This CloudFormation stack configures the required resources (SNS, KMS, Lambda) to send Cloud Conformity notifications through to Google Chat channels via the incoming-webhooks feature.
- AWS CloudFormation
- AWS IAM
- AWS KMS
- AWS Lambda using Python 3.8 Runtime
- AWS SNS
Information / access you need to install the solution
- Access to Google Chat 'Manage Incoming Webhooks' feature
- Administrator or Power User access to Cloud One Conformity.
- Access to AWS and write permissions to the following services: CloudFormation, IAM, SNS, Lambda, KMS
- Log into Google Chat and create an incoming webhook in your desired channel (Channel Settings -> Manage Webhooks -> Add Webhook). Copy the Webhook URL to your clipboard as you will need this in the following steps.
- Log into the AWS Account you plan on running the stack in and open the CloudFormation Service. Select "Create Stack".
- Under the specify template section select "Upload a template file" and upload the provided template file and select Next. Give the stack a name and fill in the WebhookUrl parameter which the URL you copied in step 1. Click next and acknowledge the creation of IAM resources. Click Create Stack and wait for create complete status.
- Once the stack creation completes, browse to the "Outputs" tab and copy down the ARN of the resulting SNS Topic.
- Log into Conformity and navigate to the communication settings page for the account you wish to setup the webhook for. Select "Amazon SNS" as the communication channel type.
- Select your desired triggers eg: Status "Failure", Risk level: Extreme, Very high, High and click Save.
- Select 'Configure Now...' to set the Amazon SNS Topic. Paste in the value you copied from the Cloudformation output tabs. Ensure there are no leading or trailing spaces and select save. If successful you should receive a "Test message from Cloud Conformity" within your google chat channel.
- Turn on either Automatic or Manual notifications and the webhook setup is now complete.
- Tom Ryan - Initial work - TomRyan-321
This project is licensed under the MIT License - see the LICENSE file for details