Skip to main content
Version: 5.17.1

Manually Setup Kibana Alerts

This guide demonstrates how to manually set up email alerts within Kibana on AWS and define SNS topics for notifications associated with Kibana monitors and triggers. The initial steps include creating specific IAM roles and policies and configuring alerts within Kibana.

Prerequisites

  • SNS Topic
  • E-mail subscribed to SNS topic

Roles and Policies

Create the following policy with tenant_ (e.g., tenant_sns_publish) prefix in the name:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": "sns:Publish",
            "Resource": <SNS_TOPIC_ARN>
        }
    ]
}

Create a service role to assign in Kibana with tenant_ (e.g., tenant_opensearch_service_role) prefix in the name:

  1. From the IAM roles screen, click Create roles.

  2. Click Custom trust policy.

  3. Assign the following trust relationship:

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Principal": {
                "Service": "opensearchservice.amazonaws.com"
            },
            "Action": "sts:AssumeRole"
        }
    ]
}

  1. Click Next.

  2. Attach the above SNS tenant policy.

  3. Click Set permission boundary to expand the section.

  4. Select Use a permissions boundary to control the maximum role permissions.

  5. Search for and select InstanceOpsRole.

  6. Click Next.

  7. Make the name using the tenant_ prefix, as described above.

  8. Add an appropriate description.

  9. Verify that the policy and trust relationship are correct.

  10. Add any desired Tags.

  11. Click Create role.

note

You must set the permission boundary as described above, as well as name the role with the tenant_ prefix. The role will not be created without these two steps.

Setup Email Alerts in Kibana

  1. Sign into Kibana (this can be obtained from the domain information console page).

  2. Click the hamburger menu and select Alerting.

  3. Click Destinations.

  4. Click Add destination.

  5. Name the destination.

  6. Select Amazon SNS from the Type drop-down menu.

  7. Enter the ARN for the appropriate SNS topic.

  8. Enter the ARN for the IAM role created earlier.

  9. Click Create.

  10. Click Monitors.

  11. Click on the appropriate Monitor.

  12. Under the Triggers section, select one or more triggers.

  13. Click Edit.

  14. Scroll down to Configure actions and click Add action.

    a. Enter a name for the action.

    b. Under Destination, select the previously created SNS destination.

    c. Edit the subject and message, if appropriate.

    :::tip To test, you can click Send Test Message under the message editor. :::

    d. Click Update.