AWS::FMS::NotificationChannel - AWS CloudFormation

AWS::FMS::NotificationChannel

Designates the IAM role and Amazon Simple Notification Service (SNS) topic to use to record SNS logs.

To perform this action outside of the console, you must configure the SNS topic to allow the role AWSServiceRoleForFMS to publish SNS logs. For more information, see Firewall Manager required permissions for API actions in the AWS Firewall Manager Developer Guide.

Syntax

To declare this entity in your AWS CloudFormation template, use the following syntax:

JSON

{ "Type" : "AWS::FMS::NotificationChannel", "Properties" : { "SnsRoleName" : String, "SnsTopicArn" : String } }

YAML

Type: AWS::FMS::NotificationChannel Properties: SnsRoleName: String SnsTopicArn: String

Properties

SnsRoleName

The Amazon Resource Name (ARN) of the IAM role that allows Amazon SNS to record AWS Firewall Manager activity.

Required: Yes

Type: String

Pattern: ^([^\s]+)$

Minimum: 1

Maximum: 1024

Update requires: No interruption

SnsTopicArn

The Amazon Resource Name (ARN) of the SNS topic that collects notifications from AWS Firewall Manager.

Required: Yes

Type: String

Pattern: ^([^\s]+)$

Minimum: 1

Maximum: 1024

Update requires: No interruption

Return values

Ref

The Ref for this resource returns the SnsTopicArn. This is the Amazon Resource Name (ARN) that uniquely identifies the Amazon Simple Notification Service (Amazon SNS) topic. For example, arn:aws:sns:us-west-2:111122223333:MyTopic. For more information about SNS, see Amazon Simple Notification Service Resource Type Reference.

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource physical ID, such as 1234a1a-a1b1-12a1-abcd-a123b123456.

For more information about using the Ref function, see Ref.

Examples

Create a Firewall Manager notification channel

The following shows an example SNS notification channel for Firewall Manager.

YAML

NotificationChannel: Type: AWS::FMS::NotificationChannel Properties: SnsRoleName: !Sub arn:aws:iam::${AWS::AccountId}:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS SnsTopicArn: !Ref SnsTopic

JSON

"NotificationChannel": { "Type": "AWS::FMS::NotificationChannel", "Properties": { "SnsRoleName": { "Fn::Sub": "arn:aws:iam::${AWS::AccountId}:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS" }, "SnsTopicArn": { "Ref": "SnsTopic" } } }