AWS event configuration tutorial

This article steps you through configuring Amazon Web Services (AWS) for Pismo event notification delivery. This requires you to create two things in AWS:

  1. Simple Notification Service (SNS) topic

    SNS is a managed service that provides message delivery from publishers to subscribers. Publishers communicate asynchronously with subscribers by sending messages to a topic, which is a logical access point and communication channel.

  2. Identity and Access Management (IAM) role

    An IAM role is an IAM identity that you can create in your account that has specific permissions. An IAM role is similar to an IAM user, in that it is an AWS identity with permission policies that determine what the identity can and cannot do in AWS. However, instead of being uniquely associated with one person, a role is intended to be assumable by anyone who needs it.

AWS UI configuration

For this tutorial, you need:

  • An AWS account
  • Your Pismo organization/tenant ID
  • AWS data account ID (from Pismo)

To configure AWS for Pismo event notifications:

  1. Go to the Amazon Web Services website and log in to your AWS account.

  2. Go to the Amazon SNS dashboard. (Type SNS in Search and it appears.)

  3. From the Amazon SNS navigation, select Topics.

  1. Create a new topic:

    • Select Create topic.
    • Make sure you select Standard as the type. This should come up as the default.
    • Under Name, enter your topic's name.
    • Select Create Topic.
    • In the page that appears, note the ARN (Amazon Resource Name) field.
  2. Go to the IAM dashboard. (Type IAM in Search and it appears.)

  3. In the navigation menu, under Access Management, select Policies.

  1. Select Create policy in the upper-right.

  2. Select the JSON tab and enter the following:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "sns:Publish"
            ],
            "Resource": [
                "arn:aws:sns:us-east-1:<your AWS account ID>:<newly-created topic name>"
            ]
        }
    ]
}
  1. Select Next:Tags and Next:Review and give the policy a Name. After, select Create policy.

  2. Return to the IAM dashboard home page and select Roles under Access Management. Then, select Create role.

  3. Select AWS account, then Next.

  4. On the page that appears, select the policy you just created and select Next again.

  5. On the Name, review and create page that appears, enter a name for your role and select Create role.

Provide Pismo with:

  • The IAM role ARN

    For example - arn:aws:iam::303421646629:role/test-pismo-integration-role

  • The SNS topic ARN

    For example - arn:aws:iam:::

Pismo will provide you with an IAM Role to complete the configuration.

Complete configuration with Pismo's IAM Role

  1. Return to the IAM dashboard home page and select Roles under Access Management. Then, click on the role you created for this integration.

  2. Select Trust Relationships. In the text box that appears, click on Edit trust policy and enter:

{
   "Version": "2012-10-17",
   "Statement": [
       {
           "Effect": "Allow",
           "Action": [
               "sts:AssumeRole"
           ],
           "Principal": {
               "AWS": "arn:aws:iam::<AWS data account ID>:role/dataplatform-lambda-fn-<Tenant/Org ID>",
               "Service": "lambda.amazonaws.com"
           }
       }
   ]
}

Note: The Tenant/Org ID you enter here must be lowercase.

  1. Select Update policy.

Did this page help you?