I am trying to configure an custodian policy which will do some basic filtering and send the details of the match to specific user via mail(SNS).
I can able to send the email to the user but I couldn't edit the mail subject or mail body, instead am getting default mail subject and some random text in mail body.
My custodian policy:
policies:
- name: iam-user-permission-check
resource: aws.iam-user
description: |
Finding IAM users with specific tags.
filters:
- and:
- type: check-permissions
match: allowed
actions:
- '*:*'
- "tag:c7n": "absent"
actions:
- type: notify
subject: "IAM Users Without Proper Tags"
template: |
The following IAM users match the filter criteria:
{% for user in resources %}
- IAM User: {{ user.UserName }}
Tags: {{ user.Tags }}
{% endfor %}
transport:
type: sns
topic: <sns-topic-arn>
region: us-east-1
I did some research, all I get it to use c7n-mailer with SES by passing SQS queue in mailer.html, can't it be done by using SNS?
What am I missing here ?
Look at input transformer or Lambda option to modify the email notification body and only receive a required content.
I had these settings many times and worked.