Skip to main content
Docs
Feature Requests Onboarding Trust Center Status Page

Community

Other: Implement AWS IAM Role (EC2 Instance Profile/Instance Role) Assumption for HVR Alert Notifications to SNS

Michael Hicklen User

Notifications sent to SNS today require IAM user key, which AWS recommends against using due to the risk that they can be leaked, and the impact of resetting keys among many hubs becomes time constraining.

 

Instead, HVR can talk to the AWS metadata service located at http://169.254.169.254 and self-discover and communicate with SNS.

 

Please ensure you support IMDSv2 for security as well:

 

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/ec2-instance-metadata.html

 

https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/configuring-instance-metadata-service.html#instance-metadata-retrieval-examples

 

https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/ec2-iam-roles.html

 

https://docs.aws.amazon.com/sdk-for-java/latest/developer-guide/examples-simple-notification-service.html#:~:text=Publish%20a%20message%20to%20a%20topic,-After%20you%20have&text=To%20start%2C%20build%20a%20PublishRequest,request%20as%20a%20PublishResponse%20object.

 

This helps HVR operate more securely on Amazon EC2.

Please sign in to leave a comment.

Comments

2 comments

Date Votes
  • Mark Van de Wiel User

    Hi Michael,

    In the next 6 months we plan to improve the HVR alert system. Your request is one of the items on the list.

    I will try to remember to provide you with an update as we progress.

    Thanks,
    Mark.

  • Selvakumar Nagalingam User

    We need this feature implemented as HVR alert design is not that great. It is important that the alerts need to be generated whenever there is any issue on replication which is critical for any data loads in DW.