tatat/ssm-notification.yaml

## ssm-notification.yaml
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: Notification for SSM Session Manager

Globals:
  Function:
    Timeout: 60

Parameters:

  Email:
    Description: Email
    Type: String

  SessionLogsBucketName:
    Description: Name of S3 Bucket where to Store Session Logs
    Type: String

Resources:
  SNSNotificationTopic:
    Type: AWS::SNS::Topic
    Properties:
      DisplayName: SSM Session Manager SNS Notification

  SNSNotificationSubscription:
    Type: AWS::SNS::Subscription
    Properties:
      Endpoint: !Ref Email
      Protocol: email
      TopicArn: !Ref SNSNotificationTopic

  NotificationFunction:
    Type: AWS::Serverless::Function
    Properties:
      CodeUri: src/
      Handler: notification.lambda_handler
      Runtime: python3.7
      Environment:
        Variables:
          PYTHON_ENV: production
          SNS_TOPIC_ARN: !Ref SNSNotificationTopic
      Events:
        SNSNotification:
          Type: CloudWatchEvent
          Properties:
            Pattern:
              source:
                - aws.ssm
              detail-type:
                - AWS API Call via CloudTrail
              detail:
                eventName:
                  - StartSession
                  - ResumeSession
                  - TerminateSession
        SessionLogsNotification:
          Type: S3
          Properties:
            Bucket: !Ref SessionLogsBucket
            Events: s3:ObjectCreated:*
      Policies:
        - EC2DescribePolicy: {}
        - SNSPublishMessagePolicy:
            TopicName: !GetAtt SNSNotificationTopic.TopicName

  SessionLogsBucket:
    Type: AWS::S3::Bucket
    Properties:
      BucketName: !Ref SessionLogsBucketName
      BucketEncryption:
        ServerSideEncryptionConfiguration:
          - ServerSideEncryptionByDefault:
              SSEAlgorithm: aws:kms

Outputs:
  SNSNotificationTopic:
    Description: SNS Notification Topic ARN
    Value: !Ref SNSNotificationTopic

  NotificationFunction:
    Description: Notification Function ARN
    Value: !GetAtt NotificationFunction.Arn

  SessionLogsBucket:
    Description: S3 Bucket for Session Logs
    Value: !Ref SessionLogsBucket
	AWSTemplateFormatVersion: '2010-09-09'
	Transform: AWS::Serverless-2016-10-31
	Description: Notification for SSM Session Manager

	Globals:
	Function:
	Timeout: 60

	Parameters:

	Email:
	Description: Email
	Type: String

	SessionLogsBucketName:
	Description: Name of S3 Bucket where to Store Session Logs
	Type: String

	Resources:
	SNSNotificationTopic:
	Type: AWS::SNS::Topic
	Properties:
	DisplayName: SSM Session Manager SNS Notification

	SNSNotificationSubscription:
	Type: AWS::SNS::Subscription
	Properties:
	Endpoint: !Ref Email
	Protocol: email
	TopicArn: !Ref SNSNotificationTopic

	NotificationFunction:
	Type: AWS::Serverless::Function
	Properties:
	CodeUri: src/
	Handler: notification.lambda_handler
	Runtime: python3.7
	Environment:
	Variables:
	PYTHON_ENV: production
	SNS_TOPIC_ARN: !Ref SNSNotificationTopic
	Events:
	SNSNotification:
	Type: CloudWatchEvent
	Properties:
	Pattern:
	source:
	- aws.ssm
	detail-type:
	- AWS API Call via CloudTrail
	detail:
	eventName:
	- StartSession
	- ResumeSession
	- TerminateSession
	SessionLogsNotification:
	Type: S3
	Properties:
	Bucket: !Ref SessionLogsBucket
	Events: s3:ObjectCreated:*
	Policies:
	- EC2DescribePolicy: {}
	- SNSPublishMessagePolicy:
	TopicName: !GetAtt SNSNotificationTopic.TopicName

	SessionLogsBucket:
	Type: AWS::S3::Bucket
	Properties:
	BucketName: !Ref SessionLogsBucketName
	BucketEncryption:
	ServerSideEncryptionConfiguration:
	- ServerSideEncryptionByDefault:
	SSEAlgorithm: aws:kms

	Outputs:
	SNSNotificationTopic:
	Description: SNS Notification Topic ARN
	Value: !Ref SNSNotificationTopic

	NotificationFunction:
	Description: Notification Function ARN
	Value: !GetAtt NotificationFunction.Arn

	SessionLogsBucket:
	Description: S3 Bucket for Session Logs
	Value: !Ref SessionLogsBucket