cloud-mu 1.9.0.pre.beta → 2.0.0.pre.alpha

data/modules/mu/clouds/aws/log.rb

@@ -38,7 +38,7 @@ module MU
           @config["log_group_name"] = @mu_name
           @config["log_stream_name"] =
             if @config["enable_cloudtrail_logging"]
-              "#{MU.account_number}_CloudTrail_#{@config["region"]}"
+              "#{MU::Cloud::AWS.credToAcct(@config['credentials'])}_CloudTrail_#{@config["region"]}"
             else
               @mu_name
             end
@@ -56,7 +56,7 @@ module MU
           end
 
           MU.log "Creating log group #{@mu_name}"
-          MU::Cloud::AWS.cloudwatchlogs(@config["region"]).create_log_group(
+          MU::Cloud::AWS.cloudwatchlogs(region: @config["region"], credentials: @config["credentials"]).create_log_group(
             log_group_name: @config["log_group_name"],
             tags: tags
           )
@@ -76,19 +76,19 @@ module MU
             end
           end while resp.nil?
 
-          MU::Cloud::AWS.cloudwatchlogs(@config["region"]).create_log_stream(
+          MU::Cloud::AWS.cloudwatchlogs(region: @config["region"], credentials: @config["credentials"]).create_log_stream(
             log_group_name: @config["log_group_name"],
             log_stream_name: @config["log_stream_name"]
           )
 
-          MU::Cloud::AWS.cloudwatchlogs(@config["region"]).put_retention_policy(
+          MU::Cloud::AWS.cloudwatchlogs(region: @config["region"], credentials: @config["credentials"]).put_retention_policy(
             log_group_name: @config["log_group_name"],
             retention_in_days: @config["retention_period"]
           )
 
           if @config["filters"] && !@config["filters"].empty?
             @config["filters"].each{ |filter|
-              MU::Cloud::AWS.cloudwatchlogs(@config["region"]).put_metric_filter(
+              MU::Cloud::AWS.cloudwatchlogs(region: @config["region"], credentials: @config["credentials"]).put_metric_filter(
                 log_group_name: @config["log_group_name"],
                 filter_name: filter["name"],
                 filter_pattern: filter["search_pattern"],
@@ -102,8 +102,8 @@ module MU
           end
 
           if @config["enable_cloudtrail_logging"]
-            trail_resp = MU::Cloud::AWS.cloudtrail(@config["region"]).describe_trails.trail_list.first
-            raise MuError, "Can't find a cloudtrail in #{MU.account_number}/#{@config["region"]}. Please create cloudtrail before enabling logging on it" unless trail_resp
+            trail_resp = MU::Cloud::AWS.cloudtrail(region: @config["region"], credentials: @config["credentials"]).describe_trails.trail_list.first
+            raise MuError, "Can't find a cloudtrail in #{MU::Cloud::AWS.credToAcct(@config['credentials'])}/#{@config["region"]}. Please create cloudtrail before enabling logging on it" unless trail_resp
 
             iam_policy = '{
               "Version": "2012-10-17",
@@ -116,7 +116,7 @@ module MU
                     "logs:PutLogEventsBatch",
                     "logs:PutLogEvents"
                   ],
-                  "Resource": "arn:'+(MU::Cloud::AWS.isGovCloud?(@config["region"]) ? "aws-us-gov" : "aws")+':logs:'+@config["region"]+':'+MU.account_number+':log-group:'+@config["log_group_name"]+':log-stream:'+@config["log_stream_name"]+'*"
+                  "Resource": "arn:'+(MU::Cloud::AWS.isGovCloud?(@config["region"]) ? "aws-us-gov" : "aws")+':logs:'+@config["region"]+':'+MU::Cloud::AWS.credToAcct(@config['credentials'])+':log-group:'+@config["log_group_name"]+':log-stream:'+@config["log_stream_name"]+'*"
                 }
               ]
             }'
@@ -141,12 +141,12 @@ module MU
 
             iam_role_name = "#{@mu_name}-CloudTrail"
             MU.log "Creating IAM role #{iam_role_name}"
-            iam_resp = MU::Cloud::AWS.iam(@config["region"]).create_role(
+            iam_resp = MU::Cloud::AWS.iam.create_role(
               role_name: iam_role_name,
               assume_role_policy_document: iam_assume_role_policy
             )
 
