# Creating your first notification configuration in AWS User Notifications Creating your first notification configuration To get started using User Notifications to help manage your notifications, use the following steps to create a notification configuration. **Topics** + [ ## Step 1: Creating a notification configuration ](#getting-started-step1) + [ ## Step 2: Viewing notifications ](#getting-started-step2) + [ ## Next steps ](#getting-started-next-steps) + [ # Filtering event rules using customized JSON event patterns in AWS User Notifications ](common-usecases.md) ## Step 1: Creating a notification configuration To receive AWS notifications, you must first create notification configurations. A notification configuration is a container for the services and event rules that you want to be notified about. An event rule specifies what events generate a notification and which delivery channels to use. You can also create notification configurations and receive notifications using the AWS User Notifications API. For more information, see the [AWS User Notifications API Reference](https://docs.aws.amazon.com/notifications/latest/APIReference/Welcome.html). **Note** You must select a notification hub in the following procedure. A notification hub is where User Notifications stores your notification data. For more information about notification hubs, see [Storing, processing, and replicating notifications using notification hubs in AWS User Notifications](notification-hubs.md). **To create a notification configuration** 1. Open User Notifications in the [AWS Management Console](https://console.aws.amazon.com/notifications/): 1. Choose the bell icon in the top navigation bar. 1. Choose **Notification center**. 1. In the navigation pane, choose **Notification configurations**. 1. Choose **Create notification configuration**. 1. Select at least one notification hub. 1. **Add a name and description:** 1. Enter a name for your configuration. 1. (Optional) Enter a description for your configuration. 1. **Create an Event Rule:** 1. For **AWS service name**, select the name of an AWS service to use as the event source. 1. For **Event type**, select event types. 1. For **Regions**, select the AWS Regions where your service data is located. **Note** You can filter event rules further by using the code editor under **Advanced filter (optional)**. The **Advanced filter** doesn't currently support wildcards. To view examples of Event Patterns that you can use, see [Filtering event rules using customized JSON event patterns in AWS User Notifications](common-usecases.md). 1. **Define aggregation settings:** **Tip** Aggregation settings reduce the number of notifications that you receive by combining multiple events into fewer notifications based on the option you choose. Aggregation settings are turned on by default. We recommend you use aggregation settings. 1. Choose if you would like to **Receive within 5 minutes (recommended)**, **Receive within 12 hours**, or **Do not aggregate**. **Tip** Choose **Receive fewer notifications** for low priority notifications. Choose **Reduce notifications delivery time** for high priority notifications. 1. **(Optional) Add delivery channels:** 1. Select your delivery channels. We recommend that you view an event before adding additional recipients. ------ #### [ Email ] **Note** A verification email is sent to newly added email addresses once you create the notification configuration. You can generate another verification email for pending addresses by choosing **Reverify**. The recipient must be signed in to the AWS account that added the email address to complete the verification process. The verification link directs to the AWS Management Console. 1. Choose **Add emails**. **Tip** You can use your email distribution lists as an email delivery channel to easily subscribe multiple email addresses to User Notifications with a single verification flow. You can separately add and remove emails to the distribution list without requiring further verification with User Notifications. 1. For **Recipient**, enter or choose the recipient's email address. 1. For **Name**, enter the recipient's name. 1. (Optional) Choose **Add another recipient** to add more recipients. 1. Choose **Add emails**. ------ #### [ Amazon Q Developer ] 1. For **Channel**, add a new channel or select the existing channels you want to send notifications to. **Note** For more information about Amazon Q Developer in chat applications, see [What is Amazon Q Developer in chat applications?](https://docs.aws.amazon.com/chatbot/latest/adminguide/what-is.html) in the *Amazon Q Developer in chat applications Administrator Guide*. ------ #### [ AWS Console Mobile Application ] **Note** Before you add a mobile device as a delivery channel, you must: Add the appropriate IAM permissions to make mobile device available in theUser Notifications console. For more information, see [IAM permissions for listing mobile devices as delivery channels](https://docs.aws.amazon.com/consolemobileapp/latest/userguide/permissions-policies.html) in the *AWS Console Mobile Application User Guide*. Install the AWS Console Mobile Application on to your device with push notifications enabled. Note that the notifications you receive are push notifications, not Short Message Service (SMS). For more information, see [Step 1: Get started with push notifications](https://docs.aws.amazon.com/consolemobileapp/latest/userguide/managing-notifications.html#step-1-get-started-with-push-notifications) in the *AWS Console Mobile Application User Guide*. 