Add AWS SNS receiver

cmd/alertmanager/main.go

@@ -31,6 +31,7 @@ import (
 	"github.com/go-kit/kit/log"
 	"github.com/go-kit/kit/log/level"
 	"github.com/pkg/errors"
+	"github.com/prometheus/alertmanager/notify/sns"
 	"github.com/prometheus/client_golang/prometheus"
 	"github.com/prometheus/client_golang/prometheus/promhttp"
 	"github.com/prometheus/common/model"
@@ -165,6 +166,9 @@ func buildReceiverIntegrations(nc *config.Receiver, tmpl *template.Template, log
 	for i, c := range nc.PushoverConfigs {
 		add("pushover", i, c, func(l log.Logger) (notify.Notifier, error) { return pushover.New(c, tmpl, l) })
 	}
+	for i, c := range nc.SNSConfigs {
+		add("sns", i, c, func(l log.Logger) (notify.Notifier, error) { return sns.New(c, tmpl, l) })
+	}
 	if errs.Len() > 0 {
 		return nil, &errs
 	}

config/config.go

@@ -242,6 +242,9 @@ func resolveFilepaths(baseDir string, cfg *Config) {
 		for _, cfg := range receiver.WechatConfigs {
 			cfg.HTTPConfig.SetDirectory(baseDir)
 		}
+		for _, cfg := range receiver.SNSConfigs {
+			cfg.HTTPConfig.SetDirectory(baseDir)
+		}
 	}
 }
 
@@ -447,6 +450,11 @@ func (c *Config) UnmarshalYAML(unmarshal func(interface{}) error) error {
 				voc.APIKey = c.Global.VictorOpsAPIKey
 			}
 		}
+		for _, sns := range rcv.SNSConfigs {
+			if sns.HTTPConfig == nil {
+				sns.HTTPConfig = c.Global.HTTPConfig
+			}
+		}
 		names[rcv.Name] = struct{}{}
 	}
 
@@ -784,6 +792,7 @@ type Receiver struct {
 	WechatConfigs    []*WechatConfig    `yaml:"wechat_configs,omitempty" json:"wechat_configs,omitempty"`
 	PushoverConfigs  []*PushoverConfig  `yaml:"pushover_configs,omitempty" json:"pushover_configs,omitempty"`
 	VictorOpsConfigs []*VictorOpsConfig `yaml:"victorops_configs,omitempty" json:"victorops_configs,omitempty"`
+	SNSConfigs       []*SNSConfig       `yaml:"sns_configs,omitempty" json:"sns_configs,omitempty"`
 }
 
 // UnmarshalYAML implements the yaml.Unmarshaler interface for Receiver.

config/notifiers.go

@@ -127,6 +127,16 @@ var (
 		Expire:   duration(1 * time.Hour),
 		HTML:     false,
 	}
+
+	// DefaultSNSConfig defines default values for SNS configurations.
+	DefaultSNSConfig = SNSConfig{
+		NotifierConfig: NotifierConfig{
+			VSendResolved: true,
+		},
+		APIVersion:  "sns.default.api_version",
+		Message:     `{{ template "sns.default.message" . }}`,
+		IsFIFOTopic: false,
+	}
 )
 
