Skip to content

AayushiPatel123/kms_monitoring_alerts

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
Images
Images
 
 
.gitignore
.gitignore
 
 
LambdaAlert.py
LambdaAlert.py
 
 
README.md
README.md
 
 
data.tf
data.tf
 
 
iam.tf
iam.tf
 
 
kms.tf
kms.tf
 
 
main.tf
main.tf
 
 
provider.tf
provider.tf
 
 
terraform.tfvars
terraform.tfvars
 
 
variables.tf
variables.tf
 
 

Repository files navigation

Architectural Diagram

Diagram

Architectural Overview

The diagram presents a high-level view of a serverless notification system built on AWS cloud services, demonstrating the flow from triggering an event to the delivery of an email notification.

Components Involved:

KMS (Key Management Service): At the start, we have AWS KMS, which is used for encrypting and decrypting data. It ensures that sensitive information handled by the services is secured.
Event Source: This represents the initial action or event that triggers the workflow. The source interacts with AWS KMS to handle any necessary encryption or decryption tasks.
EventBridge: Upon a successful event occurrence, AWS EventBridge captures and forwards the event data. It acts as an event router, directing the information to the appropriate targets, such as an AWS Lambda function.
Lambda Function: The Lambda service receives the event data and executes the serverless function. This function processes the event and then interacts with Amazon SNS (Simple Notification Service) by publishing a message to an SNS topic.
SNS (Simple Notification Service): Amazon SNS receives the message from the Lambda function and proceeds to send the notification. It acts as a managed service that orchestrates the delivery of messages to subscribing endpoints or clients.
Email: The final step in the flow is the delivery of the email notification. The SNS topic is configured to send an email to the specified recipients.

Workflow Description:

  1. An event is generated by an 'Other User' or system, which involves interacting with AWS KMS for encryption or decryption.
  2. The event data is then sent to AWS EventBridge, which has been set up to trigger a specific AWS Lambda function.
  3. The triggered Lambda function processes the event and publishes a message to an SNS topic.
  4. SNS handles the dissemination of the message, in this case, formatting and sending it as an email notification to the intended recipients.

This architecture allows for scalable and flexible handling of events, with the ability to notify users via email efficiently. The use of AWS services such as KMS, EventBridge, Lambda, and SNS ensures that the system is secure, resilient, and manageable.

Requirements

Name Version
aws ~> 3.0

Providers

Name Version
archive 2.4.2
aws 3.76.1

Modules

No modules.

Resources

Name Type
aws_cloudwatch_event_rule.root_activity_events_rule resource
aws_cloudwatch_event_target.lambda_target resource
aws_cloudwatch_log_group.primary_lambda_log_group resource
aws_iam_policy.lambda_policy resource
aws_iam_role.lambda_role resource
aws_iam_role_policy_attachment.attach_iam_policy_to_iam_role resource
aws_kms_key.cloudwatch_kms_key resource
aws_kms_key.sns_key resource
aws_lambda_function.root_activity_lambda_function resource
aws_lambda_permission.primary_allow_events resource
aws_sns_topic.root_activity_sns_topic resource
aws_sns_topic_subscription.root_activity_sns_subscription resource
archive_file.lambda_package data source
aws_caller_identity.current data source
aws_region.current data source

Inputs

Name Description Type Default Required
cloudwatch_key_alias alias of the KMS Key for encrypting Cloudwatch logs. string "cloudwatch-logs-key" no
deletion_key_window_in_days The waiting period, specified in number of days. number 7 no
display_name The display name for the topic string "" no
event_name Name of the Cloudwatch Event string "" no
event_patterns Map of event patterns for CloudWatch events 
map(object({
    description   = string
    event_pattern = string
  }))
 null no
lambda_action The AWS Lambda action you want to allow in this statement. string "lambda:InvokeFunction" no
lambda_filename Path to the function's deployment package within the local filesystem string "" no
lambda_function_name Unique name for your Lambda Function string "" no
lambda_handler Function entrypoint in your code string "RootActivityLambda.lambda_handler" no
lambda_principal The principal who is getting this permission. string "events.amazonaws.com" no
lambda_runtime Identifier of the function's runtime. See Runtimes for valid values string "python3.8" no
lambda_statement_id A unique statement identifier. By default generated by Terraform string "AllowExecutionFromCloudWatch" no
lambda_timeout Amount of time your Lambda Function has to run in seconds. number 60 no
retention_in_days Specifies the number of days you want to retain log events in the specified log group. number 30 no
sns_key_alias alias of the KMS Key for encrypting SNS. string "sns-key" no
sns_subscription Map of SNS subscriptions, keyed by endpoint. 
map(object({
    endpoint = string
  }))
 null no

Outputs

No outputs.

About

infrastructure for monitoring kms key

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

 
 
 

Contributors

Languages