-            MU::Cloud::AWS.iam(@config["region"]).put_role_policy(
+            MU::Cloud::AWS.iam.put_role_policy(
               role_name: iam_role_name,
               policy_name: "CloudTrail_CloudWatchLogs",
               policy_document: iam_policy
@@ -156,7 +156,7 @@ module MU
 
             retries = 0
             begin 
-              MU::Cloud::AWS.cloudtrail(@config["region"]).update_trail(
+              MU::Cloud::AWS.cloudtrail(region: @config["region"], credentials: @config["credentials"]).update_trail(
                 name: trail_resp.name,
                 cloud_watch_logs_log_group_arn: log_group_resp.arn,
                 cloud_watch_logs_role_arn: iam_resp.role.arn
@@ -183,7 +183,7 @@ module MU
           prettyname = service.sub(/\..*/, "").capitalize
           doc = '{ "Version": "2012-10-17", "Statement": [ { "Sid": "'+prettyname+'LogsToCloudWatchLogs", "Effect": "Allow", "Principal": { "Service": [ "'+service+'" ] }, "Action": [ "logs:PutLogEvents", "logs:PutLogEventsBatch", "logs:CreateLogStream" ], "Resource": "'+log_arn+'" } ] }'
 
-          MU::Cloud::AWS.cloudwatchlogs(region).put_resource_policy(
+          MU::Cloud::AWS.cloudwatchlogs(region: region).put_resource_policy(
             policy_name: "Allow"+prettyname,
             policy_document: doc
           )
@@ -209,15 +209,22 @@ module MU
           }
         end
 
+        # Does this resource type exist as a global (cloud-wide) artifact, or
+        # is it localized to a region/zone?
+        # @return [Boolean]
+        def self.isGlobal?
+          false
+        end
+
         # Remove all logs associated with the currently loaded deployment.
         # @param noop [Boolean]: If true, will only print what would be done
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
+        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
           log_groups =
             begin 
-              MU::Cloud::AWS.cloudwatchlogs(region).describe_log_groups.log_groups
+              MU::Cloud::AWS.cloudwatchlogs(credentials: credentials, region: region).describe_log_groups.log_groups
             # TO DO: Why is it returning UnknownOperationException instead of valid error?
             rescue Aws::CloudWatchLogs::Errors::UnknownOperationException => e
               MU.log e.inspect
@@ -227,10 +234,10 @@ module MU
           if !log_groups.empty?
             log_groups.each{ |lg|
               if lg.log_group_name.match(MU.deploy_id)
-                log_streams = MU::Cloud::AWS.cloudwatchlogs(region).describe_log_streams(log_group_name: lg.log_group_name).log_streams
+                log_streams = MU::Cloud::AWS.cloudwatchlogs(credentials: credentials, region: region).describe_log_streams(log_group_name: lg.log_group_name).log_streams
                 if !log_streams.empty?
                   log_streams.each{ |ls|
-                    MU::Cloud::AWS.cloudwatchlogs(region).delete_log_stream(
+                    MU::Cloud::AWS.cloudwatchlogs(credentials: credentials, region: region).delete_log_stream(
                       log_group_name: lg.log_group_name,
                       log_stream_name: ls.log_stream_name
                     ) unless noop
@@ -239,7 +246,7 @@ module MU
                   }
                 end
 