1. For **Device**, select the devices you want to send notifications to. ------ 1. **(Optional) Manage tags:** **Tip** A tag is a label that you assign to an AWS resource. Tags help you organize your resources. For more information, see [Tagging your resources](tagging-resources.md). 1. For **Key**, enter the key name you want to use. 1. (Optional) For **Value**, enter a value for the specified key. 1. (Optional) Choose **Add new tag** to add more tags. 1. Review your configuration and confirm its details. 1. Choose **Create notification configuration**. ### Configuring notifications across accounts If you want to receive notifications from multiple accounts, follow the instructions in [ Sending and receiving Amazon EventBridge events between AWS accounts](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-cross-account.html). Once you set up a receiver account, create a notification configuration that reacts to events by following the previous instructions. ## Step 2: Viewing notifications Once you create your notification configurations in your account, any events matching an event rule generate a notification in the AWS Management Console. You can view notifications from the console Navigation bar and in the **Console Notification Center**. You can also view notifications from your chosen delivery channels. **To view notifications from the Navigation bar** **Note** The bell icon in the console Navigation bar shows a red badge when new notifications are available. 1. Choose the bell icon to view notifications related to your account. 1. To view additional details about a notification, select the notification. **To view notifications in the Console Notification Center** 1. Open User Notifications in the [AWS Management Console](https://console.aws.amazon.com/). 1. View the list of **Notifications** available in the account. 1. To view additional details about a notification, select the notification. **To view notifications in the AWS Console Mobile Application** **Note** The bell icon in the tab menu of the app shows a blue badge when new notifications are available. 1. Open the Console Mobile Application. 1. Choose **Notifications** from the tab menu at the bottom of your device. 1. To view additional details about a notification, select the notification in your inbox. **To view notifications in your chat channel** 1. Open your chat client. 1. Open the chat channel that you selected when you set up your delivery channels. 1. View the notifications available in the chat channel. **Tip** If you're not seeing any notifications, see [Troubleshooting AWS User Notifications](user-notifications-troubleshooting.md) ## Next steps After you create a notification configuration, you can explore some of the following topics: + [Filtering event rules using customized JSON event patterns in AWS User Notifications](common-usecases.md) + [Delivery channels in AWS User Notifications](managing-delivery-channels.md) # Filtering event rules using customized JSON event patterns in AWS User Notifications Filtering event rules using customized JSON event patterns Event rules are used to receive notifications about specific events. To apply additional filters to your event rules, you can customize event patterns for those rules. Advanced filtering options include: + Suffix filtering - match against characters at the end of a value + \$1or matching - use a single rule to check if conditions across several different fields are true + Equals-ignore-case - ignore case sensitivity **Note** Wildcards aren't currently supported. This topic includes JSON samples for commonly used event patterns and additional information on the EventBridge console's rule builder. For more event pattern examples, see [Content filtering in Amazon EventBridge event patterns](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-event-patterns-content-based-filtering.html) in the *Amazon EventBridge User Guide*. Managed rules include event patterns that are required by the service to manage your notifications. **Note** Additional filters you create for your notification preferences don't appear in the corresponding managed event rules in EventBridge. The managed rules created by User Notifications in EventBridge contain only the base event patterns necessary for routing notifications. For more information, see [Amazon EventBridge managed rules in AWS User Notifications](ev-managed-rules.md). **Tip** By default, User Notifications adds the service and event type to the event rule. You can include them in the **Advanced filter**, but they aren't required. For assistance while building your event patterns, you can use the [EventBridge console's rule builder](https://us-west-2.console.aws.amazon.com/events/home?region=us-east-1#/rules/create). Use the Event Pattern Builder and the in-place tester to try out your patterns. You aren't required to complete the **Create rule** workflow to use the rule builder. **Topics** + [ ## AWS Health events about specific services and