CloudAWS

SNS - 配信ステータスのログ全リージョン・全トピック有効化

Security Hub - SNS.2

AWS CLI SHELL

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
#!/usr/bin/env bash

AccountID=************
SuccessSampleRate=100
IAMRoleForSuccessful=SNSSuccessFeedback
IAMRoleForFailed=SNSFailureFeedback


if [ "$AWS_PROFILE" = "" ]; then
  echo "No AWS_PROFILE set"
  exit 1
fi

for region in $(aws ec2 describe-regions --region ap-northeast-1 | jq -r .Regions[].RegionName); do

  for arn in $(aws sns --region ${region} list-topics | jq -r .Topics[].TopicArn); do

    echo "* ${region} - ${arn}"

    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name ApplicationSuccessFeedbackSampleRate --attribute-value ${SuccessSampleRate}
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name FirehoseSuccessFeedbackSampleRate --attribute-value ${SuccessSampleRate}
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name HTTPSuccessFeedbackSampleRate --attribute-value ${SuccessSampleRate}
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name LambdaSuccessFeedbackSampleRate --attribute-value ${SuccessSampleRate}
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name SQSSuccessFeedbackSampleRate --attribute-value ${SuccessSampleRate}

    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name ApplicationFailureFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForFailed}"
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name FirehoseFailureFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForFailed}"
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name HTTPFailureFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForFailed}"
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name LambdaFailureFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForFailed}"
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name SQSFailureFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForFailed}"

    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name ApplicationSuccessFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForSuccessful}"
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name FirehoseSuccessFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForSuccessful}"
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name HTTPSuccessFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForSuccessful}"
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name LambdaSuccessFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForSuccessful}"
    aws sns set-topic-attributes --region ${region} --topic-arn ${arn} --attribute-name SQSSuccessFeedbackRoleArn --attribute-value "arn:aws:iam::${AccountID}:role/${IAMRoleForSuccessful}"

  done

done