Building an effective AWS notifications strategy with AWS User Notifications

The growing importance of cloud notifications

As cloud environments grow in complexity, effective notification management becomes increasingly critical. When organizations manage their AWS notifications, they commonly face the following challenges:

• Coordinating alerts across multiple AWS accounts and teams.

• Distinguishing important alerts from routine updates.

• Maintaining consistent notification practices.

• Delivering notifications to the appropriate teams in a timely manner.

Using AWS User Notifications

AWS User Notifications provides two complementary approaches to manage notifications in your AWS environment. When you use both approaches effectively, you can build a robust notification strategy to keep stakeholders informed.

User-configured notifications

User-configured notifications (UCNs) are custom rules that you create to notify you about specific AWS services and events. The benefits of UCNs include the following:

• UCNs use the Amazon EventBridge structure to provide granular control over monitored services and events. For example, you can configure a notification to initiate for Amazon Elastic Compute Cloud (Amazon EC2) when a specific instance state changes, such as to Terminated, for a specific instance ID.

• UCNs support consolidated notifications of events across accounts within an organization. For example, you can receive notifications in the management account about AWS Health events in your "Production" organizational unit (OU) where the eventTypeCategory value is issues. Or, you can create notifications for when users across any account in your organization log in to the AWS Management Console without multi-factor authentication (MFA). 

• UCNs support time-based aggregation of events to reduce the number of notifications. For example, this can be 5-minute aggregates for high-priority matters, such as operational issues in production accounts. Or, you can create 12-hour aggregates for lower-priority matters, such as API request failures in non-production environments.

AWS managed notifications

AWS managed notifications are pre-configured notifications that AWS sends by default to the root email and alternate account contacts. The benefits of managed notifications include the following:

• Support AWS Health events.

• Automatically send notifications to account contacts, including the root and alternate contact email addresses.

• Offer an organizational view and aggregates identical events across accounts.

• Prevent email duplication for account contacts.

Multiple delivery channels

Managed notifications and UCNs support multiple delivery channels, including the following:

• Console Notification Center

• Email, such as individual addresses or distribution lists

• Amazon Q Developer in chat applications (Slack and Microsoft Teams)

• AWS Console mobile application push notifications

• AWS User Notifications API

AWS User Notifications operations are available through the User Notifications SDK, AWS CloudFormation. You can also access User Notification operations through Terraform's Cloud Control API on the Terraform website.

Evaluating your notification needs

Because managed notifications deliver AWS Health events by default to account contacts, your strategy for UCNs should complement this, not duplicate it. It's a best practice to create UCNs only for specific events that require special handling.

To help you determine how you want to configure your UCNs, refer to the following table for common scenarios:

	Single account	Organizational units	Entire organization
Use case	Critical service health monitoring	Database fleet management	Patch management and automation
Scope	Single production account	Specific OUs with DB resources	All accounts in an organization (100+)
Event sources	Amazon EC2 Health events, AWS Auto Scaling events, Amazon Virtual Private Cloud (Amazon VPC) events	Amazon Relational Database Service (Amazon RDS) events, Performance issues, Backup failures	SSM Compliance changes, Automation status, Maintenance windows
Aggregation	5 mins for operational, None for critical	None for production organizational units, 5 mins for staging organizational units, 12 hours for dev organizational units	None for failures, 5 mins for compliance, 12 hours for routine
Delivery	Slack channel, Email, Mobile alerts	OU-specific channels, Team email lists	Operations Slack, Admin email list, Mobile for critical
Key benefits	Consolidated view, Searchable history, Mobile access	OU-level monitoring, Environment-specific timing	Centralized visibility, Automated tracking, Fleet awareness

Select the approach that best matches your organization's size, structure, and requirements, and then adapt the approach as needed.

Creating an implementation strategy

Whether you choose to work with your Technical Account Manager (TAM), a Solutions Architect, or create your implementation strategy yourself, it's vital to create a strategy that works for you.

Turn on trusted access to AWS Organizations

If you use AWS Organizations, then turn on the AWS User Notifications integration option to turn on aggregation and de-duplication of managed notifications and organizational UCNs.

