# What are notifications?
The notifications feature in the Developer Tools console is a notifications manager for subscribing to events in AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy and AWS CodePipeline. It has its own API, AWS CodeStar Notifications. You can use the notifications feature to quickly notify users about events in the repositories, build projects, deployment applications, and pipelines that are most important to their work. A notifications manager helps make users aware of events that occur on repositories, builds, deployments, or pipelines so that they can quickly take action, such as approving changes or correcting errors.
## What can I do with notifications?
You can use the notifications feature to create and manage notification rules to notify users of important changes to their resources, including:
+ Build successes and failures in CodeBuild build projects.
+ Deployment successes and failures in CodeDeploy applications.
+ Creation of and updates in pull requests, including comments on code, in CodeCommit repositories.
+ Manual approval statuses and pipeline runs in CodePipeline.
You can set up notifications so that they go to user email addresses that are subscribed to an Amazon SNS topic. You can also integrate this feature with [AWS Chatbot](https://docs.aws.amazon.com/chatbot/latest/adminguide/what-is.html) and have notifications delivered to Slack channels, Microsoft Teams channel, or Amazon Chime chatrooms.
## How do notifications work?
When you configure a notification rule for a supported resource, such as a repository, build project, application, or pipeline, the notifications feature creates an Amazon EventBridge rule that monitors for the events you specify. When an event of that type occurs, the notification rule sends notifications to the Amazon SNS topics specified as targets for that rule. Subscribers to those targets receive notifications about those events.
## How do I get started with notifications?
To get started, here are some useful topics to review:
+ **Learn** about the [concepts](concepts.md) for notifications.
+ **Set up** the [resources you need](setting-up.md) to start working with notifications.
+ **Get started** with your [first notification rules](getting-started.md) and receive your first notifications.
# Notification concepts
Setting up and using notifications is easier if you understand the concepts and terms. Here are some concepts to know about as you use notifications.
**Topics**
+ [Notifications](#notifications)
+ [Notification rules](#rules)
+ [Events](#events)
+ [Detail types](#detail-type)
+ [Targets](#targets)
+ [Notifications and AWS CodeStar Notifications](#concepts-api)
+ [Events for notification rules on repositories](#events-ref-repositories)
+ [Events for notification rules on build projects](#events-ref-buildproject)
+ [Events for notification rules on deployment applications](#events-ref-deployapplication)
+ [Events for notification rules on pipelines](#events-ref-pipeline)
## Notifications
A *notification* is a message that contains information about events that occur in the resources you and your developers use. You can set up notifications so that users of a resource, such as a build project, repository, deployment application, or pipeline, receive emails about the event types you specify according to the notification rule you create.
Notifications for AWS CodeCommit can contain user identity information, such as a display name or an email address, through the use of session tags. CodeCommit supports the use of session tags, which are key-value pair attributes that you pass when you assume an IAM role, use temporary credentials, or federate a user in AWS Security Token Service (AWS STS). You can also associate tags with an IAM user. CodeCommit includes the values for `displayName` and `emailAddress` in notification content if those tags are present. For more information, see [Using tags to provide additional identity information in CodeCommit](https://docs.aws.amazon.com/codecommit/latest/userguide/security-iam.html#security_iam_service-with-iam-tags).
**Important**
Notifications include project-specific information such as build status, deployment status, lines of code that have comments, and pipeline approvals. Notification content might change as new features are added. As a security best practice, you should regularly review the targets of notification rules and the Amazon SNS topic subscribers. For more information, see [Understanding notification contents and security](security.md#security-notifications).
## Notification rules
A *notification rule* is an AWS resource that you create to specify when and where notifications are sent. It defines:
+ The conditions under which a notification is created. These conditions are based on events that you choose, which are specific to the resource type. Supported resource types include build projects in AWS CodeBuild, deployment applications in AWS CodeDeploy, pipelines in AWS CodePipeline, and repositories in AWS CodeCommit.
+ The targets to which the notification is sent. You can specify up to 10 targets for a notification rule.
Notification rules are scoped to individual build projects, deployment applications, pipelines, and repositories. Notification rules have both user-defined friendly names and Amazon Resource Names (ARNs). Notification rules must be created in the same AWS Region where the resource exists. For example, if your build project is in the US East (Ohio) Region, your notification rule must be created in the US East (Ohio) Region, too.
You can define up to 10 notification rules for a resource.
## Events
An *event* is a change of state on a resource that you want to monitor. Each resource has a list of event types you can choose from. When you set up a notification rule on a resource, you specify the events that cause notifications to be sent. For example, if you set up notifications for a repository in CodeCommit, and you select **Created** for both **Pull request** and **Branches and tags**, a notification is sent every time a user in that repository creates a pull request, branch, or Git tag.
## Detail types
When you create a notification rule, you can choose the level of detail or *detail type* included in notifications (**Full** or **Basic**). The **Full** setting (the default) includes all information available for the event in the notification, including any enhanced information provided by services for specific events. The **Basic** setting includes only a subset of the available information.
The following table lists the enhanced information available for specific event types and describes the differences between the detail types.
****
| Service | Event | Full includes | Basic does not include |
| --- | --- | --- | --- |
| CodeCommit | Comments on commits Comments on pull requests | All event details and the content of the comment, including any replies or comment threads. It also includes the line number and the line of code upon which the comment was made. | The content of the comment. line number, line of code, or any comment threads. |
| CodeCommit | Pull request created | All event details and the number of files that were added, modified, or deleted in the pull request in relation to the destination branch. | No list of files or details about whether the pull request source branch has added, modified, or deleted files. |
| CodePipeline | Manual approval needed | All event details and custom data (if configured). The notification also includes a link to the required approval in the pipeline. | No custom data or link. |
| CodePipeline | Action execution failed Pipeline execution failed Stage execution failed | All event details and the content of the error message for the failure. | No error message content. |
## Targets
A *target* is a location for receiving notifications from notification rules. The allowed target types are Amazon SNS topics and AWS Chatbot clients configured for Slack or Microsoft Teams channels. Any user subscribed to the target receives notifications about the events that you specify in the notification rule.
If you want to extend the reach of notifications, you can manually configure integration between notifications and AWS Chatbot so that notifications are sent to Amazon Chime chatrooms. You can then choose the Amazon SNS topic that is configured for that AWS Chatbot client as the target for the notification rule. For more information, see [To integrate notifications with AWS Chatbot and Amazon Chime](notifications-chatbot.md#notifications-chatbot-chime).
If you choose to use an AWS Chatbot client as a target, you must first create that client in AWS Chatbot. When you choose an AWS Chatbot client as a target for a notification rule, an Amazon SNS topic is configured for that AWS Chatbot client with all the policies required for notifications to be sent to the Slack or Microsoft Teams channel. You don't have to configure any existing Amazon SNS topics for the AWS Chatbot client.
You can choose to create an Amazon SNS topic as a target as part of creating a notification rule (recommended). You can also choose an existing Amazon SNS topic in the same AWS Region as the notification rule, but you must configure it with the required policy. The Amazon SNS topic that you use for a target must be in your AWS account. It also must be in the same AWS Region as the notification rule and the AWS resource for which the rule was created.
For example, if you create a notification rule for a repository in the US East (Ohio) Region, the Amazon SNS topic must also exist in that Region. If you create an Amazon SNS topic as part of creating a notification rule, the topic is configured with the policy required to allow the publication of events to the topic. This is the best method for working with targets and notification rules. If you choose to use an already-existing topic or create one manually, you must configure it with the required permissions before users receive notifications. For more information, see [Configure Amazon SNS topics for notifications](set-up-sns.md).
**Note**
If you want to use an existing Amazon SNS topic instead of creating a new one, in **Targets**, choose its ARN. Make sure the topic has the appropriate access policy, and that the subscriber list contains only those users who are allowed to see information about the resource. If the Amazon SNS topic is a topic that was used for CodeCommit notifications before November 5, 2019, it will contain a policy that allows CodeCommit to publish to it that contains different permissions than those required for AWS CodeStar Notifications. Using these topics is not recommended. If you want to use one created for that experience, you must add the required policy for AWS CodeStar Notifications in addition to the one that already exists. For more information, see [Configure Amazon SNS topics for notifications](set-up-sns.md) and [Understanding notification contents and security](security.md#security-notifications).
## Notifications and AWS CodeStar Notifications
While a feature of the Developer Tools console, notifications has its own API, AWS CodeStar Notifications. It also has its own AWS resource type (notification rules), permissions, and events. Events for notification rules are logged in AWS CloudTrail. API actions can be allowed or denied through IAM policies.
## Events for notification rules on repositories
| Category | Events | Event IDs |
| --- | --- | --- |
| Comments | On commits On pull requests | `codecommit-repository-comments-on-commits` `codecommit-repository-comments-on-pull-requests` |
| Approvals | Status changed Rule override | `codecommit-repository-approvals-status-changed` `codecommit-repository-approvals-rule-override` |
| Pull request | Created Source updated Status changed Merged | `codecommit-repository-pull-request-created` `codecommit-repository-pull-request-source-updated` `codecommit-repository-pull-request-status-changed` `codecommit-repository-pull-request-merged` |
| Branches and tags | Created Deleted Updated | `codecommit-repository-branches-and-tags-created``codecommit-repository-branches-and-tags-deleted`codecommit-repository-branches-and-tags-updated |
## Events for notification rules on build projects
| Category | Events | Event IDs |
| --- | --- | --- |
| Build state | Failed Succeeded In-progress Stopped | `codebuild-project-build-state-failed` `codebuild-project-build-state-succeeded` `codebuild-project-build-state-in-progress` `codebuild-project-build-state-stopped` |
| Build phase | Failure Success | `codebuild-project-build-phase-failure` `codebuild-project-build-phase-success` |
## Events for notification rules on deployment applications
| Category | Events | Event IDs |
| --- | --- | --- |
| Deployment | Failed Succeeded Started | `codedeploy-application-deployment-failed``codedeploy-application-deployment-succeeded`codedeploy-application-deployment-started |
## Events for notification rules on pipelines
| Category | Events | Event IDs |
| --- | --- | --- |
| Action execution | Succeeded Failed Canceled Started | `codepipeline-pipeline-action-execution-succeeded` `codepipeline-pipeline-action-execution-failed` `codepipeline-pipeline-action-execution-canceled` `codepipeline-pipeline-action-execution-started` |
| Stage execution | Started Succeeded Resumed Canceled Failed | `codepipeline-pipeline-stage-execution-started` `codepipeline-pipeline-stage-execution-succeeded` `codepipeline-pipeline-stage-execution-resumed` `codepipeline-pipeline-stage-execution-canceled` `codepipeline-pipeline-stage-execution-failed` |
| Pipeline execution | Failed Canceled Started Resumed Succeeded Superseded | `codepipeline-pipeline-pipeline-execution-failed` `codepipeline-pipeline-pipeline-execution-canceled` `codepipeline-pipeline-pipeline-execution-started` `codepipeline-pipeline-pipeline-execution-resumed` `codepipeline-pipeline-pipeline-execution-succeeded` `codepipeline-pipeline-pipeline-execution-superseded` |
| Manual approval | Failed Needed Succeeded | `codepipeline-pipeline-manual-approval-failed``codepipeline-pipeline-manual-approval-needed`codepipeline-pipeline-manual-approval-succeeded |
# Setting up
If you have a managed policy for AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy, or AWS CodePipeline applied to your IAM user or role, you have the permissions required to work with notifications within the limitations of the roles and permissions provided by the policy. For example, users who have the `AWSCodeBuildAdminAccess`, `AWSCodeCommitFullAccess`, `AWSCodeDeployFullAccess`, or `AWSCodePipeline_FullAccess` managed policy applied have full administrative access to notifications.