event type categories ](#specific-services) + [ ## Amazon EC2 instance state changed to "terminated", "stopping", "stopped", or "shutting-down" ](#ec2-solo) + [ ## Specific Amazon CloudWatch alarm in alarm state ](#root-user) + [ ## Root user sign-in without multi-factor authentication ](#root-user-mfa) + [ ## Amazon GuardDuty findings with medium and high severity ](#guardduty-event) ## AWS Health events about specific services and event type categories The following event pattern creates a rule to monitor events for the `issue`, `accountNotification`, and `scheduledChange` event type categories for Amazon EC2, Amazon EC2 Auto Scaling, and Amazon Virtual Private Cloud. For more information, see [Monitoring AWS Health events with Amazon EventBridge](https://docs.aws.amazon.com/health/latest/ug/cloudwatch-events-health.html) in the *AWS Health User Guide*. **To use the following JSON code:** 1. Create or edit a notification configuration in the [User Notifications console](https://console.aws.amazon.com/notifications/). 1. **Create an Event Rule:** 1. For **AWS service name**, select **Health**. 1. For **Event Type**, select **Specific Health Events**. 1. For **Regions**, select the AWS Regions where your service data is located. 1. In **Advanced filter**, paste the following JSON code. ``` { "detail": { "eventTypeCategory": [ "issue", "accountNotification", "scheduledChange" ], "service": [ "AUTOSCALING", "VPC", "EC2" ] } } ``` ## Amazon EC2 instance state changed to "terminated", "stopping", "stopped", or "shutting-down" The following event pattern matches `terminated`, `stopping`, `stopped`, and `shutting-down` state changes for all Amazon EC2 instances. For more information, see [State change events for Amazon EC2 instances](https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/monitoring-instance-state-changes.html) in the *Amazon EC2 User Guide*. **To use the following JSON code:** 1. Create or edit a notification configuration in the [User Notifications console](https://console.aws.amazon.com/notifications/). 1. **Create an Event Rule:** 1. For **AWS service name**, select **EC2**. 1. For **Event Type**, select **EC2 Instance State-Change Notification**. 1. For **Regions**, select the AWS Regions where your service data is located. 1. In **Advanced filter**, paste the following JSON code. ``` { "detail": { "state": ["terminated", "stopping", "stopped", "shutting-down"] } } ``` ## Specific Amazon CloudWatch alarm in alarm state The following event pattern allows you to specify CloudWatch alarms in the `ALARM` state by using resource ARNs. For more information, see [Alarm events and EventBridge](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/cloudwatch-and-eventbridge.html.html) in the *Amazon CloudWatch User Guide*. **To use the following JSON code:** 1. Create or edit a notification configuration in the [User Notifications console](https://console.aws.amazon.com/notifications/). 1. **Create an Event Rule:** 1. For **AWS service name**, select **CloudWatch**. 1. For **Event Type**, select **CloudWatch alarm state change**. 1. For **Regions**, select the AWS Regions where your service data is located. 1. In **Advanced filter**, paste the following JSON code. ``` { "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:BillingAlarm", "arn:aws:cloudwatch:us-east-1:123456789012:alarm:TestAlarm" ], "detail": { "state": { "value": [ "ALARM" ] } } } ``` ## Root user sign-in without multi-factor authentication The following event pattern allows you to monitor root user sign-in without multi-factor authentication (MFA). For more information, see [AWS Management Console sign-in events](https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-aws-console-sign-in-events.html) in the *AWS CloudTrail User Guide*. **To use the following JSON code:** 1. Create or edit a notification configuration in the [User Notifications console](https://console.aws.amazon.com/notifications/). 1. **Create an Event Rule:** 1. For **AWS service name**, select **AWS Management Console Sign-in**. 1. For **Event Type**, select **Sign-in events**. 1. For **Regions**, select the AWS Regions where your service data is located. 1. In **Advanced filter**, paste the following JSON code. ``` { "detail": { "userIdentity": { "type": ["Root"] }, "additionalEventData": { "MFAUsed": ["No"] } } } ``` ## Amazon GuardDuty findings with medium and high severity The following event pattern allows you to monitor GuardDuty findings with medium and high severity. For more information, see [Severity levels for GuardDuty findings](https://docs.aws.amazon.com/guardduty/latest/ug/guardduty_findings.html#guardduty_findings-severity) in the *Amazon GuardDuty User Guide*. **To use the following JSON code:** 1. Create or edit a notification configuration in the [User Notifications console](https://console.aws.amazon.com/notifications/). 1. **Create an Event Rule:** 1. In **Event rule**, for **AWS service name**, select **GuardDuty**. 1. For **Event Type**, select **GuardDuty Finding**. 1. For **Regions**, select the AWS Regions where your service data is located. 1. In **Advanced filter**, paste the following JSON code. ``` { "detail-type": [ "GuardDuty Finding" ], "source": [ "aws.guardduty" ], "detail": { "severity": [{ "numeric": [">=", 4] }] } } ```