End of support notice: On May 20, 2026, Amazon will end support for Amazon IoT Events. After May 20, 2026, you will no longer be able to access the Amazon IoT Events console or Amazon IoT Events resources. For more information, see [Amazon IoT Events end of support](https://docs.amazonaws.cn/iotevents/latest/developerguide/iotevents-end-of-support.html).
# Creating a Lambda function in Amazon IoT Events
Amazon IoT Events provides a Lambda function that enables alarms to send and receive email and SMS notifications.
## Requirements
The following requirements apply when you create a Lambda function for alarms:
+ If your alarm sends SMS notifications, ensure Amazon SNS is configured to deliver SMS messages.
+ If your alarm sends email or SMS notifications, you must have an IAM role that allows Amazon Lambda to work with Amazon SES and Amazon SNS.
Example policy:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"ses:GetIdentityVerificationAttributes",
"ses:SendEmail",
"ses:VerifyEmailIdentity"
],
"Resource": "*"
},
{
"Effect": "Allow",
"Action": [
"sns:Publish",
"sns:OptInPhoneNumber",
"sns:CheckIfPhoneNumberIsOptedOut",
"sms-voice:DescribeOptedOutNumbers"
],
"Resource": "*"
},
{
"Effect": "Deny",
"Action": "sns:Publish",
"Resource": "arn:aws-cn:sns:*:*:*"
},
{
"Effect" : "Allow",
"Action" : [
"logs:CreateLogGroup",
"logs:CreateLogStream",
"logs:PutLogEvents"
],
"Resource" : "*"
}
]
}
```
------
+ You must choose the same Amazon Region for both Amazon IoT Events and Amazon Lambda. For the list of supported Regions, see [Amazon IoT Events endpoints and quotas](https://docs.amazonaws.cn/general/latest/gr/iot-events.html) and [Amazon Lambda endpoints and quotas](https://docs.amazonaws.cn/general/latest/gr/lambda-service.html) in the *Amazon Web Services General Reference*.
For more information, see [What is Amazon Lambda?](https://docs.amazonaws.cn/lambda/latest/dg/welcome.html) in the *Amazon Lambda Developer Guide*.
## CloudFormation template
Use the following CloudFormation template to create your Lambda function.
```
AWSTemplateFormatVersion: '2010-09-09'
Description: 'Notification Lambda for Alarm Model'
Resources:
NotificationLambdaRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Statement:
- Effect: Allow
Principal:
Service: lambda.amazonaws.com
Action: sts:AssumeRole
Path: "/"
ManagedPolicyArns:
- 'arn:aws-cn:iam::aws:policy/AWSLambdaExecute'
Policies:
- PolicyName: "NotificationLambda"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Action:
- "ses:GetIdentityVerificationAttributes"
- "ses:SendEmail"
- "ses:VerifyEmailIdentity"
Resource: "*"
- Effect: "Allow"
Action:
- "sns:Publish"
- "sns:OptInPhoneNumber"
- "sns:CheckIfPhoneNumberIsOptedOut"
- "sms-voice:DescribeOptedOutNumbers"
Resource: "*"
- Effect: "Deny"
Action:
- "sns:Publish"
Resource: "arn:aws-cn:sns:*:*:*"
NotificationLambdaFunction:
Type: AWS::Lambda::Function
Properties:
Role: !GetAtt NotificationLambdaRole.Arn
Runtime: python3.7
Handler: index.lambda_handler
Timeout: 300
MemorySize: 3008
Code:
ZipFile: |
import boto3
import json
import logging
import datetime
logger = logging.getLogger()
logger.setLevel(logging.INFO)
ses = boto3.client('ses')
sns = boto3.client('sns')
def check_value(target):
if target:
return True
return False
# Check whether email is verified. Only verified emails are allowed to send emails to or from.
def check_email(email):
if not check_value(email):
return False
result = ses.get_identity_verification_attributes(Identities=[email])
attr = result['VerificationAttributes']
if (email not in attr or attr[email]['VerificationStatus'] != 'Success'):
logging.info('Verification email for {} sent. You must have all the emails verified before sending email.'.format(email))
ses.verify_email_identity(EmailAddress=email)
return False
return True
# Check whether the phone holder has opted out of receiving SMS messages from your account
def check_phone_number(phone_number):
try:
result = sns.check_if_phone_number_is_opted_out(phoneNumber=phone_number)
if (result['isOptedOut']):
logger.info('phoneNumber {} is not opt in of receiving SMS messages. Phone number must be opt in first.'.format(phone_number))
return False
return True
except Exception as e:
logging.error('Your phone number {} must be in E.164 format in SSO. Exception thrown: {}'.format(phone_number, e))
return False
def check_emails(emails):
result = True
for email in emails:
if not check_email(email):
result = False
return result
def lambda_handler(event, context):
logging.info('Received event: ' + json.dumps(event))
nep = json.loads(event.get('notificationEventPayload'))
alarm_state = nep['alarmState']
default_msg = 'Alarm ' + alarm_state['stateName'] + '\n'
timestamp = datetime.datetime.utcfromtimestamp(float(nep['stateUpdateTime'])/1000).strftime('%Y-%m-%d %H:%M:%S')
alarm_msg = "{} {} {} at {} UTC ".format(nep['alarmModelName'], nep.get('keyValue', 'Singleton'), alarm_state['stateName'], timestamp)
default_msg += 'Sev: ' + str(nep['severity']) + '\n'
if (alarm_state['ruleEvaluation']):
property = alarm_state['ruleEvaluation']['simpleRule']['inputProperty']
default_msg += 'Current Value: ' + str(property) + '\n'
operator = alarm_state['ruleEvaluation']['simpleRule']['operator']
threshold = alarm_state['ruleEvaluation']['simpleRule']['threshold']
alarm_msg += '({} {} {})'.format(str(property), operator, str(threshold))
default_msg += alarm_msg + '\n'
emails = event.get('emailConfigurations', [])
logger.info('Start Sending Emails')
for email in emails:
from_adr = email.get('from')
to_adrs = email.get('to', [])
cc_adrs = email.get('cc', [])
bcc_adrs = email.get('bcc', [])
msg = default_msg + '\n' + email.get('additionalMessage', '')
subject = email.get('subject', alarm_msg)
fa_ver = check_email(from_adr)
tas_ver = check_emails(to_adrs)
ccas_ver = check_emails(cc_adrs)
bccas_ver = check_emails(bcc_adrs)
if (fa_ver and tas_ver and ccas_ver and bccas_ver):
ses.send_email(Source=from_adr,
Destination={'ToAddresses': to_adrs, 'CcAddresses': cc_adrs, 'BccAddresses': bcc_adrs},
Message={'Subject': {'Data': subject}, 'Body': {'Text': {'Data': msg}}})
logger.info('Emails have been sent')
logger.info('Start Sending SNS message to SMS')
sns_configs = event.get('smsConfigurations', [])
for sns_config in sns_configs:
sns_msg = default_msg + '\n' + sns_config.get('additionalMessage', '')
phone_numbers = sns_config.get('phoneNumbers', [])
sender_id = sns_config.get('senderId')
for phone_number in phone_numbers:
if check_phone_number(phone_number):
if check_value(sender_id):
sns.publish(PhoneNumber=phone_number, Message=sns_msg, MessageAttributes={'AWS.SNS.SMS.SenderID':{'DataType': 'String','StringValue': sender_id}})
else:
sns.publish(PhoneNumber=phone_number, Message=sns_msg)
logger.info('SNS messages have been sent')
```