For more information, including example policies, see [Identity-based policies](security-iam.md#security_iam_access-manage-id-based-policies).
If you have one of these policies applied to your IAM user or role, and a build project in CodeBuild, a repository in CodeCommit, a deployment application in CodeDeploy, or a pipeline in CodePipeline, you are ready to create your first notification rule. Continue to [Getting started with notifications](getting-started.md). If not, see the following topics:
+ CodeBuild: [Getting started with CodeBuild](https://docs.aws.amazon.com/codebuild/latest/userguide/getting-started.html)
+ CodeCommit: [Getting started with CodeCommit](https://docs.aws.amazon.com/codecommit/latest/userguide/getting-started-cc.html)
+ CodeDeploy: [Tutorials](https://docs.aws.amazon.com/codedeploy/latest/userguide/tutorials.html)
+ CodePipeline: [Getting started with CodePipeline](https://docs.aws.amazon.com/codepipeline/latest/userguide/getting-started-codepipeline.html)
If you want to manage administrative permissions for notifications for IAM users, groups, or roles yourself, follow the procedures in this topic to set up the permissions and resources you need to use the service.
If you want to use previously created Amazon SNS topics for notifications instead of creating topics specifically for notifications, you must configure an Amazon SNS topic to use as the target for a notification rule by applying a policy that allows events to be published to that topic.
**Note**
To perform the following procedures, you must be signed in with an account that has administrative permissions. For more information, see [Creating your first IAM admin user and group](https://docs.aws.amazon.com/IAM/latest/UserGuide/getting-started_create-admin-group.html).
**Topics**
+ [Create and apply a policy for administrative access to notifications](#set-up-permissions)
+ [Configure Amazon SNS topics for notifications](set-up-sns.md)
+ [Subscribe users to Amazon SNS topics that are targets](subscribe-users-sns.md)
## Create and apply a policy for administrative access to notifications
You can administer notifications by signing in with an IAM user or using a role that has permissions to access the service and the services (AWS CodeBuild, AWS CodeCommit, AWS CodeDeploy, or AWS CodePipeline) for which you want to create notifications. You can also create your own policies and apply them to users or groups.
The following procedure shows you how to configure an IAM group with permissions for administering notifications and adding IAM users. If you do not want to set up a group, you can apply this policy directly to IAM users or to an IAM role that can be assumed by users. You can also use the managed policies for CodeBuild, CodeCommit, CodeDeploy, or CodePipeline, which include policy-appropriate access to notification features depending on the scope of the policy.
For the policy below, enter a name (for example, `AWSCodeStarNotificationsFullAccess`) and an optional description for this policy. The description helps you remember the purpose of the policy (for example, **This policy provides full access to AWS CodeStar Notifications.**
**To use the JSON policy editor to create a policy**
1. Sign in to the AWS Management Console and open the IAM console at [https://console.aws.amazon.com/iam/](https://console.aws.amazon.com/iam/).
1. In the navigation pane on the left, choose **Policies**.
If this is your first time choosing **Policies**, the **Welcome to Managed Policies** page appears. Choose **Get Started**.
1. At the top of the page, choose **Create policy**.
1. In the **Policy editor** section, choose the **JSON** option.
1. Enter the following JSON policy document:
```
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "AWSCodeStarNotificationsFullAccess",
"Effect": "Allow",
"Action": [
"codestar-notifications:CreateNotificationRule",
"codestar-notifications:DeleteNotificationRule",
"codestar-notifications:DescribeNotificationRule",
"codestar-notifications:ListNotificationRules",
"codestar-notifications:UpdateNotificationRule",
"codestar-notifications:Subscribe",
"codestar-notifications:Unsubscribe",
"codestar-notifications:DeleteTarget",
"codestar-notifications:ListTargets",
"codestar-notifications:ListTagsforResource",
"codestar-notifications:TagResource",
"codestar-notifications:UntagResource"
],
"Resource": "*"
}
]
}
```
1. Choose **Next**.
**Note**
You can switch between the **Visual** and **JSON** editor options anytime. However, if you make changes or choose **Next** in the **Visual** editor, IAM might restructure your policy to optimize it for the visual editor. For more information, see [Policy restructuring](https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_policies.html#troubleshoot_viseditor-restructure) in the *IAM User Guide*.
1. On the **Review and create** page, enter a **Policy name** and a **Description** (optional) for the policy that you are creating. Review **Permissions defined in this policy** to see the permissions that are granted by your policy.
1. Choose **Create policy** to save your new policy.
# Configure Amazon SNS topics for notifications
The easiest way to set up notifications is to create an Amazon SNS topic when you create a notification rule. You can use an existing Amazon SNS topic if it meets the following requirements:
+ It was created in the same AWS Region as the resource (build project, deployment application, repository, or pipeline) for which you want to create notification rules.
+ It has not been used for sending notifications for CodeCommit before November 5, 2019. If it has, it will contain policy statements that enabled that functionality. You can choose to use this topic, but you will need to add the additional policy as specified in the procedure. You should not remove the existing policy statement if one or more repositories is still configured for notifications before November 5, 2019.
+ It has a policy that allows AWS CodeStar Notifications to publish notifications to the topic.
**To configure an Amazon SNS topic to use as a target for AWS CodeStar Notifications notification rules**
1. Sign in to the AWS Management Console and open the Amazon SNS console at [https://console.aws.amazon.com/sns/v3/home](https://console.aws.amazon.com/sns/v3/home).
1. In the navigation bar, choose **Topics**, choose the topic you want to configure, and then choose **Edit**.
1. Expand **Access policy**, and then choose **Advanced**.
1. In the JSON editor, add the following statement to the policy. Include the topic ARN, AWS Region, AWS account ID, and topic name.
```
{
"Sid": "AWSCodeStarNotifications_publish",
"Effect": "Allow",
"Principal": {
"Service": [
"codestar-notifications.amazonaws.com"
]
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:us-east-2:123456789012:codestar-notifications-MyTopicForNotificationRules"
}
```
The policy statement should look like the following.
```
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__default_statement_ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"SNS:GetTopicAttributes",
"SNS:SetTopicAttributes",
"SNS:AddPermission",
"SNS:RemovePermission",
"SNS:DeleteTopic",
"SNS:Subscribe",
"SNS:ListSubscriptionsByTopic",
"SNS:Publish"
],
"Resource": "arn:aws:sns:us-east-2:123456789012:codestar-notifications-MyTopicForNotificationRules",
"Condition": {
"StringEquals": {
"AWS:SourceOwner": "123456789012"
}
}
},
{
"Sid": "AWSCodeStarNotifications_publish",
"Effect": "Allow",
"Principal": {
"Service": [
"codestar-notifications.amazonaws.com"
]
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:us-east-2:123456789012:codestar-notifications-MyTopicForNotificationRules"
}
]
}
```
1. Choose **Save changes**.
1. If you want to use an AWS KMS-encrypted Amazon SNS topic to send notifications, you must also enable compatibility between the event source (AWS CodeStar Notifications) and the encrypted topic by adding the following statement to the policy of the AWS KMS key. Replace the AWS Region (in this example, us-east-2) with the AWS Region where the key was created.
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Principal": {
"Service": "codestar-notifications.amazonaws.com"
},
"Action": [
"kms:GenerateDataKey*",
"kms:Decrypt"
],
"Resource": "*",
"Condition": {
"StringEquals": {
"kms:ViaService": "sns.us-east-2.amazonaws.com"
}
}
}
]
}
```
------
For more information, see [Encryption at rest](https://docs.aws.amazon.com/kms/latest/developerguide/sns-server-side-encryption.html#sns-what-permissions-for-sse) and [Using policy conditions with AWS KMS](https://docs.aws.amazon.com/kms/latest/developerguide/policy-conditions.html) in the *AWS Key Management Service Developer Guide*.
# Subscribe users to Amazon SNS topics that are targets
Before users can receive notifications, they must be subscribed to the Amazon SNS topic that is the target of the notification rule. If users are subscribed by email address, they must confirm their subscription before they receive notifications. To send notifications to users in Slack channels, Microsoft Teams channels, or Amazon Chime chatrooms, see [Configure integration between notifications and AWS Chatbot](notifications-chatbot.md).
**To subscribe users to an Amazon SNS topic used for notifications**
1. Sign in to the AWS Management Console and open the Amazon SNS console at [https://console.aws.amazon.com/sns/v3/home](https://console.aws.amazon.com/sns/v3/home).
1. In the navigation bar, choose **Topics**, and then choose the topic to which you want to subscribe users.
1. In **Subscriptions**, choose **Create subscription**.
1. In **Protocol**, choose **Email**. In **Endpoint**, enter the email address, and then choose **Create subscription**.
# Getting started with notifications
The easiest way to get started with notifications is to set up a notification rule on one of your build projects, deployment applications, pipelines, or repositories.
