Stack notifications disabled

이 제품은 선택한 Datadog 사이트에서 지원되지 않습니다. ().
이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

Id: d39761d7-94ab-45b0-ab5e-27c44e381d58

Cloud Provider: AWS

Platform: Ansible

Severity: Low

Category: Observability

Learn More

Description

CloudFormation stacks should publish notifications so operators are alerted to important stack events, such as failed deployments or unexpected stack changes. Without notifications, security incidents or configuration drift can go undetected and response times increase. In Ansible, tasks using the amazon.aws.cloudformation or legacy cloudformation module must define the notification_arns parameter and set it to one or more SNS topic ARNs. Resources missing notification_arns are flagged for remediation.

Secure example:

- name: Create or update CloudFormation stack with notifications
  amazon.aws.cloudformation:
    stack_name: my-stack
    state: present
    template_body: "{{ lookup('file', 'template.yaml') }}"
    notification_arns:
      - arn:aws:sns:us-east-1:123456789012:stack-notifications

Compliant Code Examples

- name: create a stack, pass in the template via an URL
  amazon.aws.cloudformation:
    stack_name: ansible-cloudformation
    stack_policy: wowowowoowow
    notification_arns: a, b
    state: present
    region: us-east-1
    disable_rollback: true
    template_url: https://s3.amazonaws.com/my-bucket/cloudformation.template
    template_parameters:
      KeyName: jmartin
      DiskType: ephemeral
      InstanceType: m1.small
      ClusterSize: 3
    tags:
      Stack: ansible-cloudformation

Non-Compliant Code Examples

- name: create a stack, pass in the template via an URL
  amazon.aws.cloudformation:
    stack_name: "ansible-cloudformation"
    state: present
    region: us-east-1
    disable_rollback: true
    template_url: https://s3.amazonaws.com/my-bucket/cloudformation.template
    template_parameters:
      KeyName: jmartin
      DiskType: ephemeral
      InstanceType: m1.small
      ClusterSize: 3
    tags:
      Stack: ansible-cloudformation