On This Page

Home / Cribl Insights/ Alerts/ Notifications/ Targets/AWS SNS Target

AWS SNS Target

AWS SNS targets publish alert notifications to an Amazon Amazon Simple Notification Service (SNS) topic. Other systems (Lambda functions, SQS queues, HTTP endpoints, email, SMS) can subscribe to that topic to fan out alerts.

General Settings

Target ID: Enter a unique ID used to identify the target. This will show in the Target ID column of the Targets tab. It can’t be changed later, so make sure you like it.

Configuration

Destination type: Defaults to Topic ARN. For the Phone number option, skip to the Region setting.

Default Topic ARN: The Amazon Resource Name (ARN) of the Amazon SNS topic to which you want to send Notifications. Enter the ARN in the following format:

arn:aws:sns:region:account-id:MyTopic

// for example:
// arn:aws:sns:us-west-2:000000000000:my-topic

If you use a non-AWS URL, the format must be:

{url}/myQueueName

// for example:
// https://host:port/myQueueName

The default topic ARN must be a JavaScript expression (which can evaluate to a constant value), enclosed in quotes or backticks. Can be evaluated only at initialization time. For example, if you’re referencing a global variable: `https://host:port/myQueue-${C.vars.myVar}`. This value can be overridden by the Notification event __topicArn field.

Topic type: The type of the topic selected in AWS SNS. Can be Standard or FIFO.

Message group ID: The tag that specifies that a message belongs to a specific message group. Messages that belong to the same message group are processed in a first in, first out (FIFO) manner. Must be a JavaScript expression (which can evaluate to a constant value), enclosed in quotes or backticks. Can be evaluated only at initialization time. For example, referencing a global variable: `https://host:port/myQueue-${C.vars.myVar}`.

Region: The Region associated with the Amazon S3 bucket.

Default Phone number: A comma-separated list of phone numbers that are allowed to receive Notifications. This value can be overridden by the Notification event __phoneNumber field. You can use * as the wildcard character. For example: +15555550123, +15555551***.

Phone number allowlist: A wildcard list of phone numbers that are allowed to receive SMS notifications.

Authentication

Auto: This default option uses the AWS instance’s metadata service to automatically obtain short-lived credentials from the IAM role attached to an EC2 instance, local credentials, sidecar, or other source. The attached IAM role grants Cribl access to authorized AWS resources. Can also use the environment variables AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY. Works only when running on AWS.

Manual: If not running on AWS, you can select this option to enter a static set of user-associated IAM credentials (your access key and secret key) directly or by reference.

The Manual option exposes these additional fields:

  • Access key: Enter your AWS access key. If not present, will fall back to the env.AWS_ACCESS_KEY_ID environment variable, or to the metadata endpoint for IAM role credentials.

  • Secret key: Enter your AWS secret key. If not present, will fall back to the env.AWS_SECRET_ACCESS_KEY environment variable, or to the metadata endpoint for IAM credentials.

The values for Access key and Secret key can be a constant, or, a JavaScript expression enclosed in quotes or backticks. For environment variables, use a JavaScript expression, for example: ${C.env.MY_VAR}.

Assume Role

Enable for SNS: Toggle on to define an IAM Role to use, instead of automatically detecting one locally.

AssumeRole ARN: Enter the Amazon Resource Name (ARN) of the role to assume.

External ID: Enter the External ID to use when assuming role. This is required only when assuming a role that requires this ID to delegate third-party access. For details, see AWS documentation.

Duration (seconds): Duration of the Assumed Role’s session, in seconds. Minimum is 900 (15 minutes). Maximum is 43200 (12 hours). Defaults to 3600 (1 hour).

Post-Processing

System fields: A list of fields to automatically add to events that use this output. By default, includes cribl_host (identifying the Node that processed the event). Supports wildcards.

Advanced Settings

Maximum number of retries: The maximum number of retries before the output returns an error. The retries use an exponential backoff policy.

Endpoint: The SNS service endpoint. If empty, defaults to AWS Region-specific endpoint. Otherwise, it must point to an SNS-compatible endpoint.

Signature version: Signature version to use for signing SNS requests. Defaults to v4.

Reuse connections: Whether to reuse connections between requests. Toggling on (default) can improve performance.

Reject unauthorized certificates: Toggle off to accept certificates that cannot be verified against a valid Certificate Authority (for example, self-signed certificates). Defaults to toggled off.