I want to receive an email when my AWS CloudFormation stack gets a ROLLBACK_IN_PROGRESS notification during stack creation. How can I set up these email alerts?

Follow these steps to use Amazon Simple Notification Service (Amazon SNS) and AWS Lambda to send email alerts for ROLLBACK_IN_PROGRESS CloudFormation stack notifications:

  1. Create an SNS topic and subscription for email alerts.
  2. Create an AWS Identity and Access Management (IAM) policy that allows Lambda to publish to the SNS topic for email alerts.
  3. Attach the IAM policy to an IAM role for Lambda.
  4. Create a Lambda function and assign the IAM role that you created.
  5. Create a second SNS topic and subscription to notify the Lambda function.
  6. Update the Lambda function with a script that publishes to the SNS topic for email alerts when there's a "ROLLBACK_IN_PROGRESS" notification.
  7. Set your CloudFormation stack to send all notifications to the SNS topic that notifies the Lambda function.

After you complete this procedure, the notification process is as follows:

  1. Your CloudFormation stack sends all notifications to the SNS topic that notifies the Lambda function.
  2. The Lambda function parses notifications and sends only "ROLLBACK_IN_PROGRESS" notifications to a second SNS topic, configured for email alerts.
  3. This second SNS topic then sends an email subscribers regarding the "ROLLBACK_IN_PROGRESS" message.

Create an SNS topic and subscription for email alerts

1.    Open the Amazon SNS console.

2.    In the navigation pane, choose Topics. Then, choose Create new topic.

3.    For Topic name, type a topic name.

4.    For Display name, type a display name.

5.    Choose Create topic.

6.    Make a note of your topic's ARN. You need this ARN in a later step.

7.    Select your topic from the resource list. Then, choose Actions, Subscribe to topic.

8.    For Protocol, choose Email.

9.    For Endpoint, type your email address.

10.   Choose Create subscription.

11.   The email address you typed in step #9 will receive a subscription confirmation email from Amazon SNS. From the confirmation email message, choose Confirm subscription.

Create an IAM policy that allows Lambda to publish to the SNS topic for email alerts

Note: This policy also allows Lambda to write to Amazon CloudWatch Logs.

1.    Open the IAM console.

2.    In the navigation pane, choose Policies. Then, choose Create policy.

3.    Choose the JSON view. Then, copy and paste the following policy.
Note: You must replace {SNS topic ARN for email alerts} with the ARN for the SNS topic that you created for email alerts.

{   "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "sns:Publish"
            ],
            "Resource": [
                "{SNS topic ARN for email alerts}"
            ]
        },
        {
            "Effect": "Allow",
            "Action": [
                "logs:CreateLogGroup",
                "logs:CreateLogStream",
                "logs:PutLogEvents"
            ],
            "Resource": "arn:aws:logs:*:*:*"
        }
    ]
}

4.    Choose Review policy.

5.    For Name, type a policy name.

6.    Choose Create policy.

Attach the IAM policy to an IAM role for Lambda

1.    Open the IAM console.

2.    In the navigation pane, choose Roles. Then, choose Create role.

3.    For Select type of trusted entity, choose AWS service.

4.    For Choose the service that will use this role, choose Lambda.

5.    Choose Next: Permissions.

6.    In the search bar, type the name of the policy that you created. Then, choose your policy.

7.    Choose Next: Review.

8.    For Role name, type a role name.

9.    Choose Create role.

Create a Lambda function and assign the IAM role that you created

1.    Open the AWS Lambda console.

2.    Choose Create function.

3.    Choose Author from scratch.

4.    For Name, type a name for the Lambda function.

5.    For Runtime, choose Node.js 4.3.

6.    For Role, select Choose an existing role.

7.    For Existing role, choose the IAM role that you created.

8.    Choose Create function.

Create a second SNS topic and subscription to notify the Lambda function

1.    Open the Amazon SNS console.

2.    In the navigation pane, choose Topics. Then, choose Create new topic.

3.    For Topic name, type a topic name.

4.    For Display name, type a display name.

5.    Choose Create topic.

6.    Choose your topic from the resource list. Then, choose Actions, Subscribe to topic.

7.    For Protocol, choose AWS Lambda.

8.    For Endpoint, choose the Lambda function that you created.

9.    Choose Create subscription.

Update the Lambda function with a script that publishes to the SNS topic for email alerts when there's a ROLLBACK_IN_PROGRESS notification

1.    Open the Lambda function that you created.

2.    In the Function code view, replace the code section with the following script.
Note: You must replace {SNS topic ARN for email alerts} with the ARN for the SNS topic that you created for email alerts. Additionally, you must replace the value for AWS.config.region with the correct value for your use case.

topic_arn = "{SNS topic ARN for email alerts}";
var AWS = require('aws-sdk'); 
AWS.config.region_array = topic_arn.split(':'); // splits the ARN in to and array 
AWS.config.region = AWS.config.region_array[3];  // makes the 4th variable in the array (will always be the region)

// ####################   BEGIN LOGGING   ########################

console.log(topic_arn);   // just for logging to the that the var was parsed correctly
console.log(AWS.config.region_array); // to see if the SPLIT command worked
console.log(AWS.config.region_array[3]); // to see if it got the region correctly
console.log(AWS.config.region); // to confirm that it set the AWS.config.region to the correct region from the ARN

// ####################  END LOGGING (you can remove this logging section)  ########################

exports.handler = function(event, context) {
    const message = event.Records[0].Sns.Message;
    if (message.indexOf("ROLLBACK_IN_PROGRESS") > -1) {
        var fields = message.split("\n");
        subject = fields[11].replace(/['']+/g, '');
        send_SNS_notification(subject, message);   
    }
};

function send_SNS_notification(subject, message) {
    var sns = new AWS.SNS();
    subject = subject + " is in ROLLBACK_IN_PROGRESS";
    sns.publish({ 
        Subject: subject,
        Message: message,
        TopicArn: topic_arn
    }, function(err, data) {
        if (err) {
            console.log(err.stack);
            return;
        } 
        console.log('push sent');
        console.log(data);
    });
}

3.    In the Designer view (above the Function code view), under Add triggers, choose SNS.

4.    Under Configure triggers, for SNS topic, choose the SNS topic that you created to notify the Lambda function.

5.    Choose Add.

6.    Choose Save.

Set your CloudFormation stack to send all notifications to the SNS topic that notifies the Lambda function

If you're using the AWS CloudFormation Console to create a stack, follow these steps:

1.    Under Options, expand Advanced.

2.    For Notification options, choose Existing Amazon SNS topic.

3.    Choose the SNS topic you created to notify the Lambda function.

4.    Continue with the steps to create your stack.

If you're using the AWS Command Line Interface (AWS CLI) to create a stack, use the --notification-arns command to send notifications to the SNS topic that notifies the Lambda function. Type the ARN of the SNS topic as the value.


Did this page help you? Yes | No

Back to the AWS Support Knowledge Center

Need help? Visit the AWS Support Center

Published: 2017-07-03

Updated: 2018-05-17