**Note**
The first time you create a notification rule, a service-linked role is created in your account. For more information, see [Using service-linked roles for AWS CodeStar Notifications](using-service-linked-roles.md).
**Topics**
+ [Prerequisites](#getting-started-prerequisites)
+ [Create a notification rule for a repository](getting-started-repository.md)
+ [Create a notification rule for a build project](getting-started-build.md)
+ [Create a notification rule for a deployment application](getting-started-deploy.md)
+ [Create a notification rule for a pipeline](getting-started-pipeline.md)
## Prerequisites
Complete the steps in [Setting up](setting-up.md). You also need a resource for which you create a notification rule.
+ [Create a build project in CodeBuild](https://docs.aws.amazon.com/codebuild/latest/userguide/create-project.html) or use an existing one.
+ [Create an application](https://docs.aws.amazon.com/codedeploy/latest/userguide/applications-create.html) or use an existing deployment application.
+ [Create a pipeline in CodePipeline](https://docs.aws.amazon.com/codepipeline/latest/userguide/pipelines-create.html) or use an existing one.
+ [Create an AWS CodeCommit repository](https://docs.aws.amazon.com/codecommit/latest/userguide/how-to-create-repository.html) or use an existing one.
# Create a notification rule for a repository
You can create notification rules to send notifications about repository events that are important to you. The following steps show you how to set up a notification rule on a single repository event. These steps are written with the assumption that you have a repository configured in your AWS account.
**Important**
If you set up notifications in CodeCommit before November 5, 2019, the Amazon SNS topics used for those notifications will contain a policy that allows CodeCommit to publish to it that contains different permissions than those required for AWS CodeStar Notifications. Using these topics is not recommended. If you want to use one created for that experience, you must add the required policy for AWS CodeStar Notifications in addition to the one that already exists. For more information, see [Configure Amazon SNS topics for notifications](set-up-sns.md) and [Understanding notification contents and security](security.md#security-notifications).
1. Open the CodeCommit console at [https://console.aws.amazon.com/codecommit/](https://console.aws.amazon.com/codecommit/).
1. Choose a repository from the list and open it.
1. Choose **Notify**, and then choose **Create notification rule**. You can also choose **Settings**, choose **Notifications**, and then choose **Create notification rule**.
1. In **Notification name**, enter a name for the rule.
1. In **Detail type**, choose **Basic** if you want only the information provided to Amazon EventBridge included in the notification. Choose **Full** if you want to include information provided to Amazon EventBridge and information that might be supplied by the resource service or the notification manager.
For more information, see [Understanding notification contents and security](security.md#security-notifications).
1. In **Events that trigger notifications**, under **Branches and tags**, select **Created**.
1. In **Targets**, choose **Create SNS topic**.
**Note**
When you create the topic as part of creating the notification rule, the policy that allows CodeCommit to publish events to the topic is applied for you. Using a topic created for notification rules helps ensure that you subscribe only those users who you want to receive notifications about this repository.
After the **codestar-notifications-** prefix,enter a name for the topic, and then choose **Submit**.
**Note**
If you want to use an existing Amazon SNS topic instead of creating a new one, in **Targets**, choose its ARN. Make sure the topic has the appropriate access policy, and that the subscriber list contains only those users who are allowed to see information about the resource. If the Amazon SNS topic is a topic that was used for CodeCommit notifications before November 5, 2019, it will contain a policy that allows CodeCommit to publish to it that contains different permissions than those required for AWS CodeStar Notifications. Using these topics is not recommended. If you want to use one created for that experience, you must add the required policy for AWS CodeStar Notifications in addition to the one that already exists. For more information, see [Configure Amazon SNS topics for notifications](set-up-sns.md) and [Understanding notification contents and security](security.md#security-notifications).
1. Choose **Submit**, and then review the notification rule.
1. Subscribe your email address to the Amazon SNS topic you just created. For more information, see [To subscribe users to an Amazon SNS topic used for notifications](subscribe-users-sns.md#set-up-sns-subscribe).
1. Navigate to your repository and create a test branch from the default branch.
1. After you create the branch, the notification rule sends a notification to all topic subscribers with information about that event.
# Create a notification rule for a build project
You can create notification rules to send notifications about the events on your build project that are important to you. The following steps show you how to set up a notification rule on a single build project event. These steps are written with the assumption that you have a build project configured in your AWS account.
1. Open the CodeBuild console at [https://console.aws.amazon.com/codebuild/](https://console.aws.amazon.com/codebuild/).
1. Choose a build project from the list and open it.
1. Choose **Notify**, and then choose **Create notification rule**. You can also choose **Settings**, and then choose **Create notification rule**.
1. In **Notification name**, enter a name for the rule.
1.
In **Detail type**, choose **Basic** if you want only the information provided to Amazon EventBridge included in the notification. Choose **Full** if you want to include information provided to Amazon EventBridge and information that might be supplied by the resource service or the notification manager.
For more information, see [Understanding notification contents and security](security.md#security-notifications).
1. In **Events that trigger notifications**, under **Build phase**, select **Success**.
1. In **Targets**, choose **Create SNS topic**.
**Note**
When you create the topic as part of creating the notification rule, the policy that allows CodeBuild to publish events to the topic is applied for you. Using a topic created for notification rules helps ensure that you subscribe only those users you want to receive notifications about this build project.
After the **codestar-notifications-** prefix, enter a name for the topic, and then choose **Submit**.
**Note**
If you want to use an existing Amazon SNS topic instead of creating a new one, in **Targets**, choose its ARN. Make sure the topic has the appropriate access policy, and that the subscriber list contains only those users who are allowed to see information about the resource. If the Amazon SNS topic is a topic that was used for CodeCommit notifications before November 5, 2019, it will contain a policy that allows CodeCommit to publish to it that contains different permissions than those required for AWS CodeStar Notifications. Using these topics is not recommended. If you want to use one created for that experience, you must add the required policy for AWS CodeStar Notifications in addition to the one that already exists. For more information, see [Configure Amazon SNS topics for notifications](set-up-sns.md) and [Understanding notification contents and security](security.md#security-notifications).
1. Choose **Submit**, and then review the notification rule.
1. Subscribe your email address to the Amazon SNS topic you just created. For more information, see [To subscribe users to an Amazon SNS topic used for notifications](subscribe-users-sns.md#set-up-sns-subscribe).
1. Navigate to your build project and start a build.
1. After the build phase is successfully completed, the notification rule sends a notification to all topic subscribers with information about that event.
# Create a notification rule for a deployment application
You can create notification rules to send notifications about the events on your deployment application that are important to you. The following steps show you how to set up a notification rule on a single build project event. These steps are written with the assumption that you have a deployment application configured in your AWS account.
1. Open the CodeDeploy console at [https://console.aws.amazon.com/codedeploy/](https://console.aws.amazon.com/codedeploy/).
1. Choose an application from the list and open it.
1. Choose **Notify**, and then choose **Create notification rule**. You can also choose **Settings**, and then choose **Create notification rule**.
1. In **Notification name**, enter a name for the rule.
1. In **Detail type**, choose **Basic** if you want only the information provided to Amazon EventBridge included in the notification. Choose **Full** if you want to include information provided to Amazon EventBridge and information that might be supplied by the resource service or the notification manager.
For more information, see [Understanding notification contents and security](security.md#security-notifications).
1. In **Events that trigger notifications**, under **Deployment**, select **Succeeded**.
1. In **Targets**, choose **Create SNS topic**.
**Note**
When you create the topic as part of creating the notification rule, the policy that allows CodeDeploy to publish events to the topic is applied for you. Using a topic created for notification rules helps ensure that you subscribe only those users you want to receive notifications about this deployment application.
After the **codestar-notifications-** prefix, enter a name for the topic, and then choose **Submit**.
**Note**
If you want to use an existing Amazon SNS topic instead of creating a new one, in **Targets**, choose its ARN. Make sure the topic has the appropriate access policy, and that the subscriber list contains only those users who are allowed to see information about the resource. If the Amazon SNS topic is a topic that was used for CodeCommit notifications before November 5, 2019, it will contain a policy that allows CodeCommit to publish to it that contains different permissions than those required for AWS CodeStar Notifications. Using these topics is not recommended. If you want to use one created for that experience, you must add the required policy for AWS CodeStar Notifications in addition to the one that already exists. For more information, see [Configure Amazon SNS topics for notifications](set-up-sns.md) and [Understanding notification contents and security](security.md#security-notifications).
1. Choose **Submit**, and then review the notification rule.
1. Subscribe your email address to the Amazon SNS topic you just created. For more information, see [To subscribe users to an Amazon SNS topic used for notifications](subscribe-users-sns.md#set-up-sns-subscribe).
1. Navigate to your deployment application and start a deployment.
1. After thedeployment succeeds, the notification rule sends a notification to all topic subscribers with information about the event.
# Create a notification rule for a pipeline
You can create notification rules to send notifications about the events on your pipeline that are important to you. The following steps show you how to set up a notification rule on a single pipeline event. These steps are written with the assumption that you have a pipeline configured in your AWS account.
1. Open the CodePipeline console at [https://console.aws.amazon.com/codepipeline/](https://console.aws.amazon.com/codepipeline/).
1. Choose a pipeline from the list and open it.
1. Choose **Notify**, and then choose **Create notification rule**. You can also choose **Settings**, and then choose **Create notification rule**.
1. In **Notification name**, enter a name for the rule.
1. In **Detail type**, choose **Basic** if you want only the information provided to Amazon EventBridge included in the notification. Choose **Full** if you want to include information provided to Amazon EventBridge and information that might be supplied by the resource service or the notification manager.
For more information, see [Understanding notification contents and security](security.md#security-notifications).
1. In **Events that trigger notifications**, under **Action execution**, select **Started**.
1. In **Targets**, choose **Create SNS topic**.
**Note**
When you create the topic as part of creating the notification rule, the policy that allows CodePipeline to publish events to the topic is applied for you. Using a topic created for notification rules helps ensure that you subscribe only those users you want to receive notifications about this pipeline.
After the **codestar-notifications-** prefix,enter a name for the topic, and then choose **Submit**.
