Configure AWS SNS for Jira automation

Sending a message to an SNS topic is the simplest way to integrate your automation rule with AWS.

To do this you will need to:

  1. Create a new topic if you don’t have one you want to use

  2. Grant the Atlassian Automation AWS account access to that topic

  3. Connect to the SNS topic

The instructions here are for configuration via the AWS console, but the details are similar if you manage your AWS resources using CloudFormation or the AWS SDK.

This access will allow the Atlassian Automation AWS account to send messages to this topic. We recommend you treat this as an untrusted source and take steps to validate the messages you receive before acting on them.

1. Create a new SNS topic (Optional)

If you don’t have an existing SNS topic to use you will need to create one.

The simplest way is via AWS console.

  1. Sign into AWS console

    • Ensure you are in the correct AWS region before creating your topic

  2. Choose Topics from the navigation menu

  3. Choose Create topic and enter the required details

    • Choose a Standard topic type (you can actually use either, but “standard” will give the most flexibility - see the AWS documentation for full details on the difference between a “standard” and “fifo” topic)

    • Pick a Name that will be meaningful and reflect the purpose of the topic

    • Optionally enable Encryption to encrypt data stored on the topic

  4. Click Create topic

This will give you a topic that you can connect to from your automation rule.

See AWS SNS best practices for more information on other recommended configuration settings for SNS topics.

2. Setup a topic policy to allow access from Atlassian Automation

If you have an existing topic (or have created one using the steps above) you will need to allow the Atlassian Automation AWS account to access it by setting up an appropriate Access policy.

The Atlassian Automation AWS account ID you will need to use is 815843069303. It will only need to be granted the sns:Publish action.

The policy document you will need will look something like:

1 2 3 4 5 6 7 8 9 10 11 12 13 { "Version": "2008-10-17", "Id": "__default_policy_ID", "Statement": [{ "Sid": "grant-atlassian-automation-publish", "Effect": "Allow", "Principal": { "AWS": "815843069303" }, "Action": ["sns:Publish"], "Resource": <<sns_topic_arn>> }] }

This policy can be read as “Allow the AWS account with ID 815843069303 to Publish to the SNS topic with the AWS Resource Name (ARN) <<sns_topic_arn>>".

The most important parts of the policy are:

  • The Effect is Allow

  • The Principal is the Atlassian Automation AWS account ID 815843069303

  • The Action is sns:Publish; and

  • The Resource is the ARN of your SNS topic

3. Connect to the SNS topic

Once you have set up an SNS topic and granted the appropriate permissions, the final step is to use that topic in a Connection.

To setup the Connection:

  1. Navigate to Automation and select Create rule.

  2. Select a trigger for your rule.

  3. Select an AWS SNS action.

  4. Click Connect.

  5. When prompted, enter the ARN of the topic you wish to use.

    • The easiest place to find this is in the AWS console

  6. Click Save.

Additional Help