Notifications

    You can use either OpenSearch Dashboards or the REST API to configure notifications. Dashboards offers a more organized way of selecting a channel type and selecting which OpenSearch plugin sources you want to use, whereas the REST API lets you programmatically define your notification channels for better versioning and reuse later on.

    1. Use the Dashboards UI to first create a channel that receives notifications from other plugins. Supported communication channels include Amazon Chime, Amazon Simple Notification Service (Amazon SNS), Amazon Simple Email Service (Amazon SES), email through SMTP, Slack, and custom webhooks. After you’ve configured your channel and plugin sources, send messages and start tracking your notifications from the Notifications plugin’s dashboard.

    2. Use the Notifications REST API to configure all of your channel’s settings. To use the API, you must have your notification’s name, description, channel type, which OpenSearch plugins to use as sources, and other associated URLs or groups.

    In OpenSearch Dashboards, choose Notifications, Channels, and Create channel.

    1. In the Name and description section, specify a name and optional description for your channel.
    2. In the Configurations section, select the channel type and enter the necessary information for each type. For more information about configuring a channel that uses Amazon SNS or email, refer to the sections below. If you want to use Amazon Chime or Slack, you need to specify the webhook URL. For more information about using webhooks, see the documentation for Slack and .

    This information is stored in plain text in the OpenSearch cluster. We will improve this design in the future, but for now, the encoded credentials (which are neither encrypted nor hashed) might be visible to other OpenSearch users.

    1. In the Availability section, select the OpenSearch plugins you want to use with the notification channel.
    2. Choose Create.

    OpenSearch supports Amazon SNS for notifications. This integration with Amazon SNS means that, in addition to the other channel types, the Notifications plugin can send email messages, text messages, and even run AWS Lambda functions using SNS topics. For more information about Amazon SNS, see the Amazon Simple Notification Service Developer Guide.

    The Notifications plugin currently supports two ways to authenticate users:

    1. Provide the user with full access to Amazon SNS.

    Provide full Amazon SNS access permissions

    If you want to provide full Amazon SNS access to the IAM user, ensure that the user has the following permissions:

    The IAM user must have the following permissions to assume a role:

    Then add this policy into the IAM user’s trust relationship to actually assume the role:

    Email as a channel type

    To send or receive notifications with email, choose Email as the channel type. Next, select at least one sender and default recipient. To send notifications to more than a few people at a time, specify multiple email addresses or select a recipient group. If the Notifications plugin doesn’t currently have the necessary senders or groups, you can add them by first selecting SMTP sender and then choosing Create SMTP sender or Create recipient group. Choose SES sender to use Amazon Simple Email Service (Amazon SES).

    Create email sender

    1. Specify a unique name to associate with the sender.
    2. Enter an email address and, if applicable, its host (for example, smtp.gmail.com) and the port. If you’re using Amazon SES, enter the IAM role Amazon Resource Name (ARN) of the AWS account to send notifications from, along with the AWS Region.
    3. Choose an encryption method. Most email providers require Secure Sockets Layer (SSL) or Transport Layer Security (TLS), which require a user name and password in the OpenSearch keystore. See Authenticate sender account to learn more. Selecting an encryption method is only applicable if you’re creating an SMTP sender.
    4. Choose Create to save the configuration and create the sender. You can create a sender before you add your credentials to the OpenSearch keystore; however, you must before you use the sender in your channel configuration.
    1. After choosing Create recipient group, enter a unique name to associate with the email group and an optional description.
    2. Select or enter the email addresses you want to add to the recipient group.
    3. Choose Create.

    Authenticate sender account

    If your email provider requires SSL or TLS, you must authenticate each sender account before you can send an email. Enter the sender account credentials in the OpenSearch keystore using the command line interface (CLI). Run the following commands (in your OpenSearch directory) to enter your user name and password. The <sender_name> is the name you entered for Sender earlier.