**Note**
If you want to use an existing Amazon SNS topic instead of creating a new one, in **Targets**, choose its ARN. Make sure the topic has the appropriate access policy, and that the subscriber list contains only those users who are allowed to see information about the resource. If the Amazon SNS topic is a topic that was used for CodeCommit notifications before November 5, 2019, it will contain a policy that allows CodeCommit to publish to it that contains different permissions than those required for AWS CodeStar Notifications. Using these topics is not recommended. If you want to use one created for that experience, you must add the required policy for AWS CodeStar Notifications in addition to the one that already exists. For more information, see [Configure Amazon SNS topics for notifications](set-up-sns.md) and [Understanding notification contents and security](security.md#security-notifications).
1. Choose **Submit**, and then review the notification rule.
1. Subscribe your email address to the Amazon SNS topic you just created. For more information, see [To subscribe users to an Amazon SNS topic used for notifications](subscribe-users-sns.md#set-up-sns-subscribe).
1. Navigate to your pipeline, and then choose **Release change**.
1. When the action starts, the notification rule sends a notification to all topic subscribers with information about the event.
# Working with notification rules
A notification rule is where you configure which events you want users to receive notifications about and specify the targets that receive those notifications. You can send notifications directly to users through Amazon SNS, or through AWS Chatbot clients configured for Slack or Microsoft Teams channels. If you want to extend the reach of notifications, you can manually configure integration between notifications and AWS Chatbot so that notifications are sent to Amazon Chime chatrooms. For more information, see [Targets](concepts.md#targets) and [To integrate notifications with AWS Chatbot and Amazon Chime](notifications-chatbot.md#notifications-chatbot-chime).
![\[Creating a notification rule for a repository in the AWS Developer Tools console.\]](http://docs.aws.amazon.com/dtconsole/latest/userguide/images/create-notification-rule-repository.png)
You can use the Developer Tools console or the AWS CLI to create and manage notification rules.
**Topics**
+ [Create a notification rule](notification-rule-create.md)
+ [View notification rules](notification-rule-view.md)
+ [Edit a notification rule](notification-rule-edit.md)
+ [Enable or disable notifications for a notification rule](notification-rule-enable-disable.md)
+ [Delete a notification rule](notification-rule-delete.md)
# Create a notification rule
You can use the Developer Tools console or the AWS CLI to create notification rules. You can create an Amazon SNS topic to use as a target for a notification rule as part of creating the rule. If you want to use an AWS Chatbot client as a target, you must create that client before you can create the rule. For more information, see [Configure an AWS Chatbot client for a Slack channel](notifications-chatbot.md#notifications-chatbot-configure-client).
# To create a notification rule (console)
1. Open the AWS Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/notifications](https://console.aws.amazon.com/codesuite/settings/notifications/).
1. Use the navigation bar to navigate to the resource.
+ For CodeBuild, choose **Build**, choose **Build projects**, and choose a build project.
+ For CodeCommit, choose **Source**, choose **Repositories**, and choose a repository.
+ For CodeDeploy, choose **Applications**, and choose an application.
+ For CodePipeline, choose **Pipeline**, choose **Pipelines**, and choose a pipeline.
1. On the resource page, choose **Notify**, and then choose **Create notification rule**. You can also go to the **Settings** page for the resource, go to **Notifications** or **Notification rules**, and then choose **Create notification rule**.
1. In **Notification name**, enter a name for the rule.
1. In **Detail type**, choose **Basic** if you want only the information provided to Amazon EventBridge included in the notification. Choose **Full** if you want to include information provided to Amazon EventBridge and information that might be supplied by the resource service or the notification manager.
For more information, see [Understanding notification contents and security](security.md#security-notifications).
1. In **Events that trigger notifications**, select the events for which you want to send notifications. For event types for a resource, see the following:
+ CodeBuild: [Events for notification rules on build projects](concepts.md#events-ref-buildproject)
+ CodeCommit: [Events for notification rules on repositories](concepts.md#events-ref-repositories)
+ CodeDeploy: [Events for notification rules on deployment applications](concepts.md#events-ref-deployapplication)
+ CodePipeline: [Events for notification rules on pipelines](concepts.md#events-ref-pipeline)
1. In **Targets**, do one of the following:
+ If you have already configured a resource to use with notifications, in **Choose target type**, choose either **AWS Chatbot (Slack)**, **AWS Chatbot (Microsoft Teams)**, or **SNS topic**. In **Choose target**, choose the name of the client (for a Slack or Microsoft Teams client configured in AWS Chatbot) or the Amazon Resource Name (ARN) of the Amazon SNS topic (for Amazon SNS topics already configured with the policy required for notifications).
+ If you have not configured a resource to use with notifications, choose **Create target**, and then choose **SNS topic**. Provide a name for the topic after **codestar-notifications-**, and then choose **Create**.
**Note**
If you create the Amazon SNS topic as part of creating the notification rule, the policy that allows the notifications feature to publish events to the topic is applied for you. Using a topic created for notification rules helps ensure that you subscribe only those users that you want to receive notifications about this resource.
You cannot create an AWS Chatbot client as part of creating a notification rule. If you choose AWS Chatbot (Slack) or AWS Chatbot (Microsoft Teams), you will see a button directing you to configure a client in AWS Chatbot. Choosing that option opens the AWS Chatbot console. For more information, see [Configure an AWS Chatbot client for a Slack channel](notifications-chatbot.md#notifications-chatbot-configure-client).
If you want to use an existing Amazon SNS topic as a target, you must add the required policy for AWS CodeStar Notifications in addition to any other policies that might exist for that topic. For more information, see [Configure Amazon SNS topics for notifications](set-up-sns.md) and [Understanding notification contents and security](security.md#security-notifications).
1. Choose **Submit**, and then review the notification rule.
**Note**
Users must subscribe and confirm subscriptions to the Amazon SNS topic you specified as the target of the rule before they will receive notifications. For more information, see [To subscribe users to an Amazon SNS topic used for notifications](subscribe-users-sns.md#set-up-sns-subscribe).
# To create a notification rule (AWS CLI)
1. At a terminal or command prompt, run the **create-notification rule** command to generate the JSON skeleton.
```
aws codestar-notifications create-notification-rule --generate-cli-skeleton > rule.json
```
You can name the file anything you want. In this example, the file is named *rule.json*.
1. Open the JSON file in a plaintext editor and edit it to include the resource, event types, and Amazon SNS target that you want for the rule.
The following example shows a notification rule named **MyNotificationRule** for a repository named *MyDemoRepo* in an AWS account with the ID *123456789012*. Notifications with the full detail type are sent to an Amazon SNS topic named *MyNotificationTopic* when branches and tags are created.
```
{
"Name": "MyNotificationRule",
"EventTypeIds": [
"codecommit-repository-branches-and-tags-created"
],
"Resource": "arn:aws:codecommit:us-east-1:123456789012:MyDemoRepo",
"Targets": [
{
"TargetType": "SNS",
"TargetAddress": "arn:aws:sns:us-east-1:123456789012:MyNotificationTopic"
}
],
"Status": "ENABLED",
"DetailType": "FULL"
}
```
Save the file.
1. Using the file you just edited, at the terminal or command line, run the **create-notification-rule** command again to create the notification rule.
```
aws codestar-notifications create-notification-rule --cli-input-json file://rule.json
```
1. If successful, the command returns the ARN of the notification rule, similar to the following.
```
{
"Arn": "arn:aws:codestar-notifications:us-east-1:123456789012:notificationrule/dc82df7a-EXAMPLE"
}
```
# To list event types for notification rules (AWS CLI)
1. At a terminal or command prompt, run the **list-event-types** command. You can use the `--filters` option to limit the response to a specific resource type or other attribute. For example, the following returns a list of event types for CodeDeploy applications.
```
aws codestar-notifications list-event-types --filters Name=SERVICE_NAME,Value=CodeDeploy
```
1. This command produces output similar to the following.
```
{
"EventTypes": [
{
"EventTypeId": "codedeploy-application-deployment-succeeded",
"ServiceName": "CodeDeploy",
"EventTypeName": "Deployment: Succeeded",
"ResourceType": "Application"
},
{
"EventTypeId": "codedeploy-application-deployment-failed",
"ServiceName": "CodeDeploy",
"EventTypeName": "Deployment: Failed",
"ResourceType": "Application"
},
{
"EventTypeId": "codedeploy-application-deployment-started",
"ServiceName": "CodeDeploy",
"EventTypeName": "Deployment: Started",
"ResourceType": "Application"
}
]
}
```
# To add a tag to a notification rule (AWS CLI)
1. At a terminal or command prompt, run the **tag-resource** command. For example, use the following command to add a tag key-value pair that has the name *Team* and the value *Li\$1Juan*.
```
aws codestar-notifications tag-resource --arn arn:aws:codestar-notifications:us-east-1:123456789012:notificationrule/fe1efd35-EXAMPLE --tags Team=Li_Juan
```
1. This command produces output similar to the following.
```
{
"Tags": {
"Team": "Li_Juan"
}
}
```
# View notification rules
You can use the Developer Tools console or the AWS CLI to view all of the notification rules for all resources in an AWS Region. You can also view the details of each notification rule. Unlike the process for creating a notification rule, you do not have to go to the resource page for the resource.
# To view notification rules (console)
1. Open the AWS Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/notifications](https://console.aws.amazon.com/codesuite/settings/notifications/).
1. In the navigation bar, expand **Settings**, and then choose **Notification rules**.
1. In **Notification rules**, review the list of rules configured for your resources in your AWS account in the AWS Region where you are currently signed in. Use the selector to change the AWS Region.
1. To view the details of a notification rule, choose it from the list, and then choose **View details**. You can also simply choose its name in the list.
# To view a list of notification rules (AWS CLI)
1. At a terminal or command prompt, run the **list-notification-rules** command to view all notification rules for the specified AWS Region.
```
aws codestar-notifications list-notification-rules --region us-east-1
```
1. If successful, this command returns the ID and ARN for each notification rule in the AWS Region, similar to the following.
