SNS alert ERROR

[ShaneC-C-Y]

Hi Quentin,

Thanks for the help for SNS alert setup, now I can pass the test part. But there is still an issue when I start the alerting. It happens in elastalert trying to sent alert after finding match

INFO:elastalert:Sleeping for 59 seconds
INFO:elastalert:Queried rule Canary high latency frequency rule from 2016-08-14 06:24 UTC to 2016-08-14 06:34 UTC: 55 hits
ERROR:boto:400 Bad Request
ERROR:boto:{"Error":{"Code":"InvalidParameter","Message":"Invalid parameter: TopicArn","Type":"Sender"},"RequestId":"9cbd351e-3fd1-5ac5-994c-65342d02e894"}
ERROR:root:Traceback (most recent call last):
  File "/home/ubuntu/elastalert/elastalert/elastalert.py", line 913, in alert
    return self.send_alert(matches, rule, alert_time=alert_time)
  File "/home/ubuntu/elastalert/elastalert/elastalert.py", line 987, in send_alert
    alert.alert(matches)
  File "elastalert/alerts.py", line 712, in alert
    sns_client.publish(self.sns_topic_arn, body, subject=self.create_default_title())
  File "/usr/local/lib/python2.7/dist-packages/boto-2.41.0-py2.7.egg/boto/sns/connection.py", line 290, in publish
    return self._make_request('Publish', params, '/', 'POST')
  File "/usr/local/lib/python2.7/dist-packages/boto-2.41.0-py2.7.egg/boto/sns/connection.py", line 765, in _make_request
    raise self.ResponseError(response.status, response.reason, body)
BotoServerError: BotoServerError: 400 Bad Request
{"Error":{"Code":"InvalidParameter","Message":"Invalid parameter: TopicArn","Type":"Sender"},"RequestId":"9cbd351e-3fd1-5ac5-994c-65342d02e894"}

ERROR:root:Uncaught exception running rule Canary high latency frequency rule: BotoServerError: 400 Bad Request
{"Error":{"Code":"InvalidParameter","Message":"Invalid parameter: TopicArn","Type":"Sender"},"RequestId":"9cbd351e-3fd1-5ac5-994c-65342d02e894"}
INFO:elastalert:Rule Canary high latency frequency rule disabled
INFO:elastalert:Ignoring match for silenced rule Canary high latency frequency rule.[u'1471156285', u'beats_input_codec_json_applied']
INFO:elastalert:Ignoring match for silenced rule Canary high latency frequency rule.[u'1471156285', u'beats_input_codec_json_applied']
INFO:elastalert:Ignoring match for silenced rule Canary high latency frequency rule.[u'1471156285', u'beats_input_codec_json_applied']
INFO:elastalert:Ignoring match for silenced rule Canary high latency frequency rule.[u'1471156285', u'beats_input_codec_json_applied']
INFO:elastalert:Ran Canary high latency frequency rule from 2016-08-14 06:24 UTC to 2016-08-14 06:34 UTC: 55 query hits, 5 matches, 0 alerts sent
INFO:elastalert:Sleeping for 59 seconds

The setting of my alert in rule is the following:

alert:
- "sns"
sns_topic_arn: "arn:aws:sns:us-west-2:~id~:~topic name~"
aws_access_key: "~my access key~"
aws_secret_key: "~my secret key~"

Thanks for the help!

[leonhartX]

i think you should add aws_region, since the default is us-east-1 which do not match your sns region

[ShaneC-C-Y]

Thanks for your reply. There is a bug there if you assign aws_region here, so I change the default aws_region in the code (/usr/local/lib/python2.7/dist-packages/elastalert-0.0.92-py2.7.egg/elastalert/alerts.py)

class SnsAlerter(Alerter):
    """send alert using AWS SNS service"""
    required_options = frozenset(['sns_topic_arn'])

    def __init__(self, *args):
        super(SnsAlerter, self).__init__(*args)
        self.sns_topic_arn = self.rule.get('sns_topic_arn', '')
        self.aws_access_key = self.rule.get('aws_access_key', '')
        self.aws_secret_key = self.rule.get('aws_secret_key', '')
        self.aws_region = self.rule.get('aws_region', 'us-west-2')
        self.boto_profile = self.rule.get('boto_profile', '')

If I keep the default us-east-1 default setting, and specify us-west-2 in my rule file. The following error message will come out:

INFO:botocore.vendored.requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): 169.254.169.254
INFO:botocore.vendored.requests.packages.urllib3.connectionpool:Starting new HTTP connection (1): 169.254.169.254
Traceback (most recent call last):
  File "/usr/local/bin/elastalert-test-rule", line 9, in <module>
    load_entry_point('elastalert==0.0.92', 'console_scripts', 'elastalert-test-rule')()
  File "/usr/local/lib/python2.7/dist-packages/elastalert-0.0.92-py2.7.egg/elastalert/test_rule.py", line 287, in main
    test_instance.run_rule_test()
  File "/usr/local/lib/python2.7/dist-packages/elastalert-0.0.92-py2.7.egg/elastalert/test_rule.py", line 275, in run_rule_test
    hits = self.test_file(copy.deepcopy(rule_yaml), args)
  File "/usr/local/lib/python2.7/dist-packages/elastalert-0.0.92-py2.7.egg/elastalert/test_rule.py", line 54, in test_file
    es_client = ElastAlerter.new_elasticsearch(es_config)
  File "/usr/local/lib/python2.7/dist-packages/elastalert-0.0.92-py2.7.egg/elastalert/elastalert.py", line 134, in new_elasticsearch
    boto_profile=es_conn_conf['boto_profile'])
  File "/usr/local/lib/python2.7/dist-packages/elastalert-0.0.92-py2.7.egg/elastalert/auth.py", line 40, in __call__
    aws_access_key_id = str(aws_credentials.access_key)
AttributeError: 'NoneType' object has no attribute 'access_key'

[lanmalkieri]

I am having this exact same issue. Any update with a fix?

[Qmando]

The issue here is conflict in the use of "aws_region" config key.

It's used as an identifier for the aws authentication code to try and sign requests, https://github.com/Yelp/elastalert/blob/master/elastalert/util.py#L272

And for the SNS alerter, https://github.com/Yelp/elastalert/blob/master/elastalert/alerts.py#L791

This should be fixed, but as an immediate solution, you can nest aws_region INSIDE the alert config so that it will not be used for signing AWS requests.

Do this:

alert:
 - sns:
      aws_region: us-west-1

Not:

aws_region: us-west-1
alert:
 - sns

[alinoeabrassart]

Would it be sufficient to rename the key for the sns alerter ? Something like sns_aws_region ? If so I can make a pull request with this modification.