStr": complaintEmailAddress, "complaintReasonStr": complaintReason, "jsonFormattedStr": json_formatted_str_text}
        sendSESEmail (subject, BODY_TEXT, BODY_HTML)


def sendSESEmail(SUBJECT, BODY_TEXT, BODY_HTML):
    # Send the email.
    try:
        #Provide the contents of the email.
        response = sesClient.send_email(
            Destination={
                'ToAddresses': [
                    toEmail,
                ],
                'CcAddresses': [
                    ccEmail,
                ]
            },
            Message={
                'Body': {
                    'Html': {
                        'Charset': CHARSET,
                        'Data': BODY_HTML,
                    },
                    'Text': {
                        'Charset': CHARSET,
                        'Data': BODY_TEXT,
                    },
                },
                'Subject': {
                    'Charset': CHARSET,
                    'Data': SUBJECT,
                },
            },
            Source=fromEmail,
        )
        print("SES Email Sent.....")
    # Display an error if something goes wrong. 
    except ClientError as e:
        print("SES Email sent! Message ID:"+ e.response['Error']['Message'])
    else:
        print("SES Email sent! Message ID:" + response['MessageId'])

def pp_json(json_thing, sort=True, indents=4):
    if type(json_thing) is str:
        print("json is a str")
        return (json.dumps(json.loads(json_thing), sort_keys=sort, indent=indents).replace(' ', '&nbsp;').replace('\n', '<br>'))
    else:
        return (json.dumps(json_thing, sort_keys=sort, indent=indents).replace(' ', '&nbsp;').replace('\n', '<br>'))

def lambda_handler(event, context):
    print(event)
    sendSESAlertEmail(event)

Step 4: Testing and Validation​

Once configured, it's important to test the setup:

• Send test emails that will trigger bounce or complaint notifications.
• Verify that these notifications are received by SNS and correctly trigger the Lambda function.

Step 5: Monitoring and Adjustments​

Regularly monitor the setup through AWS CloudWatch and adjust configurations as necessary to handle any new types of email issues or to refine the process.

Advanced Considerations​

Consider exploring more advanced configurations such as:

• Setting up dedicated Lambda functions for different types of notifications.
• Using AWS KMS (Key Management Service) for encrypting the messages that flow between your services for added security.

Please refer our Newsletter where we provide solutions to creating customer marketing newsletter.

Conclusion​

This setup not only ensures that your organization responds swiftly to critical email events but also helps in maintaining a healthy email environment conducive to effective communication. Automating the handling of email bounces and complaints with AWS SES, SNS, and Lambda represents a proactive approach to infrastructure management, crucial for businesses scaling their operations.