```
{
"NotificationRules": [
{
"Id": "dc82df7a-EXAMPLE",
"Arn": "arn:aws:codestar-notifications:us-east-1:123456789012:notificationrule/dc82df7a-EXAMPLE"
},
{
"Id": "8d1f0983-EXAMPLE",
"Arn": "arn:aws:codestar-notifications:us-east-1:123456789012:notificationrule/8d1f0983-EXAMPLE"
}
]
}
```
# To view details of a notification rule (AWS CLI)
1. At a terminal or command prompt, run the **describe-notification-rule** command, specifying the ARN of the notification rule.
```
aws codestar-notifications describe-notification-rule --arn arn:aws:codestar-notifications:us-east-1:123456789012:notificationrule/dc82df7a-EXAMPLE
```
1. If successful, the command returns output similar to the following.
```
{
"LastModifiedTimestamp": 1569199844.857,
"EventTypes": [
{
"ServiceName": "CodeCommit",
"EventTypeName": "Branches and tags: Created",
"ResourceType": "Repository",
"EventTypeId": "codecommit-repository-branches-and-tags-created"
}
],
"Status": "ENABLED",
"DetailType": "FULL",
"Resource": "arn:aws:codecommit:us-east-1:123456789012:MyDemoRepo",
"Arn": "arn:aws:codestar-notifications:us-east-1:123456789012:notificationrule/dc82df7a-EXAMPLE",
"Targets": [
{
"TargetStatus": "ACTIVE",
"TargetAddress": "arn:aws:sns:us-east-1:123456789012:MyNotificationTopic",
"TargetType": "SNS"
}
],
"Name": "MyNotificationRule",
"CreatedTimestamp": 1569199844.857,
"CreatedBy": "arn:aws:iam::123456789012:user/Mary_Major"
}
```
# To view a list of tags for a notification rule (AWS CLI)
1. At a terminal or command prompt, run the **list-tags-for-resource** command to view all tags for a specified notification rule ARN.
```
aws codestar-notifications list-tags-for-resource --arn arn:aws:codestar-notifications:us-east-1:123456789012:notificationrule/fe1efd35-EXAMPLE
```
1. If successful, this command returns output similar to the following.
```
{
"Tags": {
"Team": "Li_Juan"
}
}
```
# Edit a notification rule
You can edit a notification rule to change its name, the events for which it sends notifications, the detail type, or the target or targets to which it sends notifications. You can use the Developer Tools console or the AWS CLI to edit a notification rule.
# To edit a notification rule (console)
1. Open the AWS Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/notifications](https://console.aws.amazon.com/codesuite/settings/notifications/).
1. In the navigation bar, expand **Settings**, and then choose **Notification rules**.
1. In **Notification rules**, review the rules configured for resources in your AWS account in the AWS Region where you are currently signed in. Use the selector to change the AWS Region.
1. Choose the rule from the list, and then choose **Edit**. Make your changes, and then choose **Submit**.
# To edit a notification rule (AWS CLI)
1. At a terminal or command prompt, run the [describe-notification-rule command](notification-rule-view.md#notification-rule-view-details-cli) to view the structure of the notification rule.
1. Run the **update-notification rule** command to generate the JSON skeleton and then save it to a file.
```
aws codestar-notifications update-notification-rule --generate-cli-skeleton > update.json
```
You can name the file anything you want. In this example, the file is *update.json*.
1. Open the JSON file in a plaintext editor and make changes to the rule.
The following example shows a notification rule named **MyNotificationRule** for a repository named *MyDemoRepo* in an AWS account with the ID *123456789012*. Notifications are sent to an Amazon SNS topic named *MyNotificationTopic* when branches and tags are created. The rule name is changed to *MyNewNotificationRule*.
```
{
"Name": "MyNewNotificationRule",
"EventTypeIds": [
"codecommit-repository-branches-and-tags-created"
],
"Resource": "arn:aws:codecommit:us-east-1:123456789012:MyDemoRepo",
"Targets": [
{
"TargetType": "SNS",
"TargetAddress": "arn:aws:sns:us-east-1:123456789012:MyNotificationTopic"
}
],
"Status": "ENABLED",
"DetailType": "FULL"
}
```
Save the file.
1. Using the file you just edited, at the terminal or command line, run the **update-notification-rule** command again to update the notification rule.
```
aws codestar-notifications update-notification-rule --cli-input-json file://update.json
```
1. If successful, the command returns the Amazon Resource Name (ARN) of the notification rule, similar to the following.
```
{
"Arn": "arn:aws:codestar-notifications:us-east-1:123456789012:notificationrule/dc82df7a-EXAMPLE"
}
```
# To remove a tag from a notification rule (AWS CLI)
1. At a terminal or command prompt, run the **untag-resource** command. For example, the following command removes a tag with the name of *Team*.
```
aws codestar-notifications untag-resource --arn arn:aws:codestar-notifications:us-east-1:123456789012:notificationrule/fe1efd35-EXAMPLE --tag-keys Team
```
1. If successful, this command returns nothing.
## See also
+ [Add or remove a target for a notification rule](notification-target-change-rule.md)
+ [Enable or disable notifications for a notification rule](notification-rule-enable-disable.md)
+ [Events](concepts.md#events)
# Enable or disable notifications for a notification rule
When you create a notification rule, notifications are enabled by default. You do not have to delete the rule to prevent it from sending notifications. You can simply change its notification status.
# To change the notification status for a notification rule (console)
1. Open the AWS Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/notifications](https://console.aws.amazon.com/codesuite/settings/notifications/).
1. In the navigation bar, expand **Settings**, and then choose **Notification rules**.
1. In **Notification rules**, review the rules configured for resources in your AWS account in the AWS Region where you are currently signed in. Use the selector to change the AWS Region.
1. Find the notification rule you want to enable or disable, and choose it to display its details.
1. In **Notification status**, choose the slider to change the status of the rule:
+ **Sending notifications**: This is the default.
+ **Notifications paused**: No notifications are sent to the specified targets.
# To change notification status for a notification rule (AWS CLI)
1. Follow the steps in [To edit a notification rule (AWS CLI)](notification-rule-edit.md#notification-rule-edit-cli) to obtain the JSON for the notification rule.
1. Edit the `Status` field to `ENABLED` (default) or `DISABLED` (no notifications), and then run the **update-notification-rule** command to change the status.
```
"Status": "ENABLED"
```
# Delete a notification rule
There can be only 10 notification rules configured for a resource, so consider deleting rules you no longer need. You can use the Developer Tools console or the AWS CLI to delete a notification rule.
**Note**
You cannot undo the deletion of a notification rule, but you can recreate it. Deleting a notification rule does not delete the target.
# To delete a notification rule (console)
1. Open the AWS Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/notifications](https://console.aws.amazon.com/codesuite/settings/notifications/).
1. In the navigation bar, expand **Settings**, and then choose **Notification rules**.
1. In **Notification rules**, review the rules configured for resources in your AWS account in the AWS Region where you are currently signed in. Use the selector to change the AWS Region.
1. Choose the notification rule, and then choose **Delete**.
1. Type **delete**, and then choose **Delete**.
# To delete a notification rule (AWS CLI)
1. At a terminal or command prompt, run the **delete-notification-rule** command, specifying the ARN of the notification rule.
```
aws codestar-notifications delete-notification-rule --arn arn:aws:codestar-notifications:us-east-1:123456789012:notificationrule/dc82df7a-EXAMPLE
```
1. If successful, the command returns the ARN of the deleted notification rule, similar to the following.
```
{
"Arn": "arn:aws:codestar-notifications:us-east-1:123456789012:notificationrule/dc82df7a-EXAMPLE"
}
```
# Working with notification rule targets
A notification rule target is a destination that defines where you want notifications to be sent when a notification rule's event conditions are met. You can choose between Amazon SNS topics and AWS Chatbot clients that are configured for Slack or Microsoft Teams channels. You can create an Amazon SNS topic as a target as part of creating a notification rule (recommended). You can also choose an existing Amazon SNS topic in the same AWS Region as the notification rule, but you must configure it with the required policy. If you choose to use an AWS Chatbot client as a target, you must first create that client in AWS Chatbot.
If you want to extend the reach of notifications, you can manually configure integration between notifications and AWS Chatbot so that notifications are sent to Amazon Chime chatrooms. You can then choose the Amazon SNS topic configured for that AWS Chatbot client as the target for the notification rule. For more information, see [To integrate notifications with AWS Chatbot and Amazon Chime](notifications-chatbot.md#notifications-chatbot-chime).
You can use the Developer Tools console or the AWS CLI to manage notification targets. You can use the console or the AWS CLI to create and configure Amazon SNS topics and AWS Chatbot clients as [targets](concepts.md#targets). You can also configure integration between the Amazon SNS topics that you configure as targets and AWS Chatbot. This makes it possible for you to send notifications to Amazon Chime chatrooms. For more information, see [Configure integration between notifications and AWS Chatbot](notifications-chatbot.md).
**Topics**
+ [Create or configure a notification rule target](notification-target-create.md)
+ [View notification rule targets](notification-target-view.md)
+ [Add or remove a target for a notification rule](notification-target-change-rule.md)
+ [Delete a notification rule target](notification-target-delete.md)
# Create or configure a notification rule target
Notification rule targets are Amazon SNS topics or AWS Chatbot clients configured for Slack or Microsoft Teams channels.
An AWS Chatbot client must be created before you can select a client as a target. When you choose an AWS Chatbot client as a target for a notification rule, an Amazon SNS topic is configured for that AWS Chatbot client with all the policies required for notifications to be sent to the Slack or Microsoft Teams channel. You don't have to configure any existing Amazon SNS topics for the AWS Chatbot client.
You can create Amazon SNS notification rule targets in the Developer Tools console when you create a notification rule. The policy that allows notifications to be sent to that topic is applied for you. This is the easiest way to create a target for a notification rule. For more information, see [Create a notification rule](notification-rule-create.md).
If you use an existing Amazon SNS topic, you must configure it with an access policy that allows the resource to send notifications to that topic. For an example, see [Configure Amazon SNS topics for notifications](set-up-sns.md).