Configure managed notifications

After you determine your approach, configure your managed notifications:

1. Configure your account contacts and make sure that they include the correct email addresses for your team.

2. Configure delivery channels for your managed notifications. You can configure delivery channels for email and Amazon Q Developer integrations for Slack and Microsoft Teams. You can also configure delivery channels for AWS Console mobile application push notifications.

Implement UCNs

After you configure your managed notifications, implement your UCNs to notify you of all other alerts that managed notifications don't cover:

1. Configure notifications for your high-priority services, such as for Amazon EC2, Amazon RDS, or Amazon GuardDuty. You can also select the OUs and accounts that you want to notify, define event patterns, configure aggregation periods, and determine your delivery channels. Note: Only the management account or delegated administrator can define organizational settings.

2. If you haven't set up notification hubs, then create your notification hubs and choose AWS Regions for notification storage and processing. You can also configure multi-Region resilience.

Choose your implementation

You can configure AWS User Notifications through multiple implementation options. You can manage notification configurations, event rules, and delivery channels through these interfaces. This way, you can choose the approach that best fits your operational model:

• The AWS Management Console allows you to test and validate notifications for a single account. Or, you can configure notifications at an organizational level in the management account or delegated administrator account. 

• For infrastructure as code, use CloudFormation or Terraform. CloudFormation offers native AWS templates for version-controlled notification configurations. For Terraform, you can use the Cloud Control API provider to integrate with existing Terraform workflows. For more information, see aws_cloudcontrolapi_resource on the Terraform website.

• The AWS SDK offers programmatic access to customize implementations, automate notification management, and integrate with existing applications.

Following best practices

To get the most out of your AWS User Notifications strategy, follow these best practices.

Design your strategy for scale

• For your strategy, start with broader event patterns, and then refine your patterns over time based on feedback. This allows you to tailor your notifications to your specific needs as your AWS environment changes.

• For your event patterns, document your patterns and their purpose for others to reference. This allows other users to clearly understand, update, and repurpose patterns as needed.

Proactively manage your delivery channels

• For your emails, use distribution lists instead of individual emails to allow simple subscription to simplify onboarding across multiple users.

• For your channels, implement clear channel naming. For example, use #aws-prod-critical instead of # aws- dev-alerts to better distinguish urgency for issues.

• Regularly test your notification delivery paths to make sure that channels are healthy and recipients are up to date.

Avoid common pitfalls

• To avoid notification fatigue, review and adjust filtering regularly so that you only receive notifications about issues that require your attention. Notification fatigue can lead to missed critical events and delays in addressing important issues. Look for opportunities to create a unique UCN, where a team only needs a subset of notifications, instead of a using a broader channel.

• To avoid missing critical notifications, use proper delivery channels. Make sure to audit your delivery channels and contacts quarterly.

Conclusion

To successfully implement an AWS User Notification strategy, take the following actions:

1. Clearly understand UCNs and managed notifications.

2. Thoroughly assess your needs and create a plan to meet those needs.

3. Effectively implement the strategy and regularly test the strategy.

4. Manage and optimize the strategy over time.

The goal of a good notification strategy is to make sure that teams and individuals are promptly informed about issues or changes that require their attention. This prompt response allows teams to quickly adapt, respond, and track changes to their AWS environment. It's vital to start with a simple strategy, adjust the strategy based on feedback, and maintain clear documentation. To learn more about how AWS can help you build your notification strategy, contact your TAM or AWS account team.

About the author

Shany Alon

Shany Alon is a Product Management leader who's focused on creating exceptional user experiences (UX) across AWS services and channels. By championing unified and consistent interfaces, she works to reduce the complexity of cloud operations and make AWS more intuitive for everyone. Shany's passion lies in making sure that every customer has a great experience throughout their cloud journey. To do this, she focuses on thoughtful design and seamless service and channel integration to make AWS more approachable and efficient for users of all skill levels. Outside of work, she enjoys hiking, traveling, practicing yoga, and playing the guitar.

Andrew Riley

Andrew Riley is a Principal TAM based in Philadelphia, Pennsylvania. He works with customers to drive resilience and operational awareness of application and service health. In his free time, you might find him running with a large stroller or listening to yet another "TED Talk" on Minecraft from his kids.