支援終止通知:2026 年 5 月 20 日, AWS 將終止對 的支援 AWS IoT Events。2026 年 5 月 20 日之後,您將無法再存取 AWS IoT Events 主控台或 AWS IoT Events 資源。如需詳細資訊,請參閱[AWS IoT Events 終止支援](https://docs.aws.amazon.com/iotevents/latest/developerguide/iotevents-end-of-support.html)。
本文為英文版的機器翻譯版本,如內容有任何歧義或不一致之處,概以英文版為準。
# 在 中管理警示通知 AWS IoT Events
AWS IoT Events 與 Lambda 整合,提供自訂事件處理功能。本節說明如何在 AWS IoT Events 偵測器模型中使用 Lambda 函數,讓您執行複雜的邏輯、與外部服務互動,以及實作複雜的事件處理。
AWS IoT Events 使用 Lambda 函數來管理警示通知。您可以使用 提供的 Lambda 函數, AWS IoT Events 或建立新的函數。
**Topics**
+ [在 中建立 Lambda 函數 AWS IoT Events](alarms-create-lambda.md)
+ [使用 提供的 Lambda 函數 AWS IoT Events](use-alarm-notifications.md)
+ [在 中管理警示收件人的 IAM Identity Center 存取權 AWS IoT Events](sso-authorization-recipients.md)
# 在 中建立 Lambda 函數 AWS IoT Events
AWS IoT Events 提供 Lambda 函數,可讓警示傳送和接收電子郵件和簡訊通知。
## 要求
當您為警示建立 Lambda 函數時,適用下列要求:
+ 如果您的警示傳送簡訊通知,請確定 Amazon SNS 已設定為傳送簡訊。
+ 如需詳細資訊,請參閱下列 文件:
+ 《[Amazon Simple Notification Service 開發人員指南》中的具有 Amazon SNS ](https://docs.aws.amazon.com/sns/latest/dg/sns-mobile-phone-number-as-subscriber.html)[和 Amazon SNS SMS 訊息來源身分](https://docs.aws.amazon.com/sns/latest/dg/channels-sms-originating-identities.html)的行動簡訊。 **
+ *AWS SMS 《 使用者指南*》中的[什麼是 AWS 最終使用者傳訊 SMS?](https://docs.aws.amazon.com/sms-voice/latest/userguide/what-is-sms-mms.html)。
+ 如果您的警示傳送電子郵件或簡訊通知,您必須具有允許 AWS Lambda 使用 Amazon SES 和 Amazon SNS 的 IAM 角色。
範例政策:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ses:GetIdentityVerificationAttributes",
"ses:SendEmail",
"ses:VerifyEmailIdentity"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"sns:Publish",
"sns:OptInPhoneNumber",
"sns:CheckIfPhoneNumberIsOptedOut",
"sms-voice:DescribeOptedOutNumbers"
],
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "sns:Publish",
"Resource": "arn:aws:sns:*:*:*"
},
{
"Effect" : "Allow",
"Action" : [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource" : "*"
}
]
}
```
------
+ 您必須為 AWS IoT Events 和 選擇相同的 AWS 區域 AWS Lambda。如需支援的區域清單,請參閱 中的[AWS IoT Events 端點和配額](https://docs.aws.amazon.com/general/latest/gr/iot-events.html),以及[AWS Lambda 端點和配額](https://docs.aws.amazon.com/general/latest/gr/lambda-service.html)*Amazon Web Services 一般參考*。
# 部署 Lambda 函數以 AWS IoT Events 使用 CloudFormation
本教學課程使用 CloudFormation 範本來部署 Lambda 函數。此範本會自動建立 IAM 角色,允許 Lambda 函數使用 Amazon SES 和 Amazon SNS。
以下說明如何使用 AWS Command Line Interface (AWS CLI) 來建立 CloudFormation 堆疊。
1. 在裝置的終端機中,執行 `aws --version` 以檢查是否已安裝 AWS CLI。如需詳細資訊,請參閱 *AWS Command Line Interface User Guide* 中的 [Installing or updating to the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html)。
1. 執行 `aws configure list` 以檢查您是否 AWS CLI 在具有本教學課程所有 AWS 資源的 AWS 區域中設定 。如需詳細資訊,請參閱*AWS Command Line Interface 《 使用者指南*》中的[使用命令設定和檢視組態設定](https://docs.aws.amazon.com/cli/latest/userguide/cli-configure-files.html#cli-configure-files-methods)
1. 下載 CloudFormation 範本 [notificationLambda.template.yaml.zip](samples/notificationLambda.template.yaml.zip)。
**注意**
如果您在下載檔案時遇到困難,也可以在 中使用範本[CloudFormation 範本](alarms-create-lambda.md#cfn-template)。
1. 解壓縮內容並以 `notificationLambda.template.yaml` 儲存在本機。
1. 在您的裝置上開啟終端機,並導覽至您下載`notificationLambda.template.yaml`檔案的目錄。
1. 若要建立 CloudFormation 堆疊,請執行下列命令:
```
aws cloudformation create-stack --stack-name notificationLambda-stack --template-body file://notificationLambda.template.yaml --capabilities CAPABILITY_IAM
```
您可以修改此 CloudFormation 範本來自訂 Lambda 函數及其行為。
**注意**
AWS Lambda 會重試函數錯誤兩次。如果函式沒有足夠的容量來處理所有傳入的請求,事件可能在佇列中等待數小時或數天才會傳送到函式。您可以在函數上設定未傳遞訊息佇列 (DLQ),以擷取未成功處理的事件。如需詳細資訊,請參閱 *AWS Lambda 開發人員指南*中的[非同步叫用](https://docs.aws.amazon.com/lambda/latest/dg/invocation-async.html)。