-                MU::Cloud::AWS.cloudwatchlogs(region).delete_log_group(
+                MU::Cloud::AWS.cloudwatchlogs(credentials: credentials, region: region).delete_log_group(
                   log_group_name: lg.log_group_name
                 ) unless noop
                 MU.log "Deleted log group #{lg.log_group_name}"
@@ -248,7 +255,7 @@ module MU
           end
 
           unless noop
-            MU::Cloud::AWS.iam.list_roles.roles.each{ |role|
+            MU::Cloud::AWS.iam(credentials: credentials).list_roles.roles.each{ |role|
               match_string = "#{MU.deploy_id}.*CloudTrail"
               # Maybe we should have a more generic way to delete IAM profiles and policies. The call itself should be moved from MU::Cloud::AWS::Server.
 #              MU::Cloud::AWS::Server.removeIAMProfile(role.role_name) if role.role_name.match(match_string)
@@ -261,13 +268,13 @@ module MU
         # @param region [String]: The cloud provider region.
         # @param flags [Hash]: Optional flags
         # @return [OpenStruct]: The cloud provider's complete descriptions of matching log group.
-        def self.find(cloud_id: nil, region: MU.curRegion, flags: {})
+        def self.find(cloud_id: nil, region: MU.curRegion, credentials: nil, flags: {})
           found = nil
           if !cloud_id.nil? and !cloud_id.match(/^arn:/i)
             found ||= {}
-            found[cloud_id] = MU::Cloud::AWS::Log.getLogGroupByName(cloud_id, region: region)
+            found[cloud_id] = MU::Cloud::AWS::Log.getLogGroupByName(cloud_id, region: region, credentials: nil)
           else
-            resp = MU::Cloud::AWS.cloudwatchlogs(region).describe_log_groups.log_groups.each { |group|
+            resp = MU::Cloud::AWS.cloudwatchlogs(region: region, credentials: credentials).describe_log_groups.log_groups.each { |group|
               if group.arn == cloud_id or group.arn.sub(/:\*$/, "") == cloud_id
                 found ||= {}
                 found[group.log_group_name] = group
@@ -354,8 +361,8 @@ module MU
         # @param name [String]: The cloud provider's identifier for this log group.
         # @param region [String]: The cloud provider region
         # @return [OpenStruct]
-        def self.getLogGroupByName(name, region: MU.curRegion)
-          MU::Cloud::AWS.cloudwatchlogs(region).describe_log_groups(log_group_name_prefix: name).log_groups.first
+        def self.getLogGroupByName(name, region: MU.curRegion, credentials: nil)
+          MU::Cloud::AWS.cloudwatchlogs(region: region, credentials: credentials).describe_log_groups(log_group_name_prefix: name).log_groups.first
         end
       end
     end

data/modules/mu/clouds/aws/msg_queue.rb

@@ -48,7 +48,7 @@ module MU
           namestr += ".fifo" if attrs['FifoQueue']
 
           MU.log "Creating SQS queue #{namestr}", details: attrs
-          resp = MU::Cloud::AWS.sqs(@config['region']).create_queue(
+          resp = MU::Cloud::AWS.sqs(region: @config['region'], credentials: @config['credentials']).create_queue(
             queue_name: namestr,
             attributes: attrs
           )
@@ -75,7 +75,7 @@ module MU
           }
           if changed
             MU.log "Updating SQS queue #{@mu_name}", MU::NOTICE, details: new_attrs
-            resp = MU::Cloud::AWS.sqs(@config['region']).set_queue_attributes(
+            resp = MU::Cloud::AWS.sqs(region: @config['region'], credentials: @config['credentials']).set_queue_attributes(
               queue_url: @cloud_id,
               attributes: new_attrs
             )
@@ -86,7 +86,7 @@ module MU
         # Canonical Amazon Resource Number for this resource
         # @return [String]
         def arn
-          "arn:"+(MU::Cloud::AWS.isGovCloud?(@config["region"]) ? "aws-us-gov" : "aws")+":sqs:"+@config['region']+":"+MU.account_number+":"+@cloud_id
+          "arn:"+(MU::Cloud::AWS.isGovCloud?(@config["region"]) ? "aws-us-gov" : "aws")+":sqs:"+@config['region']+":"+MU::Cloud::AWS.credToAcct(@config['credentials'])+":"+@cloud_id
         end
 
