- Step 1: Create policy setting
- Step 2: Choose level
- Step 3: Choose setting
- Step 4: List notifications policies
- Step 5: Select Rules policy
- Step 6: View the policy
- Step 7: Create notification rule
- Step 8: Find a bucket skipped by your calculated policy
- Step 9: Trigger the notification
- Step 10: Check your email
- Step 11: Review
- Next Steps
- Progress tracker
Send an Alert to Email
In this guide you'll learn how to enable Guardrails notifications and configure the notification rules to send email notifications. Similar configuration options exist to send notifications to Slack or Teams channels, and to generic webhooks. Our launch week announcement blog post includes a demo of notifications in action.
This is the eighth guide in the Getting started with AWS series.
Prerequisites:
- Completion of the previous guides in this series.
- Access to the Guardrails console with administrative privileges.
Step 1: Create policy setting
To enable notifications for your workspace, select Policies in the top navigation bar, and then search for turbot notifications
. Select the Turbot > Notifications policy type.
Select the New Policy Setting button.
Step 2: Choose level
Select the Turbot root node as the resource.
NoteNotifications polices may only be created at the root level (aka Turbot level) of the resource hierarchy.
Step 3: Choose setting
Choose the Enabled setting. Then select Create.
Step 4: List notifications policies
Navigate back to the list of Notification policies by clicking on the word Notifications
in the Turbot > Notifications
breadcrumb.
Step 5: Select Rules policy
Select the Rule-Based Routing policy type from the list of policies.
Step 6: View the policy
Select New Policy Setting.
Step 7: Create notification rule
Again choose Turbot as the Resource. Copy and paste this rule, using one or more email addresses you want to notify.
- rules: NOTIFY $.control.state:alarm $.controlType.uri:'tmod:@turbot/aws-s3#/control/types/bucketVersioning' emails: - you@yourcompany.com
The rule will send an alert to the configured email address when any control enters the Alarm
state for S3 bucket versioning.
Select Create.
Step 8: Find a bucket skipped by your calculated policy
Navigate to your bookmark for the Controls by State report, select the Type dropdown from the filter bar, and verify that the bucket you tagged in the calculated policy guide is still in the Skipped
state.
Step 9: Trigger the notification
In the AWS console, update the tag value for the environment
tag. Change its value from development
to production
.
The calculated policy setting, which had previously evaluated to Skip
, now evaluates to Check: Enabled
. Because you left the bucket’s versioning in the AWS default state – suspended – the bucket’s control for versioning now transitions to Alarm
.
Step 10: Check your email
The alarm reported in the Guardrails console also appears in your inbox. You can alternatively configure Guardrails to send alerts to Slack or MS Teams.
Step 11: Review
In this guide you configured a simple notification rule and triggered a notification event.
Next Steps
In the next guide you’ll learn how to configure for Quick Actions so you can, for example, directly enable versioning on a bucket that’s now in the Alarm
state and make it green.
Progress tracker
- Prepare an AWS Account for Import to Guardrails
- Connect an AWS Account to Guardrails
- Observe AWS Resource Activity
- Enable Your First Policy Pack
- Review Account-Wide Governance
- Create a Static Exception to a Guardrails Policy
- Create a Calculated Exception to a Guardrails Policy
- Send an Alert to Email
- Apply a Quick Action
- Enable Automatic Enforcement