**Note**
If you want to use an existing Amazon SNS topic instead of creating a new one, in **Targets**, choose its ARN. Make sure the topic has the appropriate access policy, and that the subscriber list contains only those users who are allowed to see information about the resource. If the Amazon SNS topic is a topic that was used for CodeCommit notifications before November 5, 2019, it will contain a policy that allows CodeCommit to publish to it that contains different permissions than those required for AWS CodeStar Notifications. Using these topics is not recommended. If you want to use one created for that experience, you must add the required policy for AWS CodeStar Notifications in addition to the one that already exists. For more information, see [Configure Amazon SNS topics for notifications](set-up-sns.md) and [Understanding notification contents and security](security.md#security-notifications).
If you want to extend the reach of notifications, you can manually configure integration between notifications and AWS Chatbot so that notifications are sent to Amazon Chime chatrooms. For more information, see [Targets](concepts.md#targets) and [To integrate notifications with AWS Chatbot and Amazon Chime](notifications-chatbot.md#notifications-chatbot-chime).
# To configure an existing Amazon SNS topic to use as a notification rule target (console)
1. Sign in to the AWS Management Console and open the Amazon SNS console at [https://console.aws.amazon.com/sns/v3/home](https://console.aws.amazon.com/sns/v3/home).
1. In the navigation bar, choose **Topics**. Choose the topic, and then choose **Edit**.
1. Expand **Access policy**, and then choose **Advanced**.
1. In the JSON editor, add the following statement to the policy. Include the topic ARN, AWS Region, AWS account ID, and topic name.
```
{
"Sid": "AWSCodeStarNotifications_publish",
"Effect": "Allow",
"Principal": {
"Service": [
"codestar-notifications.amazonaws.com"
]
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:us-east-2:123456789012:codestar-notifications-MyTopicForNotificationRules"
}
```
The policy statement should look like the following.
```
{
"Version": "2008-10-17",
"Id": "__default_policy_ID",
"Statement": [
{
"Sid": "__default_statement_ID",
"Effect": "Allow",
"Principal": {
"AWS": "*"
},
"Action": [
"SNS:GetTopicAttributes",
"SNS:SetTopicAttributes",
"SNS:AddPermission",
"SNS:RemovePermission",
"SNS:DeleteTopic",
"SNS:Subscribe",
"SNS:ListSubscriptionsByTopic",
"SNS:Publish"
],
"Resource": "arn:aws:sns:us-east-2:123456789012:codestar-notifications-MyTopicForNotificationRules",
"Condition": {
"StringEquals": {
"AWS:SourceOwner": "123456789012"
}
}
},
{
"Sid": "AWSCodeStarNotifications_publish",
"Effect": "Allow",
"Principal": {
"Service": [
"codestar-notifications.amazonaws.com"
]
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:us-east-2:123456789012:codestar-notifications-MyTopicForNotificationRules"
}
]
}
```
1. Choose **Save changes**.
1. In **Subscriptions**, review the list of topic subscribers. Add, edit, or delete subscribers as appropriate for this notification rule target. Make sure that the subscriber list contains only those users who are allowed to see information about the resource. For more information, see [Understanding notification contents and security](security.md#security-notifications).
# To create an AWS Chatbot client with Slack to use as a target
1. Follow the instructions in [Setting up AWS Chatbot with Slack](https://docs.aws.amazon.com/chatbot/latest/adminguide/slack-setup.html#slack-client-setup) in the *AWS Chatbot Administrator Guide*. When you do so, consider the following choices for optimal integration with notifications:
+ When creating an IAM role, consider choosing a role name that makes it easy to identify the purpose of this role (for example, **AWSCodeStarNotifications-Chatbot-Slack-Role**). This can help you identify the purpose of the role in the future.
+ In **SNS topics**, you don't have to choose a topic or an AWS Region. When you choose the AWS Chatbot client as a [target](concepts.md#targets), an Amazon SNS topic with all the required permissions is created and configured for the AWS Chatbot client as part of the notification rule creation process.
1. Complete the client creation process. This client is then available for you to choose as a target when creating notification rules. For more information, see [Create a notification rule](notification-rule-create.md).
**Note**
Do not remove the Amazon SNS topic from the AWS Chatbot client after it has been configured for you. Doing so will prevent notifications from being sent to Slack.
# To create an AWS Chatbot client with Microsoft Teams to use as a target
1. Follow the instructions in [Setting up AWS Chatbot with Microsoft Teams](https://docs.aws.amazon.com/chatbot/latest/adminguide/teams-setup.html#teams-client-setup) in the *AWS Chatbot Administrator Guide*. When you do so, consider the following choices for optimal integration with notifications:
+ When creating an IAM role, consider choosing a role name that makes it easy to identify the purpose of this role (for example, **AWSCodeStarNotifications-Chatbot-Microsoft-Teams-Role**). This can help you identify the purpose of the role in the future.
+ In **SNS topics**, you don't have to choose a topic or an AWS Region. When you choose the AWS Chatbot client as a [target](concepts.md#targets), an Amazon SNS topic with all the required permissions is created and configured for the AWS Chatbot client as part of the notification rule creation process.
1. Complete the client creation process. This client is then available for you to choose as a target when creating notification rules. For more information, see [Create a notification rule](notification-rule-create.md).
**Note**
Do not remove the Amazon SNS topic from the AWS Chatbot client after it has been configured for you. Doing so will prevent notifications from being sent to Microsoft Teams.
# View notification rule targets
You can use Developer Tools console, not the Amazon SNS console to view all of the notification rule targets for all resources in an AWS Region. You can also view the details of a notification rule target.
# To view notification rule targets (console)
1. Open the AWS Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/notifications](https://console.aws.amazon.com/codesuite/settings/notifications/).
1. In the navigation bar, expand **Settings**, and then choose **Notification rules**.
1. In **Notification rule targets**, review the list of targets used by notification rules in in your AWS account in the AWS Region where you are currently signed in. Use the selector to change the AWS Region. If the target status shows as **Unreachable**, you might need to investigate. For more information, see [Troubleshooting](troubleshooting.md).
# To view a list of notification rule targets (AWS CLI)
1. At a terminal or command prompt, run the **list-targets** command to view a list of all notification rule targets for the specified AWS Region:
```
aws codestar-notifications list-targets --region us-east-2
```
1. If successful, this command returns the ID and ARN for each notification rule in the AWS Region, similar to the following:
```
{
"Targets": [
{
"TargetAddress": "arn:aws:sns:us-east-2:123456789012:MySNSTopicForNotificationRules",
"TargetType": "SNS",
"TargetStatus": "ACTIVE"
},
{
"TargetAddress": "arn:aws:chatbot::123456789012:chat-configuration/slack-channel/MySlackChannelClientForMyDevTeam",
"TargetStatus": "ACTIVE",
"TargetType": "AWSChatbotSlack"
},
{
"TargetAddress": "arn:aws:sns:us-east-2:123456789012:MySNSTopicForNotificationsAboutMyDemoRepo",
"TargetType": "SNS",
"TargetStatus": "ACTIVE"
}
]
}
```
# Add or remove a target for a notification rule
You can edit a notification rule to change the target or targets to which it sends notifications. You can use the Developer Tools console or or the AWS CLI to change a notification rule's targets.
# To change the targets for a notification rule (console)
1. Open the AWS Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/notifications](https://console.aws.amazon.com/codesuite/settings/notifications/).
1. In the navigation bar, expand **Settings**, and then choose **Notification rules**.
1. In **Notification rules**, review the list of rules configured for your resources in your AWS account in the AWS Region where you are currently signed in. Use the selector to change the AWS Region.
1. Choose the rule, and then choose **Edit**.
1. In **Targets**, do one of the following:
+ To add another target, choose **Add Target**, and then choose the Amazon SNS topic or AWS Chatbot (Slack) or AWS Chatbot (Microsoft Teams) client that you want to add from the list. You can also choose **Create SNS topic** to create a topic and add it as a target. A notification rule can have up to 10 targets.
+ To remove a target, next to the target you want to remove, choose **Remove target**.
1. Choose **Submit**.
# To add a target to a notification rule (AWS CLI)
1. At a terminal or command prompt, run the **subscribe** command to add a target. For example, the following command adds an Amazon SNS topic as a target for a notification rule.
```
aws codestar-notifications subscribe --arn arn:aws:codestar-notifications:us-east-1:123456789012:notificationrule/dc82df7a-EXAMPLE --target TargetType=SNS,TargetAddress=arn:aws:sns:us-east-1:123456789012:MyNotificationTopic
```
1. If successful, the command returns the ARN of the updated notification rule, similar to the following.
```
{
"Arn": "arn:aws:codestar-notifications:us-east-1:123456789012:notificationrule/dc82df7a-EXAMPLE"
}
```
# To remove a target from a notification rule (AWS CLI)
1. At a terminal or command prompt, run the the **unsubscribe** command to remove a target. For example, the following command removes an Amazon SNS topic as a target for a notification rule.
```
aws codestar-notifications unsubscribe --arn arn:aws:codestar-notifications:us-east-1:123456789012:notificationrule/dc82df7a-EXAMPLE --target TargetType=SNS,TargetAddress=arn:aws:sns:us-east-1:123456789012:MyNotificationTopic
```
1. If successful, the command returns the ARN of the updated notification rule and information about the removed target, similar to the following.
```
{
"Arn": "arn:aws:codestar-notifications:us-east-1:123456789012:notificationrule/dc82df7a-EXAMPLE"
"TargetAddress": "arn:aws:sns:us-east-1:123456789012:MyNotificationTopic"
}
```
## See also
+ [Edit a notification rule](notification-rule-edit.md)
+ [Enable or disable notifications for a notification rule](notification-rule-enable-disable.md)
# Delete a notification rule target
You can delete a target if it is no longer needed. A resource can only have 10 notification rule targets configured for it, so deleting unneeded targets can help create room for other targets you might want to add to that notification rule.
**Note**
Deleting a notification rule target removes the target from all notification rules configured to use it as a target, but it does not delete the target itself.
# To delete a notification rule target (console)
1. Open the AWS Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/notifications](https://console.aws.amazon.com/codesuite/settings/notifications/).
1. In the navigation bar, expand **Settings**, and then choose **Notification rules**.
1. In **Notification rule targets**, review the list of targets configured for your resources in your AWS account in the AWS Region where you are currently signed in. Use the selector to change the AWS Region.
