How can I receive custom email notifications when a resource is deleted in my AWS account using AWS Config service?

Last updated: 2021-09-16

I created an Amazon EventBridge rule to initiate on service event types when AWS resources are deleted. However, the responses are in JSON format. How can I receive an email response with a custom notification?

Resolution

You can use a custom event pattern with the EventBridge rule to match an AWS Config supported resource type. Then, route the response to an Amazon Simple Notification Service (Amazon SNS) topic.

In the following example, SNS notifications are received when an Amazon Elastic Compute Cloud (Amazon EC2) instance is terminated.

Note: You can replace the resource type for your specific AWS service.

1.    If you haven't already created an Amazon SNS topic, then follow the instructions for Getting started with Amazon SNS.

Note: The Amazon SNS topic must be in the same Region as your AWS Config service.

2.    Open the EventBridge console, and then choose Rules from the navigation pane.

3.    Choose Create rule.

4.    For Name, enter a name for your rule.

5.    For Define pattern, choose Event pattern.

6.    For Event matching pattern, choose Custom pattern.

7.    In the Event pattern preview pane, enter the following example event pattern:

{
  "source": [
    "aws.config"
  ],
  "detail-type": [
    "Config Configuration Item Change"
  ],
  "detail": {
    "messageType": [
      "ConfigurationItemChangeNotification"
    ],
    "configurationItem": {
      "configurationItemStatus": [
        "ResourceDeleted"
      ]
    }
  }
}

8.    For Target, choose SNS topic.

9.    For Topic, choose your SNS topic.

10.    Expand Configure input, and then choose Input transformer.

11.    For the Input Path text box, enter the following example path:

{
    "awsRegion": "$.detail.configurationItem.awsRegion",
    "awsAccountId": "$.detail.configurationItem.awsAccountId",
    "resource_type": "$.detail.configurationItem.resourceType",
    "resource_ID": "$.detail.configurationItem.resourceId",
    "configurationItemCaptureTime": "$.detail.configurationItem.configurationItemCaptureTime"
}

12.    For the Input Template text box, enter the following example template:

"On <configurationItemCaptureTime> AWS Config service recorded a deletion of the resource <resource_ID> type <resource_type> in the account <awsAccountId> region <awsRegion>. For more details open the AWS Config console at https://console.aws.amazon.com/config/home?region=<awsRegion>#/timeline/<resource_type>/<resource_ID>/configuration"

13.    Choose Create.

14.    If an event type is initiated, then you receive an SNS email notification with the custom fields populated from step 12 similar to the following:

"On ExampleTime AWS Config service recorded a deletion of the resource ExampleID type
 ExampleResourceType in the account ExampleAccountID region ExampleRegion. For more details open the AWS Config console at https://console.aws.amazon.com/config/home?region=*ExampleRegion*#/timeline/*ExampleResourceType*/*ExampleID*/configuration"