 // NotifierConfig contains base options common across all notifier configurations.
@@ -579,3 +589,46 @@ func (c *PushoverConfig) UnmarshalYAML(unmarshal func(interface{}) error) error
 	}
 	return nil
 }
+
+// TODO: Move to common?
+
+// SigV4Config is the configuration for signing remote write requests with
+// AWS's SigV4 verification process. Empty values will be retrieved using the
+// AWS default credentials chain.
+type SigV4Config struct {
+	Region    string `yaml:"region,omitempty"`
+	AccessKey string `yaml:"access_key,omitempty"`
+	SecretKey Secret `yaml:"secret_key,omitempty"`
+	Profile   string `yaml:"profile,omitempty"`
+	RoleARN   string `yaml:"role_arn,omitempty"`
+}
+
+type SNSConfig struct {
+	NotifierConfig `yaml:",inline" json:",inline"`
+
+	HTTPConfig *commoncfg.HTTPClientConfig `yaml:"http_config,omitempty" json:"http_config,omitempty"`
+
+	APIUrl      string            `yaml:"api_url" json:"api_url"`
+	APIVersion  string            `yaml:"api_version,omitempty" json:"api_version,omitempty"`
+	Sigv4       SigV4Config       `yaml:"sigv4" json:"sigv4"`
+	TopicARN    string            `yaml:"topic_arn,omitempty" json:"topic_arn,omitempty"`
+	PhoneNumber string            `yaml:"phone_number,omitempty" json:"phone_number,omitempty"`
+	TargetARN   string            `yaml:"target_arn,omitempty" json:"target_arn,omitempty"`
+	IsFIFOTopic bool              `yaml:"is_fifo_topic,omitempty" json:"is_fifo_topic,omitempty"`
+	Subject     string            `yaml:"subject,omitempty" json:"subject,omitempty"`
+	Message     string            `yaml:"message,omitempty" json:"message,omitempty"`
+	Attributes  map[string]string `yaml:"attributes,omitempty" json:"attributes,omitempty"`
+}
+
+// UnmarshalYAML implements the yaml.Unmarshaler interface.
+func (c *SNSConfig) UnmarshalYAML(unmarshal func(interface{}) error) error {
+	*c = DefaultSNSConfig
+	type plain SNSConfig
+	if err := unmarshal((*plain)(c)); err != nil {
+		return err
+	}
+	if c.TargetARN == "" && c.TopicARN == "" && c.PhoneNumber == "" {
+		return fmt.Errorf("must provide either a Target ARN, Topic ARN, or Phone Number for SNS config")
+	}
+	return nil
+}

config/testdata/conf.sns-test.yml

@@ -0,0 +1,16 @@
+route:
+  receiver: 'sns-api-notifications'
+  group_by: [alertname]
+
+receivers:
+- name: 'sns-api-notifications'
+  sns_configs:
+    - api_url: https://sns.us-east-2.amazonaws.com
+      topic_arn: arn:aws:sns:us-east-2:123456789012:My-Topic
+      is_fifo_topic: true
+      sigv4:
+        region: us-east-2
+        access_key: access_key
+        secret_key: secret_ket
+      attributes:
+        severity: Sev2

go.mod

@@ -2,6 +2,7 @@ module github.com/prometheus/alertmanager
 
 require (
 	github.com/alecthomas/units v0.0.0-20210208195552-ff826a37aa15
+	github.com/aws/aws-sdk-go v1.38.35
 	github.com/cenkalti/backoff/v4 v4.1.0
 	github.com/cespare/xxhash v1.1.0
 	github.com/go-kit/kit v0.10.0

