cloud-mu 3.2.0 → 3.3.0

data/modules/mu/providers/aws/loadbalancer.rb

@@ -583,6 +583,7 @@ module MU
         # Wrapper for cloud_desc method that deals with elb vs. elb2 resources.
         def cloud_desc(use_cache: true)
           return @cloud_desc_cache if @cloud_desc_cache and use_cache
+          return nil if !@cloud_id
           if @config['classic']
             @cloud_desc_cache = MU::Cloud::AWS.elb(region: @config['region'], credentials: @config['credentials']).describe_load_balancers(
               load_balancer_names: [@cloud_id]
@@ -671,8 +672,8 @@ module MU
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
-          if (MU.deploy_id.nil? or MU.deploy_id.empty?) and (!flags or !flags["vpc_id"])
+        def self.cleanup(noop: false, deploy_id: MU.deploy_id, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+          if (deploy_id.nil? or deploy_id.empty?) and (!flags or !flags["vpc_id"])
             raise MuError, "Can't touch ELBs without MU-ID or vpc_id flag"
           end
 
@@ -682,7 +683,7 @@ module MU
           # @param region [String]: The cloud provider region
           # @param ignoremaster [Boolean]: Whether to ignore the MU-MASTER-IP tag
           # @param classic [Boolean]: Whether to look for a classic ELB instead of an ALB (ELB2)
-          def self.checkForTagMatch(arn, region, ignoremaster, credentials, classic = false)
+          def self.checkForTagMatch(arn, region, ignoremaster, credentials, classic = false, deploy_id: MU.deploy_id)
             tags = []
             if classic
               tags = MU::Cloud::AWS.elb(credentials: credentials, region: region).describe_tags(
@@ -699,7 +700,7 @@ module MU
             if !tags.nil?
               tags.each { |tag|
                 saw_tags << tag.key
-                muid_match = true if tag.key == "MU-ID" and tag.value == MU.deploy_id
+                muid_match = true if tag.key == "MU-ID" and tag.value == deploy_id
                 mumaster_match = true if tag.key == "MU-MASTER-IP" and tag.value == MU.mu_public_ip
               }
             end
@@ -725,9 +726,9 @@ module MU
                 matched = true if lb.vpc_id == flags['vpc_id']
               else
                 if classic
-                  matched = self.checkForTagMatch(lb.load_balancer_name, region, ignoremaster, credentials, classic)
+                  matched = self.checkForTagMatch(lb.load_balancer_name, region, ignoremaster, credentials, classic, deploy_id: deploy_id)
                 else
-                  matched = self.checkForTagMatch(lb.load_balancer_arn, region, ignoremaster, credentials, classic)
+                  matched = self.checkForTagMatch(lb.load_balancer_arn, region, ignoremaster, credentials, classic, deploy_id: deploy_id)
                 end
               end
               if matched
@@ -773,7 +774,7 @@ module MU
 
 
                   tgs.each { |tg|
-                    if self.checkForTagMatch(tg.target_group_arn, region, ignoremaster, credentials)
+                    if self.checkForTagMatch(tg.target_group_arn, region, ignoremaster, credentials, deploy_id: deploy_id)
                       MU.log "Removing Load Balancer Target Group #{tg.target_group_name}"
                       retries = 0
                       begin
@@ -837,7 +838,7 @@ module MU
                (!listener["ssl_certificate_id"].nil? and !listener["ssl_certificate_id"].empty?)
               if lb['cloud'] != "CloudFormation" # XXX or maybe do this anyway?
                 begin
-                  listener["ssl_certificate_id"] = MU::Cloud::AWS.findSSLCertificate(name: listener["ssl_certificate_name"].to_s, id: listener["ssl_certificate_id"].to_s, region: lb['region'])
+                  listener["ssl_certificate_id"] = MU::Cloud::AWS.findSSLCertificate(name: listener["ssl_certificate_name"].to_s, id: listener["ssl_certificate_id"].to_s, region: lb['region']).first
                 rescue MuError
                   ok = false
                   next

