How can I use AWS Config to receive custom email notifications when a resource is deleted in my AWS account?

Resolution

You can use a custom event pattern with an Amazon EventBridge rule to match an AWS Config supported resource type. Then, route the response to an Amazon Simple Notification Service (Amazon SNS) topic.

In the following example, you receive an Amazon SNS notification when an Amazon Elastic Compute Cloud (Amazon EC2) instance is terminated.

Note: Replace the resource type for your specific AWS service.

Complete the following steps:

1. Create an Amazon SNS topic.
   Note: The Amazon SNS topic must be in the same AWS Region as your AWS Config service.

2. Open the EventBridge console.

3. In the navigation pane, under Rules, choose Rules, and then choose Create rule.

4. On the Define rule detail page, enter the following information:
   For Name, enter a name for your rule.
   For Rule type, choose Rule with an event pattern.

5. Choose Next.

6. For Event source, choose AWS events or EventBridge partner events.
   For Event pattern, choose Custom pattern (JSON editor).
   In the Event pattern preview pane, enter the following example event pattern:

   {
     "source": [
       "aws.config"
     ],
     "detail-type": [
       "Config Configuration Item Change"
     ],
     "detail": {
       "messageType": [
         "ConfigurationItemChangeNotification"
       ],
       "configurationItem": {
         "configurationItemStatus": [
           "ResourceDeleted"
         ]
       }
     }
   }

7. Choose Next.

8. For Target 1, choose AWS service.

9. For Select a target, choose SNS topic.

10. For Target location, choose Target in this account.

11. For Topic, choose your Amazon SNS topic.

12. Under Additional settings, for Configure target input, choose Input transformer. Then, choose Configure input transformer.

13. For Input path, enter the following example path:

    {
        "awsRegion": "$.detail.configurationItem.awsRegion",
        "awsAccountId": "$.detail.configurationItem.awsAccountId",
        "resource_type": "$.detail.configurationItem.resourceType",
        "resource_ID": "$.detail.configurationItem.resourceId",
        "configurationItemCaptureTime": "$.detail.configurationItem.configurationItemCaptureTime"
    }

14. For Template, enter the following example template:
    "On <configurationItemCaptureTime> AWS Config service recorded a deletion of the resource <resource_ID> type <resource_type> in the account <awsAccountId> region <awsRegion>. For more details open the AWS Config console at https://console.aws.amazon.com/config/home?region=#/timeline///configuration"

15. Choose Confirm.

16. Choose Next.

17. Choose Next.

18. Choose Create rule.

Related information

How can I receive custom email notifications when AWS Config is used to create a resource?

How can I configure an EventBridge rule for GuardDuty to send custom SNS notifications for specific AWS service event types?