go.sum

@@ -39,6 +39,8 @@ github.com/asaskevich/govalidator v0.0.0-20200907205600-7a23bdc65eef/go.mod h1:W
 github.com/aws/aws-lambda-go v1.13.3/go.mod h1:4UKl9IzQMoD+QF79YdCuzCwp8VbmG4VAQwij/eHl5CU=
 github.com/aws/aws-sdk-go v1.27.0/go.mod h1:KmX6BPdI08NWTb3/sm4ZGu5ShLoqVDhKgpiN924inxo=
 github.com/aws/aws-sdk-go v1.34.28/go.mod h1:H7NKnBqNVzoTJpGfLrQkkD+ytBA93eiDYi/+8rV9s48=
+github.com/aws/aws-sdk-go v1.38.35 h1:7AlAO0FC+8nFjxiGKEmq0QLpiA8/XFr6eIxgRTwkdTg=
+github.com/aws/aws-sdk-go v1.38.35/go.mod h1:hcU610XS61/+aQV88ixoOzUoG7v3b31pl2zKMmprdro=
 github.com/aws/aws-sdk-go-v2 v0.18.0/go.mod h1:JWVYvqSMppoMJC0x5wdwiImzgXTI9FuZwxzkQq9wy+g=
 github.com/beorn7/perks v0.0.0-20180321164747-3a771d992973/go.mod h1:Dwedo/Wpr24TaqPxmxbtue+5NUziq4I4S80YR8gNf3Q=
 github.com/beorn7/perks v1.0.0/go.mod h1:KWe93zE9D1o94FZ5RNwFwVgaQK1VOXiVxmqh+CedLV8=
@@ -301,7 +303,9 @@ github.com/influxdata/influxdb1-client v0.0.0-20191209144304-8bf82d3c094d/go.mod
 github.com/jessevdk/go-flags v1.5.0 h1:1jKYvbxEjfUl0fmqTCOfonvskHHXMjBySTLW4y9LFvc=
 github.com/jessevdk/go-flags v1.5.0/go.mod h1:Fw0T6WPc1dYxT4mKEZRfG5kJhaTDP9pj1c2EWnYs/m4=
 github.com/jmespath/go-jmespath v0.0.0-20180206201540-c2b33e8439af/go.mod h1:Nht3zPeWKUH0NzdCt2Blrr5ys8VGpn0CEB0cQHVjt7k=
+github.com/jmespath/go-jmespath v0.4.0 h1:BEgLn5cpjn8UN1mAw4NjwDrS35OdebyEtFe+9YPoQUg=
 github.com/jmespath/go-jmespath v0.4.0/go.mod h1:T8mJZnbsbmF+m6zOOFylbeCJqk5+pHWvzYPziyZiYoo=
+github.com/jmespath/go-jmespath/internal/testify v1.5.1 h1:shLQSRRSCCPj3f2gpwzGwWFoC7ycTf1rcQZHOlsJ6N8=
 github.com/jmespath/go-jmespath/internal/testify v1.5.1/go.mod h1:L3OGu8Wl2/fWfCI6z80xFu9LTZmf1ZRjMHUOPmWr69U=
 github.com/joho/godotenv v1.3.0/go.mod h1:7hK45KPybAkOC6peb+G5yklZfMxEjkZhHbwpqxOKXbg=
 github.com/jonboulle/clockwork v0.1.0/go.mod h1:Ii8DK3G1RaLaWxj9trq07+26W01tbo22gdxWY5EU2bo=

notify/notify.go

@@ -277,6 +277,7 @@ func NewMetrics(r prometheus.Registerer) *Metrics {
 		"opsgenie",
 		"webhook",
 		"victorops",
+		"sns",
 	} {
 		m.numNotifications.WithLabelValues(integration)
 		m.numTotalFailedNotifications.WithLabelValues(integration)