您也可以在 CloudFormation 主控台中建立或設定堆疊。如需詳細資訊,請參閱*AWS CloudFormation 《 使用者指南*》中的[使用堆疊](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacks.html)。
# 為 建立自訂 Lambda 函數 AWS IoT Events
您可以建立 Lambda 函數或修改 提供的函數 AWS IoT Events。
當您建立自訂 Lambda 函數時,適用下列要求。
+ 新增允許 Lambda 函數執行指定動作和存取 AWS 資源的許可。
+ 如果您使用 提供的 Lambda 函數 AWS IoT Events,請務必選擇 Python 3.7 執行時間。
Lambda 函數範例:
```
import boto3
import json
import logging
import datetime
logger = logging.getLogger()
logger.setLevel(logging.INFO)
ses = boto3.client('ses')
sns = boto3.client('sns')
def check_value(target):
if target:
return True
return False
# Check whether email is verified. Only verified emails are allowed to send emails to or from.
def check_email(email):
if not check_value(email):
return False
result = ses.get_identity_verification_attributes(Identities=[email])
attr = result['VerificationAttributes']
if (email not in attr or attr[email]['VerificationStatus'] != 'Success'):
logging.info('Verification email for {} sent. You must have all the emails verified before sending email.'.format(email))
ses.verify_email_identity(EmailAddress=email)
return False
return True
# Check whether the phone holder has opted out of receiving SMS messages from your account
def check_phone_number(phone_number):
try:
result = sns.check_if_phone_number_is_opted_out(phoneNumber=phone_number)
if (result['isOptedOut']):
logger.info('phoneNumber {} is not opt in of receiving SMS messages. Phone number must be opt in first.'.format(phone_number))
return False
return True
except Exception as e:
logging.error('Your phone number {} must be in E.164 format in SSO. Exception thrown: {}'.format(phone_number, e))
return False
def check_emails(emails):
result = True
for email in emails:
if not check_email(email):
result = False
return result
def lambda_handler(event, context):
logging.info('Received event: ' + json.dumps(event))
nep = json.loads(event.get('notificationEventPayload'))
alarm_state = nep['alarmState']
default_msg = 'Alarm ' + alarm_state['stateName'] + '\n'
timestamp = datetime.datetime.utcfromtimestamp(float(nep['stateUpdateTime'])/1000).strftime('%Y-%m-%d %H:%M:%S')
alarm_msg = "{} {} {} at {} UTC ".format(nep['alarmModelName'], nep.get('keyValue', 'Singleton'), alarm_state['stateName'], timestamp)
default_msg += 'Sev: ' + str(nep['severity']) + '\n'
if (alarm_state['ruleEvaluation']):
property = alarm_state['ruleEvaluation']['simpleRule']['inputProperty']
default_msg += 'Current Value: ' + str(property) + '\n'
operator = alarm_state['ruleEvaluation']['simpleRule']['operator']
threshold = alarm_state['ruleEvaluation']['simpleRule']['threshold']
alarm_msg += '({} {} {})'.format(str(property), operator, str(threshold))
default_msg += alarm_msg + '\n'
emails = event.get('emailConfigurations', [])
logger.info('Start Sending Emails')
for email in emails:
from_adr = email.get('from')
to_adrs = email.get('to', [])
cc_adrs = email.get('cc', [])
bcc_adrs = email.get('bcc', [])
msg = default_msg + '\n' + email.get('additionalMessage', '')
subject = email.get('subject', alarm_msg)
fa_ver = check_email(from_adr)
tas_ver = check_emails(to_adrs)
ccas_ver = check_emails(cc_adrs)
bccas_ver = check_emails(bcc_adrs)
if (fa_ver and tas_ver and ccas_ver and bccas_ver):
ses.send_email(Source=from_adr,
Destination={'ToAddresses': to_adrs, 'CcAddresses': cc_adrs, 'BccAddresses': bcc_adrs},
Message={'Subject': {'Data': subject}, 'Body': {'Text': {'Data': msg}}})