         # Retrieve the AWS descriptor for this SQS queue. AWS doesn't exactly
@@ -94,7 +94,7 @@ module MU
         # @return [Hash]: AWS doesn't return anything but the SQS URL, so supplement with attributes
         def cloud_desc
           if !@cloud_id
-            resp = MU::Cloud::AWS.sqs(@config['region']).list_queues(
+            resp = MU::Cloud::AWS.sqs(region: @config['region'], credentials: @config['credentials']).list_queues(
               queue_name_prefix: @mu_name
             )
             return nil if !resp or !resp.queue_urls
@@ -109,7 +109,8 @@ module MU
           return nil if !@cloud_id
           MU::Cloud::AWS::MsgQueue.find(
             cloud_id: @cloud_id.dup,
-            region: @config['region']
+            region: @config['region'],
+            credentials: @config['credentials']
           )
         end
 
@@ -119,18 +120,26 @@ module MU
           cloud_desc
           deploy_struct = MU::Cloud::AWS::MsgQueue.find(
             cloud_id: @cloud_id,
-            region: @config['region']
+            region: @config['region'],
+            credentials: @config['credentials']
           )
           return deploy_struct
         end
 
+        # Does this resource type exist as a global (cloud-wide) artifact, or
+        # is it localized to a region/zone?
+        # @return [Boolean]
+        def self.isGlobal?
+          false
+        end
+
         # Remove all msg_queues associated with the currently loaded deployment.
         # @param noop [Boolean]: If true, will only print what would be done
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, flags: {})
-          resp = MU::Cloud::AWS.sqs(region).list_queues(
+        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+          resp = MU::Cloud::AWS.sqs(credentials: credentials, region: region).list_queues(
             queue_name_prefix: MU.deploy_id
           )
           if resp and resp.queue_urls
@@ -139,7 +148,7 @@ module MU
               threads << Thread.new {
                 MU.log "Deleting SQS queue #{url}"
                 if !noop
-                  MU::Cloud::AWS.sqs(region).delete_queue(
+                  MU::Cloud::AWS.sqs(credentials: credentials, region: region).delete_queue(
                     queue_url: url
                   )
                   sleep 60 # per API docs, this is how long it takes to really delete
@@ -157,14 +166,14 @@ module MU
         # @param region [String]: The cloud provider region.
         # @param flags [Hash]: Optional flags
         # @return [Hash]: AWS doesn't return anything but the SQS URL, so supplement with attributes
-        def self.find(cloud_id: nil, region: MU.curRegion, flags: {})
+        def self.find(cloud_id: nil, region: MU.curRegion, credentials: nil, flags: {})
           flags['account'] ||= MU.account_number
           return nil if !cloud_id
 
           # If it's a URL, make sure it's good
           begin
             if cloud_id.match(/^https?:/i)
-              resp = MU::Cloud::AWS.sqs(region).get_queue_attributes(
+              resp = MU::Cloud::AWS.sqs(region: region, credentials: credentials).get_queue_attributes(
                 queue_url: cloud_id,
                 attribute_names: ["All"]
               )
@@ -175,7 +184,7 @@ module MU
               end
             else
               # If it's a plain queue name, resolve it to a URL
-              resp = MU::Cloud::AWS.sqs(region).get_queue_url(
+              resp = MU::Cloud::AWS.sqs(region: region, credentials: credentials).get_queue_url(
                 queue_name: cloud_id,
                 queue_owner_aws_account_id: flags['account']
               )
@@ -186,7 +195,7 @@ module MU
 
