Sending notifications to Slack using AWS Chatbot.

Jose López
August 3rd, 2020 · 2 min read

What is AWS Chatbot?

AWS Chatbot is an interactive agent for “ChatOps” that makes it easy to monitor and interact with your AWS resources in your Slack channels and Amazon Chime chat rooms. AWS Chatbot is free to use. It supports the following services.

  • Amazon CloudWatch
  • AWS Health
  • AWS Budgets
  • AWS Security Hub
  • Amazon GuardDuty
  • AWS CloudFormation
  • AWS Codepipeline/CodeBuild

In a previous article of the series of articles on monitoring, we shown how to create a custom Lambda function and a SNS topic to send CloudWatch alarms to Slack. A few months ago, AWS made the Chatbot service generally available, so we are going to switch our Lambda function for AWS Chatbot.

Set up AWS Chatbot

Authorize Chatbot to post to Slack

First of all, we need to authorize AWS Chatbot to send messages to our Slack. To do that, we have to perform these steps from the console:

Open the AWS Chatbot console at https://console.aws.amazon.com/chatbot/.

Under Configure a chat client, choose Slack, then choose Configure client.

From the dropdown list at the top right, choose the Slack workspace that you want to use with AWS Chatbot and choose Allow.

Terraform module to manage Chatbot

Chatbot was launched without API support. This means it has no native Terraform support. However, it supports configuration via CloudFormation. So, we are going to use a Terraform module that launches a CloudFormation stack behind the scenes to workaround this limitation.

The Terraform code of this module is available on OBytes GitHub public repos.

This module creates a AWS::Chatbot::SlackChannelConfiguration resource that maps a SNS topic to a Chatbot configuration. So, we send notifications to that SNS topic and Chatbot handles the process of sending messages to Slack.

Sending notifications to Slack using the Chatbot Terraform module

To send notifications, for example, when an AWS CodePipeline project starts or finishes, we will create a SNS topic and configure Chatbot to map that SNS topic. Then, we create an aws_codestarnotifications_notification_rule that notifies the SNS topic when one of these events occur. Besides this, we need to create an IAM role for Chatbot.

In the following snippet of code, we show how to send notifications to Slack when an AWS CodePipeline project starts or finishes using our Chatbot module.

1resource "aws_sns_topic" "alerts_ci_slack_notifications_sns_topic" {
2 name = "alerts-ci-slack-notifications"
3}
4
5resource "aws_sns_topic_policy" "alerts_ci_slack_notifications_sns_topic_policy" {
6 arn = aws_sns_topic.alerts_ci_slack_notifications_sns_topic.arn
7 policy = data.aws_iam_policy_document.alerts_ci_slack_notifications_sns_topic_access.json
8}
9
10data "aws_iam_policy_document" "alerts_ci_slack_notifications_sns_topic_access" {
11 statement {
12 actions = ["sns:Publish"]
13
14 principals {
15 type = "Service"
16 identifiers = [
17 "codestar-notifications.amazonaws.com"
18 ]
19 }
20
21 resources = [aws_sns_topic.alerts_ci_slack_notifications_sns_topic.arn]
22 }
23}
24
25resource "aws_codepipeline" "cd" {
26 ...
27}
28
29resource "aws_codestarnotifications_notification_rule" "aws_codestarnotifications_notification_rule_codepipeline" {
30 count = var.slack_notifications_enabled ? 1 : 0
31
32 detail_type = "BASIC"
33 event_type_ids = [
34 "codepipeline-pipeline-pipeline-execution-failed",
35 "codepipeline-pipeline-pipeline-execution-canceled",
36 "codepipeline-pipeline-pipeline-execution-started",
37 "codepipeline-pipeline-pipeline-execution-resumed",
38 "codepipeline-pipeline-pipeline-execution-succeeded",
39 "codepipeline-pipeline-pipeline-execution-superseded"
40 ]
41
42 name = "alerts-ci-slack-notification-rule-codepipeline"
43 resource = aws_codepipeline.cd.arn
44
45 target {
46 address = aws_sns_topic.alerts_ci_slack_notifications_sns_topic.arn
47 }
48}
49
50resource "aws_iam_policy" "chatbot_iam_policy" {
51 path = "/"
52 description = "chatbot-iam-policy"
53 policy = data.aws_iam_policy_document.chatbot_iam_policy_document.json
54 name = "chatbot-iam-policy"
55}
56
57data "aws_iam_policy_document" "chatbot_iam_policy_document" {
58 statement {
59 actions = [
60 "cloudwatch:Describe*",
61 "cloudwatch:Get*",
62 "cloudwatch:List*"
63 ]
64
65 resources = ["*"]
66 }
67}
68
69resource "aws_iam_role" "chatbot_iam_role" {
70 name = "chatbot-iam-role"
71
72 assume_role_policy = data.aws_iam_policy_document.chatbot_assume
73}
74
75data "aws_iam_policy_document" "chatbot_assume" {
76 statement {
77 actions = [
78 "sts:AssumeRole",
79 ]
80
81 principals {
82 type = "Service"
83
84 identifiers = [
85 "chatbot.amazonaws.com.com",
86 ]
87 }
88 }
89}
90
91resource "aws_iam_role_policy_attachment" "chatbot_iam_role_policy_attachment" {
92 role = aws_iam_role.chatbot_iam_role.id
93 policy_arn = aws_iam_policy.chatbot_iam_policy.arn
94}
95
96module "chatbot" {
97 source = "./terraform-aws-chatbot-slack"
98
99 configuration_name = "CI alerts"
100 iam_role_arn = aws_iam_role.chatbot_iam_role.arn
101 slack_channel_id = "ABCDEFGH"
102 slack_workspace_id = "I342UFDS"
103
104 sns_topic_arns = [
105 aws_sns_topic.alerts_ci_slack_notifications_sns_topic.name
106 ]
107}

How does this look?

Once you finish the set up, you will start receiving notifications on Slack like this one.

And that’s all folks! If you have any doubt, feel free to reach me out using the comments or via Twitter (@kstromeiraos).

More articles from Obytes

Our product development process for building successful products

This article is a guide to how we do product development at Obytes

June 30th, 2020 · 3 min read

Math can be fun for frontend developers [Part1].

basic maths front-end developers need to know.

June 3rd, 2020 · 12 min read

ABOUT US

Our mission and ambition is to challenge the status quo, by doing things differently we nurture our love for craft and technology allowing us to create the unexpected.