logger.info('Emails have been sent')
logger.info('Start Sending SNS message to SMS')
sns_configs = event.get('smsConfigurations', [])
for sns_config in sns_configs:
sns_msg = default_msg + '\n' + sns_config.get('additionalMessage', '')
phone_numbers = sns_config.get('phoneNumbers', [])
sender_id = sns_config.get('senderId')
for phone_number in phone_numbers:
if check_phone_number(phone_number):
if check_value(sender_id):
sns.publish(PhoneNumber=phone_number, Message=sns_msg, MessageAttributes={'AWS.SNS.SMS.SenderID':{'DataType': 'String','StringValue': sender_id}})
else:
sns.publish(PhoneNumber=phone_number, Message=sns_msg)
logger.info('SNS messages have been sent')
```
如需詳細資訊,請參閱 *AWS Lambda 開發人員指南*中的[什麼是 AWS Lambda?](https://docs.aws.amazon.com/lambda/latest/dg/welcome.html)。
## CloudFormation 範本
使用下列 CloudFormation 範本建立 Lambda 函數。
```
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Notification Lambda for Alarm Model'
Resources:
NotificationLambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
Path: "/"
ManagedPolicyArns:
- 'arn:aws:iam::aws:policy/AWSLambdaExecute'
Policies:
- PolicyName: "NotificationLambda"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "ses:GetIdentityVerificationAttributes"
- "ses:SendEmail"
- "ses:VerifyEmailIdentity"
Resource: "*"
- Effect: "Allow"
Action:
- "sns:Publish"
- "sns:OptInPhoneNumber"
- "sns:CheckIfPhoneNumberIsOptedOut"
- "sms-voice:DescribeOptedOutNumbers"
Resource: "*"
- Effect: "Deny"
Action:
- "sns:Publish"
Resource: "arn:aws:sns:*:*:*"
NotificationLambdaFunction:
Type: AWS::Lambda::Function
Properties:
Role: !GetAtt NotificationLambdaRole.Arn
Runtime: python3.7
Handler: index.lambda_handler
Timeout: 300
MemorySize: 3008
Code:
ZipFile: |
import boto3
import json
import logging
import datetime
logger = logging.getLogger()
logger.setLevel(logging.INFO)
ses = boto3.client('ses')
sns = boto3.client('sns')
def check_value(target):
if target:
return True
return False
# Check whether email is verified. Only verified emails are allowed to send emails to or from.
def check_email(email):
if not check_value(email):
return False
result = ses.get_identity_verification_attributes(Identities=[email])
attr = result['VerificationAttributes']
if (email not in attr or attr[email]['VerificationStatus'] != 'Success'):
logging.info('Verification email for {} sent. You must have all the emails verified before sending email.'.format(email))
ses.verify_email_identity(EmailAddress=email)
return False
return True
# Check whether the phone holder has opted out of receiving SMS messages from your account
def check_phone_number(phone_number):
try:
result = sns.check_if_phone_number_is_opted_out(phoneNumber=phone_number)
if (result['isOptedOut']):
logger.info('phoneNumber {} is not opt in of receiving SMS messages. Phone number must be opt in first.'.format(phone_number))
return False
return True
except Exception as e:
logging.error('Your phone number {} must be in E.164 format in SSO. Exception thrown: {}'.format(phone_number, e))
return False
def check_emails(emails):
result = True
for email in emails:
if not check_email(email):
result = False
return result
def lambda_handler(event, context):
logging.info('Received event: ' + json.dumps(event))
nep = json.loads(event.get('notificationEventPayload'))
alarm_state = nep['alarmState']
default_msg = 'Alarm ' + alarm_state['stateName'] + '\n'
timestamp = datetime.datetime.utcfromtimestamp(float(nep['stateUpdateTime'])/1000).strftime('%Y-%m-%d %H:%M:%S')
