--- Description: SNS Topic for the notification configuration of alarms created by the amazon-cloudwatch-auto-alarms Lambda function AWSTemplateFormatVersion: '2010-09-09' Parameters: OrganizationID: Description: Provide cloudwatch publish rights from all accounts in the organization. Leave blank for single account, single region implementation. Type: String Default: "" Conditions: OrgEnabledAccess: !Not [!Equals ["", !Ref OrganizationID]] Resources: CloudWatchAutoAlarmsSNSTopic: Type: AWS::SNS::Topic Properties: DisplayName: CloudWatchAutoAlarms SNS Notification Topic TopicName: CloudWatchAutoAlarmsSNSTopic CloudWatchAutoAlarmsSNSTopicPolicy: Type: AWS::SNS::TopicPolicy Properties: Topics: - !Ref CloudWatchAutoAlarmsSNSTopic PolicyDocument: Version: '2012-10-17' Id: SSEAndSSLPolicy Statement: - Sid: Allow_Publish_Alarms Effect: Allow Principal: Service: - cloudwatch.amazonaws.com Action: sns:Publish Resource: - !Join - ':' - - 'arn' - !Ref AWS::Partition - 'sns' - !Ref AWS::Region - !Ref AWS::AccountId - !GetAtt CloudWatchAutoAlarmsSNSTopic.TopicName - !If - OrgEnabledAccess - Sid: 'allow org to publish to sns topic' Effect: Allow Principal: "*" Action: - sns:Publish Resource: - !Join - ':' - - 'arn' - !Ref AWS::Partition - 'sns' - !Ref AWS::Region - !Ref AWS::AccountId - !GetAtt CloudWatchAutoAlarmsSNSTopic.TopicName Condition: ForAnyValue:StringLike: aws:PrincipalOrgPaths: - !Sub "${OrganizationID}/*" - !Ref 'AWS::NoValue' Outputs: CloudWatchAutoAlarmsSNSTopicArn: Value: !Ref CloudWatchAutoAlarmsSNSTopic Description: "SNS topic for notifications for alarms created by the CloudWatchAutoAlarms lambda function" Export: Name: amazon-cloudwatch-auto-alarms-sns-topic-arn