How can I get my Amazon SNS topic to receive Amazon RDS notifications?

4 minute read
0

I want my Amazon Simple Notification Service (Amazon SNS) topic to receive Amazon Relational Database Service (Amazon RDS) notifications.

Resolution

Check if your SNS topic is encrypted

1.    Open the Amazon SNS console.

2.    On the navigation panel, choose Topics, and then choose the topic that you want to receive an RDS notification.

3.    Choose the Encryption tab.

If you see Configured in the Encryption section, then your topic is encrypted. You also see your AWS KMS key (KMS key) and KMS ARN.

If your topic is encrypted, grant Amazon RDS the necessary permissions to access the AWS KMS key. For more information, see Turn on compatibility between event sources from AWS services and encrypted topics.

Note: For encrypted topics to receive Amazon RDS notifications, you must use an AWS KMS key to encrypt the SNS topic. You must modify the AWS KMS key policy to add the permissions for the operations: kms:GenerateDataKey* and kms:Decrypt.

If your topic isn't encrypted, continue to the Validate the access policy of your SNS topic section of this article.

Validate the access policy of your SNS topic

Your SNS access policy must have permissions to allow Amazon RDS to publish events to your SNS topic.

1.    Open the Amazon SNS console.

2.    On the navigation panel, choose Topics, and then choose the topic that you want to receive an RDS notification.

3.    Choose the Access policy tab.

If your SNS access policy doesn't allow Amazon RDS to publish events to your SNS topic, then complete the following steps to update your policy:

1.    In the Details section of your topic page, choose Edit.

2.    Expand the Access policy section, and then copy and paste the preceding policy into the JSON editor.

3.    Choose Save changes.

{
  "Version": "2012-10-17",
  "Id": "SNSAccessPolicy",
  "Statement": [
    {
      "Sid": "PolicyForRDSToSNS",
      "Effect": "Allow",
      "Principal": {
        "AWS": "*"
      },
      "Action": "SNS:Publish",
      "Resource": "your-SNS-topic-ARN",
      "Condition": {
        "ArnLike": {
          "aws:SourceArn": "arn:aws:rds:your-AWS-region:your-AWS-account-ID:*"
        }
      }
    }
  ]
}

Note: Update the placeholder values in the policy with your values.

Verify that your RDS event notification has the correct category selected for the type of event you're expecting

Choose the right category for the notification that you want. For example, if you want to receive notifications for instance restarts and shutdowns, then select the availability category and instances as the event source. The availability category covers the following events:

  • "RDS-EVENT-0006 : The DB instance restarted"
  • "RDS-EVENT-0004 : DB instance shutdown"
  • "RDS-EVENT-0022 : An error has occurred while restarting MySQL or MariaDB"

Check the configuration of the event subscription:

1.    Open the Amazon RDS console.

2.    On the navigation panel, choose Event subscriptions, and then choose your event subscription.

3.    In the Event subscription details section of your subscription page, note the values in the following fields: Source type, Sources, and Event categories.

4.    Choose the correct source and event category for the type of event that fits your use case.

Edit the configuration of the event subscription:

Note: The following steps assume a scenario where you want to receive notifications for all instance resources and shutdowns. For more information on the different types of supported events and their categories, see Amazon RDS event categories and event messages.

1.    On the navigation panel of the Amazon RDS console, choose Event subscriptions, and then choose your event subscription.

2.    On your subscription page, choose Actions, Edit.

3.    In the Source section, for Source Type, select Instances.

4.    For Instances to include, select All instances.

5.    For Event categories to include, select Select specific event categories.

6.    For Specific event categories, select availability.

7.    Choose Save.

Related information

Encrypting messages published to Amazon SNS with AWS KMS

AWS OFFICIAL
AWS OFFICIALUpdated a year ago