data/modules/mu/providers/aws/log.rb

@@ -202,14 +202,14 @@ module MU
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+        def self.cleanup(noop: false, deploy_id: MU.deploy_id, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
           MU.log "AWS::Log.cleanup: need to support flags['known']", MU::DEBUG, details: flags
           MU.log "Placeholder: AWS Log artifacts do not support tags, so ignoremaster cleanup flag has no effect", MU::DEBUG, details: ignoremaster
 
           log_groups = self.find(credentials: credentials, region: region).values
           if !log_groups.empty?
             log_groups.each{ |lg|
-              if lg.log_group_name.match(MU.deploy_id)
+              if lg.log_group_name.match(deploy_id)
                 log_streams = MU::Cloud::AWS.cloudwatchlogs(credentials: credentials, region: region).describe_log_streams(log_group_name: lg.log_group_name).log_streams
                 if !log_streams.empty?
                   log_streams.each{ |ls|
@@ -232,7 +232,7 @@ module MU
 
 #          unless noop
 #            MU::Cloud::AWS.iam(credentials: credentials).list_roles.roles.each{ |role|
-#              match_string = "#{MU.deploy_id}.*CloudTrail"
+#              match_string = "#{deploy_id}.*CloudTrail"
               # Maybe we should have a more generic way to delete IAM profiles and policies. The call itself should be moved from MU::Cloud.resourceClass("AWS", "Server").
 #              MU::Cloud.resourceClass("AWS", "Server").removeIAMProfile(role.role_name) if role.role_name.match(match_string)
 #            }

data/modules/mu/providers/aws/msg_queue.rb

@@ -80,6 +80,7 @@ module MU
         # @return [Hash]: AWS doesn't return anything but the SQS URL, so supplement with attributes
         def cloud_desc(use_cache: true)
           return @cloud_desc_cache if @cloud_desc_cache and use_cache
+          return nil if !@cloud_id
 
           if !@cloud_id
             resp = MU::Cloud::AWS.sqs(region: @config['region'], credentials: @config['credentials']).list_queues(
@@ -133,12 +134,12 @@ module MU
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+        def self.cleanup(noop: false, deploy_id: MU.deploy_id, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
           MU.log "AWS::MsgQueue.cleanup: need to support flags['known']", MU::DEBUG, details: flags
           MU.log "Placeholder: AWS MsgQueue artifacts do not support tags, so ignoremaster cleanup flag has no effect", MU::DEBUG, details: ignoremaster
 
           resp = MU::Cloud::AWS.sqs(credentials: credentials, region: region).list_queues(
-            queue_name_prefix: MU.deploy_id
+            queue_name_prefix: deploy_id
           )
           if resp and resp.queue_urls
             threads = []
@@ -194,7 +195,15 @@ module MU
 
           # Go fetch its attributes
           fetch = if args[:cloud_id]
-            [args[:cloud_id]]
+            if args[:cloud_id] !~ /^https?:\/\//
+              [begin
+                MU::Cloud::AWS.sqs(region: args[:region], credentials: args[:credentials]).get_queue_url(queue_name: args[:cloud_id]).queue_url
+              rescue Aws::SQS::Errors::NonExistentQueue
+                return found
+              end]
+            else
+              [args[:cloud_id]]
+            end
           else
             resp = MU::Cloud::AWS.sqs(region: args[:region], credentials: args[:credentials]).list_queues
             resp.queue_urls

data/modules/mu/providers/aws/nosqldb.rb

@@ -47,7 +47,11 @@ module MU
             }
           end
 
+          type_map = {}
+
           @config['attributes'].each { |attr|
+            type_map[attr['name']] = attr['type']
+
             params[:attribute_definitions] << {
               :attribute_name => attr['name'],
               :attribute_type => attr['type']
@@ -67,6 +71,11 @@ module MU
               }
             end
           }
+          # apparently the HASH key always has to be before RANGE, so sort it
+          # lexically by that field and call it a day
+          params[:key_schema].sort! { |a, b|
+            a[:key_type] <=> b[:key_type]
+          }
 
           if @config['secondary_indexes']
             @config['secondary_indexes'].each { |idx|
@@ -99,7 +108,11 @@ module MU
             }
           end
 