alarm_msg = "{} {} {} at {} UTC ".format(nep['alarmModelName'], nep.get('keyValue', 'Singleton'), alarm_state['stateName'], timestamp)
default_msg += 'Sev: ' + str(nep['severity']) + '\n'
if (alarm_state['ruleEvaluation']):
property = alarm_state['ruleEvaluation']['simpleRule']['inputProperty']
default_msg += 'Current Value: ' + str(property) + '\n'
operator = alarm_state['ruleEvaluation']['simpleRule']['operator']
threshold = alarm_state['ruleEvaluation']['simpleRule']['threshold']
alarm_msg += '({} {} {})'.format(str(property), operator, str(threshold))
default_msg += alarm_msg + '\n'
emails = event.get('emailConfigurations', [])
logger.info('Start Sending Emails')
for email in emails:
from_adr = email.get('from')
to_adrs = email.get('to', [])
cc_adrs = email.get('cc', [])
bcc_adrs = email.get('bcc', [])
msg = default_msg + '\n' + email.get('additionalMessage', '')
subject = email.get('subject', alarm_msg)
fa_ver = check_email(from_adr)
tas_ver = check_emails(to_adrs)
ccas_ver = check_emails(cc_adrs)
bccas_ver = check_emails(bcc_adrs)
if (fa_ver and tas_ver and ccas_ver and bccas_ver):
ses.send_email(Source=from_adr,
Destination={'ToAddresses': to_adrs, 'CcAddresses': cc_adrs, 'BccAddresses': bcc_adrs},
Message={'Subject': {'Data': subject}, 'Body': {'Text': {'Data': msg}}})
logger.info('Emails have been sent')
logger.info('Start Sending SNS message to SMS')
sns_configs = event.get('smsConfigurations', [])
for sns_config in sns_configs:
sns_msg = default_msg + '\n' + sns_config.get('additionalMessage', '')
phone_numbers = sns_config.get('phoneNumbers', [])
sender_id = sns_config.get('senderId')
for phone_number in phone_numbers:
if check_phone_number(phone_number):
if check_value(sender_id):
sns.publish(PhoneNumber=phone_number, Message=sns_msg, MessageAttributes={'AWS.SNS.SMS.SenderID':{'DataType': 'String','StringValue': sender_id}})
else:
sns.publish(PhoneNumber=phone_number, Message=sns_msg)
logger.info('SNS messages have been sent')
```
# 使用 提供的 Lambda 函數 AWS IoT Events
透過警示通知,您可以使用 提供的 Lambda 函數 AWS IoT Events 來管理警示通知。
當您使用 AWS IoT Events 提供的 Lambda 函數來管理警示通知時,適用下列要求:
+ 您必須驗證在 Amazon Simple Email Service (Amazon SES中傳送電子郵件通知的電子郵件地址。如需詳細資訊,請參閱《*Amazon Simple Email Service 開發人員指南*》中的[驗證電子郵件地址身分](https://docs.aws.amazon.com/ses/latest/dg/creating-identities.html#just-verify-email-proc)。
如果您收到驗證連結,請按一下連結來驗證您的電子郵件地址。您也可以檢查垃圾郵件資料夾是否有驗證電子郵件。
+ 如果您的警示傳送簡訊通知,您必須針對電話號碼使用 E.164 國際電話號碼格式。此格式包含 `+`。
電話號碼範例:
[\[See the AWS documentation website for more details\]](http://docs.aws.amazon.com/zh_tw/iotevents/latest/developerguide/use-alarm-notifications.html)
若要尋找國家/地區呼叫代碼,請前往 https://[countrycode.org](https://countrycode.org/)。
提供的 Lambda 函數會 AWS IoT Events 檢查您是否使用 E.164 格式的電話號碼。不過,它不會驗證電話號碼。如果您確定您輸入了正確的電話號碼,但未收到簡訊通知,您可以聯絡電信業者。電信業者可能會封鎖訊息。
# 在 中管理警示收件人的 IAM Identity Center 存取權 AWS IoT Events
AWS IoT Events 使用 AWS IAM Identity Center 來管理警示收件人的 SSO 存取。為 AWS IoT Events 通知收件人實作 IAM Identity Center 可以增強安全性和使用者體驗。若要啟用警示以傳送通知給收件人,您必須啟用 IAM Identity Center,並將收件人新增至您的 IAM Identity Center 存放區。如需詳細資訊,請參閱*AWS IAM Identity Center 《 使用者指南》*中的[新增使用者](https://docs.aws.amazon.com/singlesignon/latest/userguide/addusers.html)。
**重要**
您必須為 AWS IoT Events AWS Lambda和 IAM Identity Center 選擇相同的 AWS 區域。
AWS Organizations 一次僅支援一個 IAM Identity Center 區域。如果您想要在不同區域中提供 IAM Identity Center,您必須先刪除目前的 IAM Identity Center 組態。如需詳細資訊,請參閱*AWS IAM Identity Center 《 使用者指南》*中的 [IAM Identity Center 區域資料](https://docs.aws.amazon.com/singlesignon/latest/userguide/regions.html#region-data)。