To send RightScale authorization events to a specific location using Amazon SNS.
Table of Contents
You can send authentication events through Amazon SNS each time a RightScale user authenticates against the RightScale Dashboard or API. Amazon's Simple Notification Services enables applications, end-users, and devices to instantly send and receive notifications from the cloud. The purpose of this tutorial is to show RightScale account managers how to monitor authentication events of RightScale's Dashboard and API and have those events sent either through HTTP/HTTPS, email, or to an AWS SQS.
NOTE: An AWS SNS Topic ARN consists of the region the Topic ARN was created in, an AWS ID, and the name of the Topic ARN. When Authorization Logging is enabled and saved, RightScale automatically generates this value for your account. The AWS ID contained with the Topic ARN has no association with the AWS Account Number associated with your own AWS account. The 12-digit AWS Account Number associated with the RightScale account is listed as the Subscriber AWS Account Number.
Once the Authorization Logging feature is enabled for the RightScale account, you can set up a subscription to an Amazon SNS Topic that will allow you to send SNS notifications to a different user than the designated owner of a RightScale account and choose from other protocol options than the default (email) protocol. For example, you might want to send notifications to an email alias (e.g. email@example.com) or to a third party service like Splunk or Loggly.
Endpoint - The correct syntax for the endpoint is different depending on the protocol selection.
HTTP/HTTPS - Specify a URL where an HTTP POST containing the information will be sent, which is useful for users of Splunk, Loggly, or other data monitoring tools and services.
Email/Email-JSON - Specify the email address that will receive event notifications as either raw text (Email) or JSON objects (Email-JSON).
Amazon SQS - Specify an AWS SQS queue as the endpoint. If you are monitoring your AWS SQS queue through RightScale, see Enable Authentication Logging with an AWS SQS in RightScale. You can also choose to have messages sent as an SMS text message to a valid phone number (due to SMS restrictions, if a notification exceeds 140 characters, the remainder will be truncated).
Application - Specify a complete string with the application name. (e.g. arn:aws:sns:us-east-1:123456123456:authorization-223344)
© 2006-2014 RightScale, Inc. All rights reserved.
RightScale is a registered trademark of RightScale, Inc. All other products and services may be trademarks or servicemarks of their respective owners.