-          MU.log "Creating DynamoDB table #{@mu_name}", details: params
+          if @tags
+            params[:tags] = @tags.each_key.map { |k| { :key => k, :value => @tags[k] } }
+          end
+
+          MU.log "Creating DynamoDB table #{@mu_name}", MU::NOTICE, details: params
 
           resp = MU::Cloud::AWS.dynamo(credentials: @config['credentials'], region: @config['region']).create_table(params)
           @cloud_id = @mu_name
@@ -109,8 +122,24 @@ module MU
             sleep 5 if resp.table.table_status == "CREATING"
           end while resp.table.table_status == "CREATING"
 
-
           tagTable if !@config['scrub_mu_isms']
+
+          if @config['populate'] and !@config['populate'].empty?
+            MU.log "Preloading #{@mu_name} with #{@config['populate'].size.to_s} items"
+            items_to_write = @config['populate'].dup
+            begin
+              batch = items_to_write.slice!(0, (items_to_write.length >= 25 ? 25 : items_to_write.length))
+              begin
+                MU::Cloud::AWS.dynamo(credentials: @config['credentials'], region: @config['region']).batch_write_item(
+                  request_items: {
+                    @cloud_id => batch.map { |i| { put_request: { item: i } } }
+                  }
+                )
+              rescue ::Aws::DynamoDB::Errors::ValidationException => e
+                MU.log e.message, MU::ERR, details: item
+              end
+            end while !items_to_write.empty?
+          end
         end
 
         # Apply tags to this DynamoDB table
@@ -143,6 +172,7 @@ module MU
         # Called automatically by {MU::Deploy#createResources}
         def groom
           tagTable if !@config['scrub_mu_isms']
+          MU.log "NoSQL Table #{@config['name']}: #{@cloud_id}", MU::SUMMARY
         end
 
         # Does this resource type exist as a global (cloud-wide) artifact, or
@@ -163,7 +193,7 @@ module MU
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+        def self.cleanup(noop: false, deploy_id: MU.deploy_id, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
           MU.log "AWS::NoSQLDb.cleanup: need to support flags['known']", MU::DEBUG, details: flags
 
           resp = MU::Cloud::AWS.dynamo(credentials: credentials, region: region).list_tables
@@ -183,7 +213,7 @@ module MU
                   deploy_match = false
                   master_match = false
                   tags.tags.each { |tag|
-                    if tag.key == "MU-ID" and tag.value == MU.deploy_id
+                    if tag.key == "MU-ID" and tag.value == deploy_id
                       deploy_match = true
                     elsif tag.key == "MU-MASTER-IP" and tag.value == MU.mu_public_ip
                       master_match = true
@@ -214,7 +244,8 @@ module MU
         # Return the metadata for this user cofiguration
         # @return [Hash]
         def notify
-          MU.structToHash(cloud_desc)
+          return nil if !@cloud_id or !cloud_desc(use_cache: false)
+          MU.structToHash(cloud_desc, stringify_keys: true)
         end
 
