3

I have one SNS topic and it has two subscriptions, one is pagerduty API and other is pagerdutyEmail. I want to exclude alarms from pagerduty Email subscription using subscription filter policy for that topic.

I am not sure how I should exclude it, Does filter policy has like option

I tried to use below but doesnt work.

  "AlarmArn": [
    {
      "prefix": "arn:aws:cloudwatch"
    }
  ]
}
Madhu
  • 367
  • 2
  • 7
  • 20
  • you want to keep both subscription be active and it should exclude while triggering SNS ? you can make inactive email subscription. – Avinash Dalvi Nov 18 '20 at 18:50

3 Answers3

2

I don't think that the Subscription filter policy would allow you to filter the Cloudwatch Alarms based on Alarm ARN or any other metadata that is sent in the Cloudwatch JSON payload.

The filter policy expects a MessageAttributes field in the payload sent to the SNS topic, and that field should contain the attributes based on which you would like to add your filter policy to filter your notifications.

The JSON payload sent by a Cloudwatch Alarm doesn't contain those attributes as can be seen in the sample payload below:

{
    "Type": "Notification",
    "MessageId": "xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx",
    "TopicArn": "arn:aws:sns:eu-west-1:000000000000:cloudwatch-alarms",
    "Subject": "ALARM: \"Example alarm name\" in EU - Ireland",
    "Message": "{\"AlarmName\":\"Example alarm name\",\"AlarmDescription\":\"Example alarm description.\",\"AWSAccountId\":\"000000000000\",\"NewStateValue\":\"ALARM\",\"NewStateReason\":\"Threshold Crossed: 1 datapoint (10.0) was greater than or equal to the threshold (1.0).\",\"StateChangeTime\":\"2017-01-12T16:30:42.236+0000\",\"Region\":\"EU - Ireland\",\"OldStateValue\":\"OK\",\"Trigger\":{\"MetricName\":\"DeliveryErrors\",\"Namespace\":\"ExampleNamespace\",\"Statistic\":\"SUM\",\"Unit\":null,\"Dimensions\":[],\"Period\":300,\"EvaluationPeriods\":1,\"ComparisonOperator\":\"GreaterThanOrEqualToThreshold\",\"Threshold\":1.0}}",
    "Timestamp": "2017-01-12T16:30:42.318Z",
    "SignatureVersion": "1",
    "Signature": "Cg==",
    "SigningCertUrl": "https://sns.eu-west-1.amazonaws.com/SimpleNotificationService-xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx.pem",
    "UnsubscribeUrl": "https://sns.eu-west-1.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:eu-west-1:000000000000:cloudwatch-alarms:xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx"
}

I've tested a filter policy using one of the key-value pairs available in the Cloudwatch payload but it didn't work for me.

Refer Doc:
https://docs.aws.amazon.com/sns/latest/dg/sns-subscription-filter-policies.html

You may have to write a Lambda Function using your preferred client library and use Pagerduty Events API to work out a solution.

Refer:
https://developer.pagerduty.com/docs/tools-libraries/client-libraries/ https://developer.pagerduty.com/docs/events-api-v2/trigger-events/

Devesh
  • 21
  • 3
0

The filter above actually matches the messages with the AlarmArn with prefix arn:was:cloudwatch.

You might try to use anything-but command.

"AlarmArn": [{
    "anything-but": [{
        "prefix": "arn.aws.cloudwatch"
    }]
}]

See https://docs.aws.amazon.com/sns/latest/dg/sns-subscription-filter-policies.html for more information

Milan Gatyás
  • 2,509
  • 1
  • 17
  • 23
0

As of today, SNS supports payload-based message filtering too. Therefore, you can now filter the events coming from your CloudWatch alarms. More info: https://aws.amazon.com/about-aws/whats-new/2022/11/amazon-sns-payload-based-message-filtering/

Otavio Ferreira
  • 755
  • 6
  • 11