Send an Alert to Email

In this guide you'll learn how to enable Guardrails notifications and configure the notification rules to send email notifications. Similar configuration options exist to send notifications to Slack or Teams channels, and to generic webhooks. Our launch week announcement blog post includes a demo of notifications in action.

This is the eighth guide in the Getting started with AWS series.

Prerequisites:

  • Completion of the previous guides in this series.
  • Access to the Guardrails console with administrative privileges.

Step 1: Create policy setting

To enable notifications for your workspace, select Policies in the top navigation bar, and then search for turbot notifications. Select the Turbot > Notifications policy type.

Select the New Policy Setting button.

Step 2: Choose level

Select the Turbot root node as the resource.

Note

Notifications polices may only be created at the root level (aka Turbot level) of the resource hierarchy.

Step 3: Choose setting

Choose the Enabled setting. Then select Create.

Step 4: List notifications policies

Navigate back to the list of Notification policies by clicking on the word Notifications in the Turbot > Notifications breadcrumb.

Step 5: Select Rules policy

Select the Rule-Based Routing policy type from the list of policies.

Step 6: View the policy

Select New Policy Setting.

Step 7: Create notification rule

Again choose Turbot as the Resource. Copy and paste this rule, using one or more email addresses you want to notify.

- rules: NOTIFY $.control.state:alarm $.controlType.uri:'tmod:@turbot/aws-s3#/control/types/bucketVersioning'
emails:
- you@yourcompany.com

The rule will send an alert to the configured email address when any control enters the Alarm state for S3 bucket versioning.

Select Create.

Step 8: Find a bucket skipped by your calculated policy

Navigate to your bookmark for the Controls by State report, select the Type dropdown from the filter bar, and verify that the bucket you tagged in the calculated policy guide is still in the Skipped state.

Step 9: Trigger the notification

In the AWS console, update the tag value for the environment tag. Change its value from development to production.

The calculated policy setting, which had previously evaluated to Skip, now evaluates to Check: Enabled. Because you left the bucket’s versioning in the AWS default state – suspended – the bucket’s control for versioning now transitions to Alarm.

Step 10: Check your email

The alarm reported in the Guardrails console also appears in your inbox. You can alternatively configure Guardrails to send alerts to Slack or MS Teams.

Step 11: Review

In this guide you configured a simple notification rule and triggered a notification event.

Next Steps

In the next guide you’ll learn how to configure for Quick Actions so you can, for example, directly enable versioning on a bucket that’s now in the Alarm state and make it green.

Progress tracker

  • Prepare an AWS Account for Import to Guardrails
  • Connect an AWS Account to Guardrails
  • Observe AWS Resource Activity
  • Enable Your First Policy Pack
  • Review Account-Wide Governance
  • Create a Static Exception to a Guardrails Policy
  • Create a Calculated Exception to a Guardrails Policy
  • Send an Alert to Email
  • Apply a Quick Action
  • Enable Automatic Enforcement