notify/sns/sns.go

@@ -0,0 +1,171 @@
+// Copyright 2021 Prometheus Team
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+// http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package sns
+
+import (
+	"context"
+	"fmt"
+	"net/http"
+	"unicode/utf8"
+
+	"github.com/aws/aws-sdk-go/aws"
+	"github.com/aws/aws-sdk-go/aws/credentials"
+	"github.com/aws/aws-sdk-go/aws/credentials/stscreds"
+	"github.com/aws/aws-sdk-go/aws/session"
+	"github.com/aws/aws-sdk-go/service/sns"
+	"github.com/go-kit/kit/log"
+	"github.com/prometheus/alertmanager/config"
+	"github.com/prometheus/alertmanager/notify"
+	"github.com/prometheus/alertmanager/template"
+	"github.com/prometheus/alertmanager/types"
+	commoncfg "github.com/prometheus/common/config"
+)
+
+// Notifier implements a Notifier for SNS notifications.
+type Notifier struct {
+	conf    *config.SNSConfig
+	tmpl    *template.Template
+	logger  log.Logger
+	client  *http.Client
+	retrier *notify.Retrier
+}
+
+func (n Notifier) Notify(ctx context.Context, alert ...*types.Alert) (bool, error) {
+	credentials := credentials.NewStaticCredentials(n.conf.Sigv4.AccessKey, string(n.conf.Sigv4.SecretKey), "")
+	if n.conf.Sigv4.AccessKey == "" {
+		credentials = nil
+	}
+
+	sess, err := session.NewSessionWithOptions(session.Options{
+		Config: aws.Config{
+			Region:      aws.String(n.conf.Sigv4.Region),
+			Credentials: credentials,
+			Endpoint:    aws.String(n.conf.APIUrl),
+		},
+		Profile: n.conf.Sigv4.Profile,
+	})
+
+	if _, err := sess.Config.Credentials.Get(); err != nil {
+		return false, fmt.Errorf("could not get SigV4 credentials: %w", err)
+	}
+
+	if n.conf.Sigv4.RoleARN != "" {
+		sess.Config.Credentials = stscreds.NewCredentials(sess, n.conf.Sigv4.RoleARN)
+	}
+
+	data := notify.GetTemplateData(ctx, n.tmpl, alert, n.logger)
+	tmpl := notify.TmplText(n.tmpl, data, &err)
+	message := tmpl(n.conf.Message)
+
+	client := sns.New(sess, &aws.Config{Credentials: credentials})
+	publishInput := &sns.PublishInput{}
+
+	if n.conf.TopicARN != "" {
+		publishInput.SetTopicArn(n.conf.TopicARN)
+		messageToSend, isTrunc, err := validateAndTruncateMessage(message)
+		if err != nil {
+			return false, err
+		}
+		if isTrunc {
+			n.conf.Attributes["truncated"] = "true"
+		}
+		publishInput.SetMessage(messageToSend)
+	}
+	if n.conf.PhoneNumber != "" {
+		publishInput.SetPhoneNumber(n.conf.PhoneNumber)
+		// If SMS message is over 1600 chars, SNS will reject the message.
+		_, isTruncated := notify.Truncate(message, 1600)
+		if isTruncated {
+			return false, fmt.Errorf("SMS message exeeds length of 1600 charactors")
+		} else {
+			publishInput.SetMessage(message)
+		}
+	}
+	if n.conf.TargetARN != "" {
+		publishInput.SetTargetArn(n.conf.TargetARN)
+		messageToSend, isTrunc, err := validateAndTruncateMessage(message)
+		if err != nil {
+			return false, err
+		}
+		if isTrunc {
+			n.conf.Attributes["truncated"] = "true"
+		}
+		publishInput.SetMessage(messageToSend)
+	}
+
+	if len(n.conf.Attributes) > 0 {
+		attributes := map[string]*sns.MessageAttributeValue{}
+		for k, v := range n.conf.Attributes {
+			attributes[k] = &sns.MessageAttributeValue{DataType: aws.String("String"), StringValue: aws.String(v)}
+		}
+		publishInput.SetMessageAttributes(attributes)
+	}
+
+	if n.conf.Subject != "" {
+		publishInput.SetSubject(n.conf.Subject)
+	}
+
+	// Deduplication key is only added if it's a FIFO SNS Topic.
+	if n.conf.IsFIFOTopic {
+		key, err := notify.ExtractGroupKey(ctx)
+		if err != nil {
+			return false, err
+		}
+		publishInput.SetMessageDeduplicationId(key.Hash())
+	}
+
+	publishOutput, err := client.Publish(publishInput)
+	if err != nil {
+		// AWS Response is bad, probably a config issue.
+		return false, err
+	}
+
+	err = n.logger.Log(publishOutput.String())
+	if err != nil {
+		return false, err
+	}
+
+	// Response is good and does not need to be retried.
+	return false, nil
+}
+
+func validateAndTruncateMessage(message string) (string, bool, error) {
+	if utf8.ValidString(message) {
+		// if the message is larger than 256KB we have to truncate.
+		if len(message) > 256*1024 {
+			truncated := make([]byte, 256*1024, 256*1024)
+			copy(truncated, message)
+			return string(truncated), true, nil
+		}
+		return message, false, nil
+	}
+	return "", false, fmt.Errorf("non utf8 encoded message string")
+}
+
+// New returns a new SNS notification handler.
+func New(c *config.SNSConfig, t *template.Template, l log.Logger, httpOpts ...commoncfg.HTTPClientOption) (*Notifier, error) {
+
+	client, err := commoncfg.NewClientFromConfig(*c.HTTPConfig, "sns", append(httpOpts, commoncfg.WithHTTP2Disabled())...)
+	if err != nil {
+		return nil, err
+	}
+
+	return &Notifier{
+		conf:    c,
+		tmpl:    t,
+		logger:  l,
+		client:  client,
+		retrier: &notify.Retrier{},
+	}, nil
+}