How can I receive custom email notifications when a resource is deleted in my AWS account using AWS Config service?

Last updated: 2019-11-21

I created an Amazon CloudWatch Events rule to trigger on service event types when AWS resources are deleted, but the responses are in JSON format. How can I receive an email response with a custom notification?  

Short Description

Use a custom event pattern with the CloudWatch Events rule to match an AWS Config supported resource type. Then, route the response to an Amazon Simple Notification Service (Amazon SNS) topic.

Resolution

In the following example, SNS notifications are received when an Amazon Elastic Compute Cloud (Amazon EC2) instance is terminated.

Note: You can replace the resource type for your specific AWS service.

1.    If you haven't already created an Amazon SNS topic, follow the instructions for Getting Started with Amazon SNS.

Note: The Amazon SNS topic must be in the same Region as your AWS Config service.

2.    Open the CloudWatch console.

3.    In the navigation pane, choose Rules, and then choose Create rule.

4.    In Event Source, choose Event Pattern.

5.    In the Build event pattern to match events by service drop-down menu, choose Custom event pattern.

6.    In the Build custom event pattern preview pane, copy and paste the following sample event pattern:

{
  "source": [
    "aws.config"
  ],
  "detail-type": [
    "Config Configuration Item Change"
  ],
  "detail": {
    "messageType": [
      "ConfigurationItemChangeNotification"
    ],
    "configurationItem": {
      "configurationItemStatus": [
        "ResourceDeleted"
      ]
    }
  }
}

7.    In Targets, choose Add target.

8.    Choose the target drop-down menu, and then choose SNS topic.

9.    In Topic, choose your SNS topic.

10.   Expand Configure input, and then choose Input Transformer.

11.   In the Input Path text box, copy and paste the following sample path:

{
    "awsRegion": "$.detail.configurationItem.awsRegion",
    "awsAccountId": "$.detail.configurationItem.awsAccountId",
    "resource_type": "$.detail.configurationItem.resourceType",
    "resource_ID": "$.detail.configurationItem.resourceId",
    "configurationItemCaptureTime": "$.detail.configurationItem.configurationItemCaptureTime"
}

12.   In the Input Template text box, copy and paste the following example template:

"On <configurationItemCaptureTime> AWS Config service recorded a deletion of the resource <resource_ID> type <resource_type> in the account <awsAccountId> region <awsRegion>. For more details open the AWS Config console at https://console.aws.amazon.com/config/home?region=<awsRegion>#/timeline/<resource_type>/<resource_ID>/configuration"

13.   Choose Configure details.

14.   In Name, enter a name for your rule, and then choose Create rule.

15.   If an event type is triggered, you receive an SNS email notification with the custom fields populated from step 12 similar to the following:

"On ExampleTime AWS Config service recorded a deletion of the resource ExampleID type
 ExampleResourceType in the account ExampleAccountID region ExampleRegion. For more details open the AWS Config console at https://console.aws.amazon.com/config/home?region=*ExampleRegion*#/timeline/*ExampleResourceType*/*ExampleID*/configuration"