Stack notifications disabled

Docs > Plateforme de sécurité Datadog > Code Security > Infrastructure as Code (IaC) Security > IaC Security Rules > Stack notifications disabled

Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

Metadata

Id: b72d0026-f649-4c91-a9ea-15d8f681ac09

Cloud Provider: aws

Framework: Terraform

Severity: Medium

Category: Observability

Learn More

Provider Reference

Description

Enabling stack notifications in AWS CloudFormation ensures that administrators are promptly informed about critical events such as stack creation, updates, or failures. Without specifying the notification_arns attribute in the Terraform resource, as shown below, important operational or security changes may go unnoticed, potentially delaying response to incidents or failures:

resource "aws_cloudformation_stack" "example" {
  name = "networking-stack"
  parameters = {
    VPCCidr = "10.0.0.0/16"
  }
  notification_arns = ["arn:aws:sns:us-east-1:123456789012:my-sns-topic"]
}

Missing notifications can lead to undetected application outages or misconfigurations, increasing the risk to your cloud infrastructure.

Compliant Code Examples

resource "aws_cloudformation_stack" "negative1" {

  name = "networking-stack"

  parameters = {
    VPCCidr = "10.0.0.0/16"
  }


  notification_arns = ["a","b"]

}

Non-Compliant Code Examples

resource "aws_cloudformation_stack" "positive1" {

  name = "networking-stack"

  parameters = {
    VPCCidr = "10.0.0.0/16"
  }


}