         # Locate an existing DynamoDB table
@@ -244,6 +275,59 @@ module MU
           found
         end
 
+        # Reverse-map our cloud description into a runnable config hash.
+        # We assume that any values we have in +@config+ are placeholders, and
+        # calculate our own accordingly based on what's live in the cloud.
+        def toKitten(**_args)
+          bok = {
+            "cloud" => "AWS",
+            "credentials" => @config['credentials'],
+            "cloud_id" => @cloud_id,
+            "region" => @config['region']
+          }
+
+          if !cloud_desc
+            MU.log "toKitten failed to load a cloud_desc from #{@cloud_id}", MU::ERR, details: @config
+            return nil
+          end
+          bok['name'] = cloud_desc.table_name
+          bok['read_capacity'] = cloud_desc.provisioned_throughput.read_capacity_units
+          bok['write_capacity'] = cloud_desc.provisioned_throughput.write_capacity_units
+
+
+          cloud_desc.attribute_definitions.each { |attr|
+            bok['attributes'] ||= []
+            newattr = {
+              "name" => attr.attribute_name,
+              "type" => attr.attribute_type
+            }
+            if cloud_desc.key_schema
+              cloud_desc.key_schema.each { |key|
+                next if key.attribute_name == attr.attribute_name
+                if key.key_type == "RANGE"
+                  newattr["primary_partition"] = true
+                elsif key.key_type == "HASH"
+                  newattr["primary_sort"] = true
+                end
+              }
+            end
+            bok['attributes'] << newattr
+          }
+
+          if cloud_desc.stream_specification and cloud_desc.stream_specification.stream_enabled
+
+            bok['stream'] = cloud_desc.stream_specification.stream_view_type
+#            cloud_desc.latest_stream_arn
+#            MU::Cloud::AWS.dynamostream(credentials: @credentials, region: @config['region']).list_streams
+          end
+
+          bok["populate"] = MU::Cloud::AWS.dynamo(credentials: @credentials, region: @config['region']).scan(
+            table_name: @cloud_id
+          ).items
+
+          bok
+        end
+
         # Cloud-specific configuration properties.
         # @param _config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
@@ -252,6 +336,13 @@ module MU
 
 
           schema = {
+            "populate" => {
+              "type" => "array",
+              "items" => {
+                "type" => "object",
+                "description" => "Key-value pairs, compatible with the +attributes+ schema, with which to populate this +table+ during its initial creation."
+              }
+            },
             "attributes" => {
               "type" => "array",
               "minItems" => 1,

data/modules/mu/providers/aws/notifier.rb

@@ -27,8 +27,8 @@ module MU
 
         # Called automatically by {MU::Deploy#createResources}
         def create
-          MU::Cloud::AWS.sns(region: @config['region'], credentials: @config['credentials']).create_topic(name: @mu_name)
           @cloud_id = @mu_name
+          MU::Cloud::AWS.sns(region: @config['region'], credentials: @config['credentials']).create_topic(name: @cloud_id)
           MU.log "Created SNS topic #{@mu_name}"
         end
 
@@ -36,17 +36,48 @@ module MU
         def groom
           if @config['subscriptions']
             @config['subscriptions'].each { |sub|
-              MU::Cloud::AWS::Notifier.subscribe(
-                arn: arn,
-                endpoint: sub['endpoint'],
-                region: @config['region'],
-                credentials: @config['credentials'],
-                protocol: sub['type']
-              )
+              if sub['resource'] and !sub['endpoint']
+                endpoint_obj = nil
+                MU.retrier([], max: 5, wait: 9, loop_if: Proc.new { endpoint_obj.nil? }) {
+                  endpoint_obj = MU::Config::Ref.get(sub['resource']).kitten(@deploy)
+                }
+                sub['endpoint'] = endpoint_obj.arn
+              end
+              subscribe(sub['endpoint'], sub['type'])
             }
           end
         end
 
