This is the new *CloudFormation Template Reference Guide*. Please update your bookmarks and links. For help getting started with CloudFormation, see the [AWS CloudFormation User Guide](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/Welcome.html). # AWS::FMS::NotificationChannel Designates the IAM role and Amazon Simple Notification Service (SNS) topic to use to record SNS logs. To perform this action outside of the console, you must configure the SNS topic to allow the role `AWSServiceRoleForFMS` to publish SNS logs. For more information, see [Firewall Manager required permissions for API actions](https://docs.aws.amazon.com/waf/latest/developerguide/fms-api-permissions-ref.html) in the *AWS Firewall Manager Developer Guide*. ## Syntax To declare this entity in your CloudFormation template, use the following syntax: ### JSON ``` { "Type" : "AWS::FMS::NotificationChannel", "Properties" : { "[SnsRoleName](#cfn-fms-notificationchannel-snsrolename)" : String, "[SnsTopicArn](#cfn-fms-notificationchannel-snstopicarn)" : String } } ``` ### YAML ``` Type: AWS::FMS::NotificationChannel Properties: [SnsRoleName](#cfn-fms-notificationchannel-snsrolename): String [SnsTopicArn](#cfn-fms-notificationchannel-snstopicarn): String ``` ## Properties `SnsRoleName` The Amazon Resource Name (ARN) of the IAM role that allows Amazon SNS to record AWS Firewall Manager activity. *Required*: Yes *Type*: String *Pattern*: `^([^\s]+)$` *Minimum*: `1` *Maximum*: `1024` *Update requires*: [No interruption](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-no-interrupt) `SnsTopicArn` The Amazon Resource Name (ARN) of the SNS topic that collects notifications from AWS Firewall Manager. *Required*: Yes *Type*: String *Pattern*: `^([^\s]+)$` *Minimum*: `1` *Maximum*: `1024` *Update requires*: [Replacement](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/using-cfn-updating-stacks-update-behaviors.html#update-replacement) ## Return values ### Ref The `Ref` for this resource returns the `SnsTopicArn`. This is the Amazon Resource Name (ARN) that uniquely identifies the Amazon Simple Notification Service (Amazon SNS) topic. For example, `arn:aws:sns:us-west-2:111122223333:MyTopic`. For more information about SNS, see [Amazon Simple Notification Service Resource Type Reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_SNS.html). When you pass the logical ID of this resource to the intrinsic `Ref` function, `Ref` returns the resource physical ID, such as 1234a1a-a1b1-12a1-abcd-a123b123456. For more information about using the `Ref` function, see [https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html](https://docs.aws.amazon.com/AWSCloudFormation/latest/TemplateReference/intrinsic-function-reference-ref.html). ## Examples ### Create a Firewall Manager notification channel The following shows an example SNS notification channel for Firewall Manager. #### YAML ``` NotificationChannel: Type: AWS::FMS::NotificationChannel Properties: SnsRoleName: !Sub arn:aws:iam::${AWS::AccountId}:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS SnsTopicArn: !Ref SnsTopic ``` #### JSON ``` "NotificationChannel": { "Type": "AWS::FMS::NotificationChannel", "Properties": { "SnsRoleName": { "Fn::Sub": "arn:aws:iam::${AWS::AccountId}:role/aws-service-role/fms.amazonaws.com/AWSServiceRoleForFMS" }, "SnsTopicArn": { "Ref": "SnsTopic" } } } ```