           # Go fetch its attributes
           if cloud_id
-            resp = MU::Cloud::AWS.sqs(region).get_queue_attributes(
+            resp = MU::Cloud::AWS.sqs(region: region, credentials: credentials).get_queue_attributes(
               queue_url: cloud_id,
               attribute_names: ["All"]
             )
@@ -372,7 +381,7 @@ MU.log "RETURNING FROM FIND ON #{cloud_id}", MU::WARN, details: caller
               ok = false
             end
             begin
-              MU::Cloud::AWS.kms(queue['region']).describe_key(key_id: queue['kms']['key_id'])
+              MU::Cloud::AWS.kms(region: queue['region']).describe_key(key_id: queue['kms']['key_id'])
             rescue Aws::KMS::Errors::NotFoundException => e
               MU.log "KMS key '#{queue['kms']['key_id']}' specified in Queue '#{queue['name']}' was not found.", MU::ERR, details: "Key IDs are of the form bf64a093-2c3d-46fa-0d4f-8232fa7ed53. Keys can be created at https://console.aws.amazon.com/iam/home#/encryptionKeys/#{queue['region']}"
               ok = false
@@ -402,18 +411,18 @@ MU.log "RETURNING FROM FIND ON #{cloud_id}", MU::WARN, details: caller
           }
 
           if @config['failqueue']
-            sibling = @deploy.findLitterMate(type: "msg_queue", name: config['failqueue']['name'])
-            id = config['failqueue']['name']
+            sibling = @deploy.findLitterMate(type: "msg_queue", name: @config['failqueue']['name'])
+            id = @config['failqueue']['name']
             if sibling # resolve sibling queues to something useful
               id = sibling.cloud_id
             end
-            desc = MU::Cloud::AWS::MsgQueue.find(cloud_id: id)
+            desc = MU::Cloud::AWS::MsgQueue.find(cloud_id: id, credentials: @config['credentials'])
             if !desc
-              raise MuError, "Failed to get cloud descriptor for SQS queue #{config['failqueue']['name']}"
+              raise MuError, "Failed to get cloud descriptor for SQS queue #{@config['failqueue']['name']}"
             end
             rdr_pol = {
               "deadLetterTargetArn" => desc["QueueArn"],
-              "maxReceiveCount" => config['failqueue']['retries_before_fail']
+              "maxReceiveCount" => @config['failqueue']['retries_before_fail']
             }
             attrs["RedrivePolicy"] = JSON.generate(rdr_pol)
           end
@@ -465,7 +474,7 @@ MU.log "RETURNING FROM FIND ON #{cloud_id}", MU::WARN, details: caller
           end
 
           begin
-            MU::Cloud::AWS.sqs(@config['region']).tag_queue(
+            MU::Cloud::AWS.sqs(region: @config['region'], credentials: @config['credentials']).tag_queue(
               queue_url: url,
               tags: tags
             )