1. Choose the notification rule target, and then choose **Delete**.
1. Type **delete**, and then choose **Delete**.
# To delete a notification rule target (AWS CLI)
1. At a terminal or command prompt, run the **delete-target** command, specifying the ARN of the target. For example, the following command deletes a target that uses an Amazon SNS topic.
```
aws codestar-notifications delete-target --target-address arn:aws:sns:us-east-1:123456789012:MyNotificationTopic
```
1. If successful, the command returns nothing. If unsuccessful, the command returns an error. The most common error is that the topic is the target for one or more notification rules.
```
An error occurred (ValidationException) when calling the DeleteTarget operation: Unsubscribe target before deleting.
```
You can use the `--force-unsubscribe-all` parameter to remove the target from all notification rules configured to use it as a target, and then delete the target.
```
aws codestar-notifications delete-target --target-address arn:aws:sns:us-east-1:123456789012:MyNotificationTopic --force-unsubscribe-all
```
# Configure integration between notifications and AWS Chatbot
AWS Chatbot is an AWS service that makes it possible for DevOps and software development teams to use Amazon Chime chat rooms, Slack channels, and Microsoft Team channels to monitor and respond to operational events in the AWS Cloud. You can configure integration between notification rule targets and AWS Chatbot so that notifications about events appear in the Amazon Chime room, Slack channel, or Microsoft Teams channel you choose. For more information, see the [AWS Chatbot documentation](https://docs.aws.amazon.com/chatbot/latest/adminguide/what-is.html).
Before you configure integration with AWS Chatbot, you must configure a notification rule and a rule target. For more information, see [Setting up](setting-up.md) and [Create a notification rule](notification-rule-create.md). You must also configure a Slack channel, Microsoft Teams channel, or an Amazon Chime chatroom in AWS Chatbot. For more information, see the documentation for these services.
**Topics**
+ [Configure an AWS Chatbot client for a Slack channel](#notifications-chatbot-configure-client)
+ [Configure an AWS Chatbot client for a Microsoft Teams channel](#notifications-chatbot-configure-client-ts)
+ [Configure clients for Slack or Amazon Chime manually](#notifications-chatbot-configure-manual-client)
## Configure an AWS Chatbot client for a Slack channel
You can create notification rules that use an AWS Chatbot client as a target. If you create a client for a Slack channel, you can use this client directly as a target in the workflow for creating a notification rule. This is the easiest way to set up notifications that appear in Slack channels.
## To create an AWS Chatbot client with Slack to use as a target
1. Follow the instructions in [Setting up AWS Chatbot with Slack](https://docs.aws.amazon.com/chatbot/latest/adminguide/slack-setup.html#slack-client-setup) in the *AWS Chatbot Administrator Guide*. When you do so, consider the following choices for optimal integration with notifications:
+ When creating an IAM role, consider choosing a role name that makes it easy to identify the purpose of this role (for example, **AWSCodeStarNotifications-Chatbot-Slack-Role**). This can help you identify the purpose of the role in the future.
+ In **SNS topics**, you don't have to choose a topic or an AWS Region. When you choose the AWS Chatbot client as a [target](concepts.md#targets), an Amazon SNS topic with all the required permissions is created and configured for the AWS Chatbot client as part of the notification rule creation process.
1. Complete the client creation process. This client is then available for you to choose as a target when creating notification rules. For more information, see [Create a notification rule](notification-rule-create.md).
**Note**
Do not remove the Amazon SNS topic from the AWS Chatbot client after it has been configured for you. Doing so will prevent notifications from being sent to Slack.
## Configure an AWS Chatbot client for a Microsoft Teams channel
You can create notification rules that use an AWS Chatbot client as a target. If you create a client for a Microsoft Teams channel, you can use this client directly as a target in the workflow for creating a notification rule. This is the easiest way to set up notifications that appear in Microsoft Teams channels.
## To create an AWS Chatbot client with Microsoft Teams to use as a target
1. Follow the instructions in [Setting up AWS Chatbot with Microsoft Teams](https://docs.aws.amazon.com/chatbot/latest/adminguide/teams-setup.html#teams-client-setup) in the *AWS Chatbot Administrator Guide*. When you do so, consider the following choices for optimal integration with notifications:
+ When creating an IAM role, consider choosing a role name that makes it easy to identify the purpose of this role (for example, **AWSCodeStarNotifications-Chatbot-Microsoft-Teams-Role**). This can help you identify the purpose of the role in the future.
+ In **SNS topics**, you don't have to choose a topic or an AWS Region. When you choose the AWS Chatbot client as a [target](concepts.md#targets), an Amazon SNS topic with all the required permissions is created and configured for the AWS Chatbot client as part of the notification rule creation process.
1. Complete the client creation process. This client is then available for you to choose as a target when creating notification rules. For more information, see [Create a notification rule](notification-rule-create.md).
**Note**
Do not remove the Amazon SNS topic from the AWS Chatbot client after it has been configured for you. Doing so will prevent notifications from being sent to Microsoft Teams.
## Configure clients for Slack or Amazon Chime manually
You can choose to create the integration between notifications and Slack or Amazon Chime directly. This is the only method available for configuring notifications to Amazon Chime chatrooms. When you configure this integration manually, you create an AWS Chatbot client that uses an Amazon SNS topic that you have previously configured as the target for a notification rule.
## To manually integrate notifications with AWS Chatbot and slack
1. Open the AWS Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/notifications](https://console.aws.amazon.com/codesuite/settings/notifications/).
1. Choose **Settings**, and then choose **Notification rules**.
1. In **Notification rule targets**, find and copy the target.
**Note**
You can configure more than one notification rule to use the same Amazon SNS topic as its target. This can help you consolidate messaging, but can have unintended consequences if the subscription list is intended for one notification rule or resource.
1. Open the AWS Chatbot console at [https://console.aws.amazon.com/chatbot/](https://console.aws.amazon.com/chatbot/).
1. Choose **Configure new client**, and then choose **Slack**.
1. Choose **Configure**.
1. Sign in to your Slack workspace.
1. When you are prompted to confirm the choices, choose **Allow**.
1. Choose **Configure new channel**.
1. In **Configuration details**, in **Configuration name**, enter a name for your client. This is the name that will appear in the list of available targets for the **AWS Chatbot (Slack)** target type when you create notification rules.
1. In **Configure Slack Channel**, in **Channel type**, choose **Public** or **Private**, depending on the type of channel with which you want to integrate.
+ In **Public channel**, choose the name of the Slack channel from the list.
+ In **Private channel ID**, enter the channel code or URL.
1. In **IAM permissions**, in **Role**, choose **Create an IAM role using a template**. In **Policy templates**, choose **Notification permissions**. In **Role name**, enter a name for this role (for example, **AWSCodeStarNotifications-Chatbot-Slack-Role**). In **Policy templates**, choose **Notification permissions**.
1. In **SNS topics**, in **SNS Region**, choose the AWS Region where you created the notification rule target. In **SNS topics**, choose the name of the Amazon SNS topic that you configured as the notification rule target.
**Note**
This step is not necessary if you will create a notification rule using this client as a target.
1. Choose **Configure**.
**Note**
If you configured integration with a private channel, you must invite AWS Chatbot to the channel before you will see notifications in that channel. For more information, see the [AWS Chatbot documentation](https://docs.aws.amazon.com/chatbot/latest/adminguide/what-is.html).
1. (Optional) To test the integration, make a change in the resource that matches an event type for a notification rule that is configured to use the Amazon SNS topic as its target. For example, if you have a notification rule configured to send notifications when comments are made on a pull request, comment on a pull request and then watch the Slack channel in the browser to see when the notification appears.
## To integrate notifications with AWS Chatbot and Amazon Chime
1. Open the AWS Developer Tools console at [https://console.aws.amazon.com/codesuite/settings/notifications](https://console.aws.amazon.com/codesuite/settings/notifications/).
1. Choose **Settings**, and then choose **Notification rules**.
1. In **Notification rule targets**, find and copy the target.
**Note**
You can configure more than one notification rule to use the same Amazon SNS topic as its target. This can help you consolidate messaging, but can have unintended consequences if the subscription list is for one notification rule or resource.
1. In Amazon Chime, open the chatroom that you want to configure for integration.
1. Choose the gear icon in the upper-right corner, and then choose **Manage webhooks**.
1. In the **Manage webhooks** dialog box, choose **New**, enter a name for the webhook, and then choose **Create**.
1. Verify that the webhook appears, and then choose **Copy webhook URL**.
1. Open the AWS Chatbot console at [https://console.aws.amazon.com/chatbot/](https://console.aws.amazon.com/chatbot/).
1. Choose **Configure new client**, and then choose **Amazon Chime**.
1. In **Configuration details**, in **Configuration name**, enter a name for your client.
1. In **Webhook URL**, paste the URL. In **Webhook description**, provide an optional description.
1. In **IAM permissions**, in **Role**, choose **Create an IAM role using a template**. In **Policy templates**, choose **Notification permissions**. In **Role name**, enter a name for this role (for example, **AWSCodeStarNotifications-Chatbot-Chime-Role**).
1. In **SNS topics**, in **SNS Region**, choose the AWS Region where you created the notification rule target. In **SNS topics**, choose the name of the Amazon SNS topic you configured as the notification rule target.
1. Choose **Configure**.
1. (Optional) To test the integration, make a change in the resource that matches an event type for a notification rule that is configured to use the Amazon SNS topic as its target. For example, if you have a notification rule configured to send notifications when comments are made on a pull request, comment on a pull request and then watch the Amazon Chime chatroom to see when the notification appears.
# Logging AWS CodeStar Notifications API calls with AWS CloudTrail
AWS CodeStar Notifications is integrated with AWS CloudTrail, a service that provides a record of actions taken by a user, role, or an AWS service. CloudTrail captures all API calls for notifications as events. The calls captured include calls from the Developer Tools console and code calls to the AWS CodeStar Notifications API operations. If you create a trail, you can enable continuous delivery of CloudTrail events to an Amazon S3 bucket, including events for notifications. If you don't configure a trail, you can still view the most recent events in the CloudTrail console in **Event history**. Using the information collected by CloudTrail, you can determine the request that was made to AWS CodeStar Notifications, the IP address from which the request was made, who made the request, when it was made, and other details.
