Amazon Simple Notification Service (Amazon SNS) is a web service that enables applications, end-users, and devices to send and receive notifications instantly from the cloud. For more information, see Amazon Simple Notification Service Developer Guide.
AWS Control Tower uses Amazon SNS to send programmatic alerts to the email addresses of your management account and your audit account. These alerts help you prevent drift within your landing zone. For more information, see Detect and resolve drift in AWS Control Tower.
We also use Amazon Simple Notification Service to send compliance notifications from AWS Config.
Tip
One of the best ways to receive AWS Control Tower control compliance notifications (in your
audit account) is to subscribe to AggregateConfigurationNotifications.
It is a service that helps you inspect compliance. It gives you real data about AWS Config
rules going out of compliance. AWS Config automatically maintains the list of accounts in
your OU.
You must subscribe manually, using email or any type of subscription that SNS
allows. The statement
arn:aws:sns:
leads to your audit account. homeregion:account:aws-controltower-AggregateSecurityNotifications