data/modules/mu/clouds/aws/notifier.rb

@@ -0,0 +1,222 @@
+# Copyright:: Copyright (c) 2014 eGlobalTech, Inc., all rights reserved
+#
+# Licensed under the BSD-3 license (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License in the root of the project or at
+#
+#     http://egt-labs.com/mu/LICENSE.html
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+module MU
+  class Cloud
+    class AWS
+      # Support for AWS SNS
+      class Notifier < MU::Cloud::Notifier
+        @deploy = nil
+        @config = nil
+
+        attr_reader :mu_name
+        attr_reader :config
+        attr_reader :cloud_id
+
+        # @param mommacat [MU::MommaCat]: A {MU::Mommacat} object containing the deploy of which this resource is/will be a member.
+        # @param kitten_cfg [Hash]: The fully parsed and resolved {MU::Config} resource descriptor as defined in {MU::Config::BasketofKittens::logs}
+        def initialize(mommacat: nil, kitten_cfg: nil, mu_name: nil, cloud_id: nil)
+          @deploy = mommacat
+          @config = MU::Config.manxify(kitten_cfg)
+          @cloud_id ||= cloud_id
+          @mu_name ||= @deploy.getResourceName(@config["name"])
+        end
+
+        # Called automatically by {MU::Deploy#createResources}
+        def create
+          MU::Cloud::AWS.sns(region: @config['region'], credentials: @config['credentials']).create_topic(name: @mu_name)
+          @cloud_id = @mu_name
+          MU.log "Created SNS topic #{@mu_name}"
+        end
+
+        # Called automatically by {MU::Deploy#createResources}
+        def groom
+          if @config['subscriptions']
+            @config['subscriptions'].each { |sub|
+              MU::Cloud::AWS::Notifier.subscribe(
+                arn: arn,
+                endpoint: sub['endpoint'],
+                region: @config['region'],
+                credentials: @config['credentials'],
+                protocol: sub['type']
+              )
+            }
+          end
+        end
+
+        # Does this resource type exist as a global (cloud-wide) artifact, or
+        # is it localized to a region/zone?
+        # @return [Boolean]
+        def self.isGlobal?
+          false
+        end
+
+        # Remove all notifiers associated with the currently loaded deployment.
+        # @param noop [Boolean]: If true, will only print what would be done
+        # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
+        # @param region [String]: The cloud provider region
+        # @return [void]
+        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+          MU::Cloud::AWS.sns(region: region, credentials: credentials).list_topics.topics.each { |topic|
+            if topic.topic_arn.match(MU.deploy_id)
+              # We don't have a way to tag our SNS topics, so we will delete any topic that has the MU-ID in its ARN. 
+              # This may fail to find notifier groups in some cases (eg. cache_cluster) so we might want to delete from each API as well.
+              MU::Cloud::AWS.sns(region: region, credentials: credentials).delete_topic(topic_arn: topic.topic_arn)
+              MU.log "Deleted SNS topic: #{topic.topic_arn}"
+            end
+          }
+        end
+
+        # Canonical Amazon Resource Number for this resource
+        # @return [String]
+        def arn
+          "arn:"+(MU::Cloud::AWS.isGovCloud?(@config["region"]) ? "aws-us-gov" : "aws")+":sns:"+@config['region']+":"+MU::Cloud::AWS.credToAcct(@config['credentials'])+":"+@cloud_id
+        end
+
+        # Return the metadata for this user cofiguration
+        # @return [Hash]
+        def notify
+          desc = MU::Cloud::AWS.sns(region: @config["region"], credentials: @config["credentials"]).get_topic_attributes(topic_arn: arn).attributes
+          MU.structToHash(desc)
+        end
+
+        # Locate an existing notifier.
+        # @param cloud_id [String]: The cloud provider's identifier for this resource.
+        # @param region [String]: The cloud provider region.
+        # @param flags [Hash]: Optional flags
+        # @return [OpenStruct]: The cloud provider's complete descriptions of matching notifier.
+        def self.find(cloud_id: nil, region: MU.curRegion, credentials: nil, flags: {})
+          found = {}
+          if cloud_id
+            arn = "arn:"+(MU::Cloud::AWS.isGovCloud?(region) ? "aws-us-gov" : "aws")+":sns:"+region+":"+MU::Cloud::AWS.credToAcct(credentials)+":"+cloud_id
+            desc = MU::Cloud::AWS.sns(region: region, credentials: credentials).get_topic_attributes(topic_arn: arn).attributes
+            found[cloud_id] = desc if desc
+          end
+          found
+        end
+
+        # Cloud-specific configuration properties.
+        # @param config [MU::Config]: The calling MU::Config object
+        # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
