AWS event configuration tutorial

This article steps you through configuring Amazon Web Services (AWS) for Pismo event notification delivery. This requires you to create two things in AWS:

  1. Simple Notification Service (SNS) topic

    SNS is a managed service that provides message delivery from publishers to subscribers. Publishers communicate asynchronously with subscribers by sending messages to a topic, which is a logical access point and communication channel.

  2. Identity and Access Management (IAM) role

    An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.

For this tutorial, you need:

  • An AWS account
  • Your Pismo organization/tenant ID
  • AWS data account ID (from Pismo)

To configure AWS for Pismo event notifications:

  1. Go to the Amazon Web Services website and log in to your AWS account.

  2. Go to the Amazon SNS dashboard. (Type SNS<enter> in Search and it appears.)

  3. From the Amazon SNS navigation, select Topics.

  1. Create a new topic:

    • Select Create topic.
    • Make sure you select Standard as the type. This should come up as the default.
    • Under Name, enter your topic's name.
    • Select Create Topic.
    • In the page that appears, note the ARN (Amazon Resource Name) field.
  2. Go to the IAM dashboard. (Type IAM<enter> in Search and it appears.)

  3. In the navigation menu, under Access Management, select Policies.

  1. Select Create policy in the upper-right.

  2. Select the JSON tab and enter the following:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "sns:Publish"
            ],
            "Resource": [
                "arn:aws:sns:us-east-1:<AWS data account ID>:my-pismo-integration-topic"
            ]
        }
    ]
}
  1. Select Next:Tags and Next:Review and give the policy a Name. After, select Create policy.

  2. Return to the IAM dashboard home page and select Roles under Access Management. Then, select Create role.

  3. Select Custom trust policy.

    In the text box that appears, enter:

{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Effect": "Allow",
           "Action": [
               "sts:AssumeRole"
           ],
           "Principal": {
               "AWS": "arn:aws:iam::<AWS data account ID>:role/dataplatform-lambda-fn-<Tenant/Org ID>",
               "Service": "lambda.amazonaws.com"
           }
       }
   ]
}

Note: The Tenant/Org ID you enter here must be lowercase. **

  1. Select Next. On the page that appears, select the policy you just created and select Next again.

  2. On the Name, review and create page that appears, enter a name for your role and select Create role.

Provide Pismo with:

  • The IAM role ARN.

    For example - arn:aws:iam::303421646629:role/test-pismo-integration-role

  • The SNS topic policy ARN.

    For example - arn:aws:iam::303421646629:policy/MySNSpolicy


Did this page help you?