Skip to content
/ sns-topic-validator Public

Validates that necessary SNS topics are subscribed to, according to your rules

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

billtrust/sns-topic-validator

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

4 Commits
slack_webhook_post
slack_webhook_post
 
 
sns_topic_validator
sns_topic_validator
 
 
terraform
terraform
 
 
.gitignore
.gitignore
 
 
Dockerfile
Dockerfile
 
 
README.md
README.md
 
 
handler.py
handler.py
 
 
package.json
package.json
 
 
requirements.txt
requirements.txt
 
 
serverless.yml
serverless.yml
 
 

Repository files navigation

SNS Topic Validator

Validates that your SNS topics adhere to certain rules you may have, such as making sure all topics used for alerting operations staff have appropriate subscriptions. Posts the results to a slack channel. This is implemented as a Lambda function using the serverless framework.

How It Works

Below is an example of sns-assertions.json, which defines the assertions that should be made on SNS topics found in the account. Only a single subscription can be checked per assertion, so break up multiple SubscriptionExists checks into different assertions. These assertion names will be included in failure messages.

Ensure that you create a sns-assertions.json file like this and place it in the root of this repo before invoking or deploying, with whatever rules you want to validate for.

[
    {
        "AssertionName": "EnsureOpsAlertSubscribedToByOpsTeam",
        "TopicNameIncludes": "ops-alerts",
        "SubscriptionExists":
            {
            "Protocol": "email",
            "Endpoint": "[email protected]"
            }
    },
    {
        "AssertionName": "EnsureOpsSevereAlertSubscribedToByOpsTeam",
        "TopicNameIncludes": "ops-severe-alerts",
        "SubscriptionExists":
            {
            "Protocol": "email",
            "Endpoint": "[email protected]"
            }
    }
]

Terraform

# pip install iam-starter
cd terraform
export AWS_ENV="dev"
export AWS_REGION="us-east-1"
export TF_STATE_REGION="us-east-1"
export TF_STATE_BUCKET="mycompany-tfstate-$AWS_ENV"
export TF_STATE_TABLE="tfstate_$AWS_ENV"

TF_DATA_DIR="./.$AWS_ENV-terraform/" iam-starter \
    --profile $AWS_ENV \
    --command \
        "terraform init \
        -backend-config=\"region=$TF_STATE_REGION\" \
        -backend-config=\"bucket=$TF_STATE_BUCKET\" \
        -backend-config=\"dynamodb_table=$TF_STATE_TABLE\" && \
        terraform apply \
        -var \"aws_env=$AWS_ENV\" \
        -var \"aws_region=$AWS_REGION\""

Build

docker build -t sns-topic-validator .

# pip install iam-docker-run
iam-docker-run \
    --image sns-topic-validator \
    --host-source-path . \
    --container-source-path /src \
    -e AWS_DEFAULT_REGION=us-east-1 \
    -e LOG_LEVEL=info \
    --profile dev

Invoke through Serverless Framework

# pip install iam-starter
LOG_LEVEL=INFO iam-starter \
    --role iam-role-ops-devops \
    --profile dev \
    --command sls invoke local \
    -f sns-topic-validator

Deploy

export DEPLOY_BUCKET="mycompany-deploy"

iam-docker-run \
    --image sns-topic-validator \
    --profile $AWS_ENV \
    --region $AWS_REGION \
    --full-entrypoint "sls deploy --deployBucket $DEPLOY_BUCKET"

About

Validates that necessary SNS topics are subscribed to, according to your rules

Topics

aws-sns

Resources

Readme
Activity
Custom properties

Stars

0 stars

Watchers

3 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Contributors 3

  •  
  •  
  •  

Languages