+        # Subscribe something to this SNS topic
+        # @param endpoint [String]: The address, identifier, or ARN of the resource being subscribed
+        # @param protocol [String]: The protocol being subscribed
+        def subscribe(endpoint, protocol)
+          self.class.subscribe(arn, endpoint, protocol, region: @config['region'], credentials: @credentials)
+        end
+
+        # Subscribe something to an SNS topic
+        # @param cloud_id [String]: The short name or ARN of an existing SNS topic
+        # @param endpoint [String]: The address, identifier, or ARN of the resource being subscribed
+        # @param protocol [String]: The protocol being subscribed
+        # @param region [String]: The region of the target SNS topic
+        # @param credentials [String]: 
+        def self.subscribe(cloud_id, endpoint, protocol, region: nil, credentials: nil)
+          topic = find(cloud_id: cloud_id, region: region, credentials: credentials).values.first
+          if !topic
+            raise MuError, "Failed to find SNS Topic #{cloud_id} in #{region}"
+          end
+          arn = topic["TopicArn"]
+
+          resp = MU::Cloud::AWS.sns(region: region, credentials: credentials).list_subscriptions_by_topic(topic_arn: arn).subscriptions
+
+          resp.each { |subscription|
+            return subscription if subscription.protocol == protocol and subscription.endpoint == endpoint
+          }
+
+          MU.log "Subscribing #{endpoint} (#{protocol}) to SNS topic #{arn}", MU::NOTICE
+          MU::Cloud::AWS.sns(region: region, credentials: credentials).subscribe(topic_arn: arn, protocol: protocol, endpoint: endpoint)
+        end
+
         # Does this resource type exist as a global (cloud-wide) artifact, or
         # is it localized to a region/zone?
         # @return [Boolean]
@@ -65,12 +96,12 @@ module MU
         # @param ignoremaster [Boolean]: If true, will remove resources not flagged as originating from this Mu server
         # @param region [String]: The cloud provider region
         # @return [void]
-        def self.cleanup(noop: false, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
+        def self.cleanup(noop: false, deploy_id: MU.deploy_id, ignoremaster: false, region: MU.curRegion, credentials: nil, flags: {})
           MU.log "AWS::Notifier.cleanup: need to support flags['known']", MU::DEBUG, details: flags
           MU.log "Placeholder: AWS Notifier artifacts do not support tags, so ignoremaster cleanup flag has no effect", MU::DEBUG, details: ignoremaster
 
           MU::Cloud::AWS.sns(region: region, credentials: credentials).list_topics.topics.each { |topic|
-            if topic.topic_arn.match(MU.deploy_id)
+            if topic.topic_arn.match(deploy_id)
               # We don't have a way to tag our SNS topics, so we will delete any topic that has the MU-ID in its ARN. 
               # This may fail to find notifier groups in some cases (eg. cache_cluster) so we might want to delete from each API as well.
               MU.log "Deleting SNS topic: #{topic.topic_arn}"
@@ -91,6 +122,7 @@ module MU
         # Return the metadata for this user cofiguration
         # @return [Hash]
         def notify
+          return nil if !@cloud_id or !cloud_desc(use_cache: false)
           desc = MU::Cloud::AWS.sns(region: @config["region"], credentials: @config["credentials"]).get_topic_attributes(topic_arn: arn).attributes
           MU.structToHash(desc)
         end
@@ -101,9 +133,16 @@ module MU
           found = {}
 
           if args[:cloud_id]
-            arn = "arn:"+(MU::Cloud::AWS.isGovCloud?(args[:region]) ? "aws-us-gov" : "aws")+":sns:"+args[:region]+":"+MU::Cloud::AWS.credToAcct(args[:credentials])+":"+args[:cloud_id]
-            desc = MU::Cloud::AWS.sns(region: args[:region], credentials: args[:credentials]).get_topic_attributes(topic_arn: arn).attributes
-            found[args[:cloud_id]] = desc if desc
+            arn = if args[:cloud_id].match(/^arn:/)
+              args[:cloud_id] 
+            else
+              "arn:"+(MU::Cloud::AWS.isGovCloud?(args[:region]) ? "aws-us-gov" : "aws")+":sns:"+args[:region]+":"+MU::Cloud::AWS.credToAcct(args[:credentials])+":"+args[:cloud_id]
+            end
+            begin
+              desc = MU::Cloud::AWS.sns(region: args[:region], credentials: args[:credentials]).get_topic_attributes(topic_arn: arn).attributes
+              found[args[:cloud_id]] = desc if desc
+            rescue ::Aws::SNS::Errors::NotFound
+            end
           else
             next_token = nil
             begin
@@ -120,6 +159,58 @@ module MU
           found
         end
 
