Track Alerts Through Amazon Simple Notification Service

Amazon Simple Notification Service (Amazon SNS) is a web service that enables applications, end-users, and devices to send and receive notifications instantly from the cloud. For more information, see Amazon Simple Notification Service Developer Guide.

AWS Control Tower uses Amazon SNS to send programmatic alerts to the email addresses of your management account and your audit account. These alerts help you prevent drift within your landing zone. For more information, see Detect and resolve drift in AWS Control Tower.

We also use Amazon Simple Notification Service to send compliance notifications from AWS Config.

Tip

One of the best ways to receive AWS Control Tower control compliance notifications (in your audit account) is to subscribe to AggregateConfigurationNotifications. It is a service that helps you inspect compliance. It gives you real data about AWS Config rules going out of compliance. AWS Config automatically maintains the list of accounts in your OU.

You must subscribe manually, using email or any type of subscription that SNS allows. The statement arn:aws:sns:homeregion:account:aws-controltower-AggregateSecurityNotifications leads to your audit account.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS Service Catalog

Step Functions