+        def self.schema(config)
+          toplevel_required = []
+          schema = {
+            "subscriptions" => {
+              "type" => "array",
+              "items" => {
+                "type" => "object",
+                "required" => ["endpoint"],
+                "properties" => {
+                  "type" => {
+                    "type" => "string",
+                    "description" => "",
+                    "enum" => ["http", "https", "email", "email-json", "sms", "sqs", "application", "lambda"]
+                  }
+                }
+              }
+            }
+
+          }
+          [toplevel_required, schema]
+        end
+
+        # Cloud-specific pre-processing of {MU::Config::BasketofKittens::notifier}, bare and unvalidated.
+
+        # @param notifier [Hash]: The resource to process and validate
+        # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+        # @return [Boolean]: True if validation succeeded, False otherwise
+        def self.validateConfig(notifier, configurator)
+          ok = true
+
+          if notifier['subscriptions']
+            notifier['subscriptions'].each { |sub|
+              if !sub["type"]
+                if sub["endpoint"].match(/^http:/i)
+                  sub["type"] = "http"
+                elsif sub["endpoint"].match(/^https:/i)
+                  sub["type"] = "https"
+                elsif sub["endpoint"].match(/^sqs:/i)
+                  sub["type"] = "sqs"
+                elsif sub["endpoint"].match(/^\+?[\d\-]+$/)
+                  sub["type"] = "sms"
+                elsif sub["endpoint"].match(/\A[\w+\-.]+@[a-z\d\-]+(\.[a-z]+)*\.[a-z]+\z/i)
+                  sub["type"] = "email"
+                else
+                  MU.log "Notifier #{notifier['name']} subscription #{sub['endpoint']} did not specify a type, and I'm unable to guess one", MU::ERR
+                  ok = false
+                end
+              end
+            }
+          end
+
+          ok
+        end
+
+
+        # Subscribe to a notifier group. This can either be an email address, SQS queue, application endpoint, etc...
+        # Will create the subscription only if it doesn't already exist.
+        # @param arn [String]: The cloud provider's identifier of the notifier group.
+        # @param protocol [String]: The type of the subscription (eg. email,https, etc..).
+        # @param endpoint [String]: The endpoint of the subscription. This will depend on the 'protocol' (as an example if protocol is email, endpoint will be the email address) ..
+        # @param region [String]: The cloud provider region.
+        def self.subscribe(arn: nil, protocol: nil, endpoint: nil, region: MU.curRegion, credentials: nil)
+          retries = 0
+          begin 
+            resp = MU::Cloud::AWS.sns(region: region, credentials: credentials).list_subscriptions_by_topic(topic_arn: arn).subscriptions
+          rescue Aws::SNS::Errors::NotFound
+            if retries < 5
+              MU.log "Couldn't find topic #{arn}, retrying several times in case of a lagging resource"
+              retries += 1
+              sleep 30
+              retry
+            else
+              raise MuError, "Couldn't find topic #{arn}, giving up"
+            end
+          end
+
+          already_subscribed = false
+          if resp && !resp.empty?
+            resp.each { |subscription|
+             already_subscribed = true if subscription.protocol == protocol && subscription.endpoint == endpoint
+            }
+          end
+
+          unless already_subscribed
+            MU::Cloud::AWS.sns(region: region, credentials: credentials).subscribe(topic_arn: arn, protocol: protocol, endpoint: endpoint)
+            MU.log "Subscribed #{endpoint} to SNS topic #{arn}"
+          end
+        end
+
+        # Test if a notifier group exists
+        # Create a new notifier group. Will check if the group exists before creating it.
+        # @param topic_name [String]: The cloud provider's name for the notifier group.
+        # @param region [String]: The cloud provider region.
+        # @param account_number [String]: The cloud provider account number.
+        # @return [string]: The cloud provider's identifier.
+        def self.topicExist(topic_name, region: MU.curRegion, account_number: MU.account_number, credentials: nil)
+          arn = "arn:#{MU::Cloud::AWS.isGovCloud?(region) ? "aws-us-gov" : "aws"}:sns:#{region}:#{account_number}:#{topic_name}"
+          match = nil
+          MU::Cloud::AWS.sns(region: region, credentials: credentials).list_topics.topics.each { |topic|
+            if topic.topic_arn == arn
+              match = topic.topic_arn
+              break
+            end
+          }
+          return match
+        end
+
+      end
+    end
+  end
+end