+        # Reverse-map our cloud description into a runnable config hash.
+        # We assume that any values we have in +@config+ are placeholders, and
+        # calculate our own accordingly based on what's live in the cloud.
+        def toKitten(**_args)
+          bok = {
+            "cloud" => "AWS",
+            "credentials" => @config['credentials'],
+            "cloud_id" => @cloud_id,
+            "region" => @config['region']
+          }
+
+          if !cloud_desc
+            MU.log "toKitten failed to load a cloud_desc from #{@cloud_id}", MU::ERR, details: @config
+            return nil
+          end
+
+          bok['name'] = cloud_desc["DisplayName"].empty? ? @cloud_id : cloud_desc["DisplayName"]
+          svcmap = {
+            "lambda" => "functions",
+            "sqs" => "msg_queues"
+          }
+          MU::Cloud::AWS.sns(region: @config['region'], credentials: @credentials).list_subscriptions_by_topic(topic_arn: cloud_desc["TopicArn"]).subscriptions.each { |sub|
+            bok['subscriptions'] ||= []
+
+            bok['subscriptions'] << if sub.endpoint.match(/^arn:[^:]+:(sqs|lambda):([^:]+):(\d+):.*?([^:\/]+)$/)
+              _wholestring, service, region, account, id = Regexp.last_match.to_a
+              {
+                "type" => sub.protocol,
+                "resource" => MU::Config::Ref.get(
+                  type: svcmap[service],
+                  region: region,
+                  credentials: @credentials,
+                  id: id,
+                  cloud: "AWS",
+                  habitat: MU::Config::Ref.get(
+                    id: account,
+                    cloud: "AWS",
+                    credentials: @credentials
+                  )
+                )
+              }
+            else
+              {
+                "type" => sub.protocol,
+                "endpoint" => sub.endpoint
+              }
+            end
+          }
+
+          bok
+        end
+
         # Cloud-specific configuration properties.
         # @param _config [MU::Config]: The calling MU::Config object
         # @return [Array<Array,Hash>]: List of required fields, and json-schema Hash of cloud-specific configuration parameters for this resource
@@ -130,11 +221,10 @@ module MU
               "type" => "array",
               "items" => {
                 "type" => "object",
-                "required" => ["endpoint"],
                 "properties" => {
                   "type" => {
                     "type" => "string",
-                    "description" => "",
+                    "description" => "Type of endpoint or resource which should receive notifications. If not specified, will attempt to auto-detect.",
                     "enum" => ["http", "https", "email", "email-json", "sms", "sqs", "application", "lambda"]
                   }
                 }
@@ -148,26 +238,42 @@ module MU
         # Cloud-specific pre-processing of {MU::Config::BasketofKittens::notifier}, bare and unvalidated.
 
         # @param notifier [Hash]: The resource to process and validate
-        # @param _configurator [MU::Config]: The overall deployment configurator of which this resource is a member
+        # @param configurator [MU::Config]: The overall deployment configurator of which this resource is a member
         # @return [Boolean]: True if validation succeeded, False otherwise
-        def self.validateConfig(notifier, _configurator)
+        def self.validateConfig(notifier, configurator)
           ok = true
 
