AWS::FMS::NotificationChannel

Designates the IAM role and Amazon Simple Notification Service (SNS) topic to use to record SNS logs.

To perform this action outside of the console, you must configure the SNS topic to allow the role AWSServiceRoleForFMS to publish SNS logs. For more information, see Firewall Manager required permissions for API actions in the Amazon Firewall Manager Developer Guide.

Syntax

To declare this entity in your Amazon CloudFormation template, use the following syntax:

{
  "Type" : "AWS::FMS::NotificationChannel",
  "Properties" : {
      "SnsRoleName" : String,
      "SnsTopicArn" : String
    }
}

Type: AWS::FMS::NotificationChannel
Properties:
  SnsRoleName: String
  SnsTopicArn: String

Properties

Return values

Ref

The Ref for this resource returns the SnsTopicArn. This is the Amazon Resource Name (ARN) that uniquely identifies the Amazon Simple Notification Service (Amazon SNS) topic. For example, arn:aws:sns:us-west-2:111122223333:MyTopic. For more information about SNS, see Amazon Simple Notification Service Resource Type Reference.

When you pass the logical ID of this resource to the intrinsic Ref function, Ref returns the resource physical ID, such as 1234a1a-a1b1-12a1-abcd-a123b123456.

For more information about using the Ref function, see Ref.

Examples

Create a Firewall Manager notification channel

The following shows an example SNS notification channel for Firewall Manager.

NotificationChannel:
    Type: AWS::FMS::NotificationChannel
    Properties:
      SnsRoleName: !Sub arn:aws:iam::${AWS::AccountId}:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS
      SnsTopicArn: !Ref SnsTopic

"NotificationChannel": {
    "Type": "AWS::FMS::NotificationChannel",
    "Properties": {
        "SnsRoleName": {
            "Fn::Sub": "arn:aws:iam::${AWS::AccountId}:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS"
        },
        "SnsTopicArn": {
            "Ref": "SnsTopic"
        }
    }
}