Hi!
Our current flow for some of our AWS alerts is Eventbridge Rule -> SNS -> OpsGenie. Through AWS EventBridge Rule, we can only access the 'Message' field in SNS. When we populate the 'Message' field with a JSON object. See the example below.
{
"Type": "Notification",
"MessageId": "XXX",
"TopicArn": "arn:aws:sns:eu-central-1:XXX:test_topic_opsgenie",
"Message": "{\n \"eventId\":\"XXX |\",\n \"region\": \"us-east-1 |\",\n \"time\": \"2022-12-12T13:29:18Z |\",\n \"userIdentityArn\": \"arn:aws:sts::XXX:assumed-role/XXX |\",\n \"eventName\": \"XXX |\",\n \"account\": \"XXX |\",\n \"title\": \"XXX |\",\n \"description\": \"The ChangeResourceRecordSets API call was made by the user arn:aws:sts::XXX:assumed-role/XXX/XXX@XXX in account: #XXX, in region: us-east-1 |\",\n \"ops_severity\": \"1 |\",\n \"ops_source\": \"XXX |\",\n \"alias\": \"XXXX |\"\n}",
"Timestamp": "2022-12-12T13:29:20.931Z",
"SignatureVersion": "1",
"Signature": "XXX",
"SigningCertURL": "https://sns.eu-central-1.amazonaws.com/SimpleNotificationService-XXX.pem",
"UnsubscribeURL": "https://sns.eu-central-1.amazonaws.com/?Action=Unsubscribe&SubscriptionArn=arn:aws:sns:eu-central-1:XXX:test_topic_opsgenie:XXX"
}
Through {{ _payload.Type }} or {{ _payload.Message }}, we can access the fields in the main JSON object. However, the fields *within* the Message field are not availabe. For example {{ _payload.Message.region }} or {{ _payload.Message.account }} would not give us any result. I think I have tried all options, e.g., using the removeWhitespace() function and adding "\" to index ({{ _payload.Message.account\ }}), however with no success.
I suspect the issue lies since it seems that the nested JSON is encoded, and OpsGenie is not able to handle this correctly.
I've now resorted to substringBetween() which is far from ideal.
Do you have any suggestions on how to solve this issue? Thank you for your time!
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.