           if notifier['subscriptions']
             notifier['subscriptions'].each { |sub|
+              if sub['resource'] and configurator.haveLitterMate?(sub['resource']['name'], sub['resource']['type'])
+                sub['resource']['cloud'] = "AWS"
+                MU::Config.addDependency(notifier, sub['resource']['name'], sub['resource']['type'])
+              end
               if !sub["type"]
-                if sub["endpoint"].match(/^http:/i)
-                  sub["type"] = "http"
-                elsif sub["endpoint"].match(/^https:/i)
-                  sub["type"] = "https"
-                elsif sub["endpoint"].match(/^sqs:/i)
-                  sub["type"] = "sqs"
-                elsif sub["endpoint"].match(/^\+?[\d\-]+$/)
-                  sub["type"] = "sms"
-                elsif sub["endpoint"].match(/\A[\w+\-.]+@[a-z\d\-]+(\.[a-z]+)*\.[a-z]+\z/i)
-                  sub["type"] = "email"
-                else
-                  MU.log "Notifier #{notifier['name']} subscription #{sub['endpoint']} did not specify a type, and I'm unable to guess one", MU::ERR
+                sub['type'] = if sub['resource']
+                  if sub['resource']['type'] == "functions"
+                    "lambda"
+                  elsif sub['resource']['type'] == "msg_queues"
+                    "sqs"
+                  end
+                elsif sub['endpoint']
+                  if sub["endpoint"].match(/^http:/i)
+                    "http"
+                  elsif sub["endpoint"].match(/^https:/i)
+                    "https"
+                  elsif sub["endpoint"].match(/:sqs:/i)
+                    "sqs"
+                  elsif sub["endpoint"].match(/:lambda:/i)
+                    "lambda"
+                  elsif sub["endpoint"].match(/^\+?[\d\-]+$/)
+                    "sms"
+                  elsif sub["endpoint"].match(/\A[\w+\-.]+@[a-z\d\-]+(\.[a-z]+)*\.[a-z]+\z/i)
+                    "email"
+                  end
+                end
+
+                if !sub['type']
+                  MU.log "Notifier #{notifier['name']} subscription did not specify a type, and I'm unable to guess one", MU::ERR, details: sub
                   ok = false
                 end
               end
@@ -178,40 +284,6 @@ module MU
         end
 
 
-        # Subscribe to a notifier group. This can either be an email address, SQS queue, application endpoint, etc...
-        # Will create the subscription only if it doesn't already exist.
-        # @param arn [String]: The cloud provider's identifier of the notifier group.
-        # @param protocol [String]: The type of the subscription (eg. email,https, etc..).
-        # @param endpoint [String]: The endpoint of the subscription. This will depend on the 'protocol' (as an example if protocol is email, endpoint will be the email address) ..
-        # @param region [String]: The cloud provider region.
-        def self.subscribe(arn: nil, protocol: nil, endpoint: nil, region: MU.curRegion, credentials: nil)
-          retries = 0
-          begin 
-            resp = MU::Cloud::AWS.sns(region: region, credentials: credentials).list_subscriptions_by_topic(topic_arn: arn).subscriptions
-          rescue Aws::SNS::Errors::NotFound
-            if retries < 5
-              MU.log "Couldn't find topic #{arn}, retrying several times in case of a lagging resource"
-              retries += 1
-              sleep 30
-              retry
-            else
-              raise MuError, "Couldn't find topic #{arn}, giving up"
-            end
-          end
-
-          already_subscribed = false
-          if resp && !resp.empty?
-            resp.each { |subscription|
-             already_subscribed = true if subscription.protocol == protocol && subscription.endpoint == endpoint
-            }
-          end
-
-          unless already_subscribed
-            MU::Cloud::AWS.sns(region: region, credentials: credentials).subscribe(topic_arn: arn, protocol: protocol, endpoint: endpoint)
-            MU.log "Subscribed #{endpoint} to SNS topic #{arn}"
-          end
-        end
-
         # Test if a notifier group exists
         # Create a new notifier group. Will check if the group exists before creating it.
         # @param topic_name [String]: The cloud provider's name for the notifier group.