For more information, see the [AWS CloudTrail User Guide](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/).
## AWS CodeStar Notifications information in CloudTrail
CloudTrail is enabled on your AWS account when you create the account. When activity occurs in AWS CodeStar Notifications, that activity is recorded in a CloudTrail event along with other AWS service events in **Event history**. You can view, search, and download recent events in your AWS account. For more information, see [Viewing events with CloudTrail event history](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/view-cloudtrail-events.html).
For an ongoing record of events in your AWS account, including events for AWS CodeStar Notifications, create a trail. A *trail* enables CloudTrail to deliver log files to an Amazon S3 bucket. By default, when you create a trail in the console, the trail applies to all AWS Regions. The trail logs events from all Regions in the AWS partition and delivers the log files to the Amazon S3 bucket that you specify. Additionally, you can configure other AWS services to further analyze and act upon the event data collected in CloudTrail logs. For more information, see the following:
+ [Overview for creating a trail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-create-and-update-a-trail.html)
+ [CloudTrail supported services and integrations](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-aws-service-specific-topics.html#cloudtrail-aws-service-specific-topics-integrations)
+ [Configuring Amazon SNS notifications for CloudTrail](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/getting_notifications_top_level.html)
+ [Receiving CloudTrail log files from multiple regions](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/receive-cloudtrail-log-files-from-multiple-regions.html) and [Receiving CloudTrail log files from multiple accounts](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-receive-logs-from-multiple-accounts.html)
All AWS CodeStar Notifications actions are logged by CloudTrail and are documented in the *[AWS CodeStar Notifications API Reference](https://docs.aws.amazon.com/codestar-notifications/latest/APIReference/)*. For example, calls to the `CreateNotificationRule`, `Subscribe` and `ListEventTypes` actions generate entries in the CloudTrail log files.
Every event or log entry contains information about who generated the request. The identity information helps you determine the following:
+ Whether the request was made with root or AWS Identity and Access Management (IAM) user credentials.
+ Whether the request was made with temporary security credentials for a role or federated user.
+ Whether the request was made by another AWS service.
For more information, see the [CloudTrail userIdentity element](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-user-identity.html).
## Understanding log file entries
A trail is a configuration that enables delivery of events as log files to an Amazon S3 bucket that you specify. CloudTrail log files contain one or more log entries. An event represents a single request from any source and includes information about the requested action, the date and time of the action, request parameters, and so on. CloudTrail log files aren't an ordered stack trace of the public API calls, so they don't appear in any specific order.
The following example shows a CloudTrail log entry that demonstrates the creation of a notification rule, including both the `CreateNotificationRule` and `Subscribe` actions.
**Note**
Some of the events in notification log file entries might come from the service-linked role AWSServiceRoleForCodeStarNotifications.
```
{
"eventVersion": "1.05",
"userIdentity": {
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::123456789012:user/Mary_Major",
"accountId":"123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName":"Mary_Major"
},
"eventTime": "2019-10-07T21:34:41Z",
"eventSource": "events.amazonaws.com",
"eventName": "CreateNotificationRule",
"awsRegion": "us-east-1",
"sourceIPAddress": "codestar-notifications.amazonaws.com",
"userAgent": "codestar-notifications.amazonaws.com",
"requestParameters": {
"description": "This rule is used to route CodeBuild, CodeCommit, CodePipeline, and other Developer Tools notifications to AWS CodeStar Notifications",
"name": "awscodestarnotifications-rule",
"eventPattern": "{\"source\":[\"aws.codebuild\",\"aws.codecommit\",\"aws.codepipeline\"]}"
},
"responseElements": {
"ruleArn": "arn:aws:events:us-east-1:123456789012:rule/awscodestarnotifications-rule"
},
"requestID": "ff1f309a-EXAMPLE",
"eventID": "93c82b07-EXAMPLE",
"eventType": "AwsApiCall",
"apiVersion": "2015-10-07",
"recipientAccountId": "123456789012"
}
```
```
{
"eventVersion": "1.05",
"userIdentity": {
"type":"IAMUser",
"principalId":"AIDACKCEVSQ6C2EXAMPLE",
"arn":"arn:aws:iam::123456789012:user/Mary_Major",
"accountId":"123456789012",
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"userName":"Mary_Major"
},
"eventTime": "2019-10-07T21:34:41Z",
"eventSource": "events.amazonaws.com",
"eventName": "Subscribe",
"awsRegion": "us-east-1",
"sourceIPAddress": "codestar-notifications.amazonaws.com",
"userAgent": "codestar-notifications.amazonaws.com",
"requestParameters": {
"targets": [
{
"arn": "arn:aws:codestar-notifications:us-east-1:::",
"id": "codestar-notifications-events-target"
}
],
"rule": "awscodestarnotifications-rule"
},
"responseElements": {
"failedEntryCount": 0,
"failedEntries": []
},
"requestID": "9466cbda-EXAMPLE",
"eventID": "2f79fdad-EXAMPLE",
"eventType": "AwsApiCall",
"apiVersion": "2015-10-07",
"recipientAccountId": "123456789012"
}
```
# Troubleshooting
The following information might help you troubleshoot common issues with notifications.
**Topics**
+ [I get a permissions error when I try to create a notification rule on a resource](#troubleshooting-permissions-error)
+ [I cannot view notification rules](#troubleshooting-cannot-view)
+ [I cannot create notification rules](#troubleshooting-cannot-create-rule)
+ [I am receiving notifications for a resource I can't access](#troubleshooting-resource-no-access)
+ [I am not receiving Amazon SNS notifications](#troubleshooting-no-SNS)
+ [I am receiving duplicate notifications about events](#troubleshooting-duplicate-notifications)
+ [I want to understand why a notification target status shows as unreachable](#troubleshooting-resource-unavailable)
+ [I want to increase my quotas for notifications and resources](#troubleshooting-limit-increase)
## I get a permissions error when I try to create a notification rule on a resource
Make sure that you have sufficient permissions. For more information, see [Identity-based policy examples](security_iam_id-based-policy-examples.md).
## I cannot view notification rules
**Problem:** When you are in the Developer Tools console and choose **Notifications** under **Settings**, you see a permissions error.
**Possible fixes:** You might not have the permissions required to view notifications. While most managed policies for AWS Developer Tools services, such as CodeCommit and CodePipeline, include permissions for notifications, services that do not currently support notifications do not include permissions to view them. Alternatively, you might have a custom policy applied to your IAM user or role that does not allow you to view notifications. For more information, see [Identity-based policy examples](security_iam_id-based-policy-examples.md).
## I cannot create notification rules
You might not have the permissions required to create a notification rule. For more information, see [Identity-based policy examples](security_iam_id-based-policy-examples.md).
## I am receiving notifications for a resource I can't access
When you create a notification rule and add a target, the notifications feature does not validate whether the recipient has access to the resource. It is possible for you to receive notifications about a resource that you can't access. If you cannot remove yourself, ask to be removed from the subscription list for the target.
## I am not receiving Amazon SNS notifications
To troubleshoot problems with the Amazon SNS topic, check the following:
+ Make sure that the Amazon SNS topic was created in the same AWS Region as the notification rule.
+ Make sure that your email alias is subscribed to the correct topic and that you have confirmed the subscription. For more information, see [Subscribing an endpoint to an Amazon SNS topic](https://docs.aws.amazon.com/sns/latest/dg/sns-tutorial-create-subscribe-endpoint-to-topic.html).
+ Verify that the topic policy has been edited to allow AWS CodeStar Notifications to push notifications to that topic. The topic policy should include a statement similar to the following:
```
{
"Sid": "AWSCodeStarNotifications_publish",
"Effect": "Allow",
"Principal": {
"Service": [
"codestar-notifications.amazonaws.com"
]
},
"Action": "SNS:Publish",
"Resource": "arn:aws:sns:us-east-1:123456789012:MyNotificationTopicName",
"Condition": {
"StringEquals": {
"aws:SourceAccount": "123456789012"
}
}
}
```
For more information, see [Configure Amazon SNS topics for notifications](set-up-sns.md).
## I am receiving duplicate notifications about events
Here are the most common reasons for receiving multiple notifications:
+ Multiple notification rules that include the same event type have been configured for a resource, and you are subscribed to the Amazon SNS topics that are the targets for those rules. To solve this issue, either unsubscribe from one of the topics or edit the notification rules to remove duplication.
+ One or more notification rule targets are integrated with AWS Chatbot and you are receiving notifications in your email inbox and a Slack channel, Microsoft Teams channel, or Amazon Chime chatroom. To solve this issue, consider unsubscribing your email address from the Amazon SNS topic that is the target for the rule and use the Slack channel, Microsoft Teams channel, or Amazon Chime chatroom to view notifications.
## I want to understand why a notification target status shows as unreachable
Targets have two possible statuses: ***Active*** and ***Unreachable***. **Unreachable** indicates that notifications were sent to a target, and the delivery was not successful. Notifications continue to be sent to that target, and if successful, the status resets to **Active**.
The target for a notification rule might become unavailable for one of the following reasons:
+ The resource (Amazon SNS topic or AWS Chatbot client) has been deleted. Choose another target for the notification rule.
+ The Amazon SNS topic is encrypted, and either the required policy for encrypted topics is missing, or the AWS KMS key has been deleted. For more information, see [Configure Amazon SNS topics for notifications](set-up-sns.md).
+ The Amazon SNS topic does not have the required policy for notifications. Notifications cannot be sent to an Amazon SNS topic unless it has the policy. For more information, see [Configure Amazon SNS topics for notifications](set-up-sns.md).
+ The supporting service for the target (Amazon SNS or AWS Chatbot) might be experiencing issues.
## I want to increase my quotas for notifications and resources
Currently, you cannot change any quotas. See [Quotas for notifications](limits.md).
# Quotas for notifications
The following table lists the quotas (also referred to as *limits*) for notifications in the Developer Tools console. For information about limits that can be changed, see [AWS service quotas](https://docs.aws.amazon.com/general/latest/gr/aws_service_limits.html).
| Resource | Default limit |
| --- | --- |
| Maximum number of notification rules in an AWS account | 1000 |
| Maximum number of targets for a notification rule | 10 |
| Maximum number of notification rules for a resource | 10 |