(Optional) Access policy – Select Advanced and replace the default access policy with the code below
Note: The default access policy allows any user or service within your AWS account to publish (send) and/or subscribe (receive) to this SNS topic (along with granting all other SNS actions), thus making it a vehicle for data exfiltration in the event of an account breach. It is highly recommended to replace the default access policy with the one shown here. The access policy shown here only allows CloudWatch to access the SNS topic, and only allows publishing.{ "Sid": "Allow_Publish_Alarms", "Effect": "Allow", "Principal": { "Service": [ "cloudwatch.amazonaws.com" ] }, "Action": "sns:Publish", "Resource": "arn:aws:sns:<region>:<account-id>:<topic-name>" }
Change <region> to the Region monitored by this SNS topic, <account-id> to your account ID, and <topic-name> to the name of your SNS topic (OnPage)
Create SNS subscription
Select OnPage as the Topic ARN
Select HTTPS as the Protocol
Copy and paste the subscription link below as the End Point Copy
Uncheck Enable raw message delivery and Create Subscription
Validate Subscription Status is Confirmed
In AWS CloudWatch
Create or modify alarms to your specific metrics or conditions
Trigger ALARM, OK or INSUFFICIENT
Select the created SNS OnPage topic to Send notifications to
Next, Add Alarm name, Next, Review and Create alarm on AWS
(Right side of this page) Add OnPage notification Triggers
Set Trigger name
Select OnPage notification recipient(s)
Create conditions
Create OnPage Notification Template
To learn how to deploy via Infrastructure-as-a-code visit Setup Help
