Terraform module setting up Slack notifications from AWS using AWS Chatbot.
This module creates a Slack channel configuration in AWS Chatbot, an SNS topic which Chatbot is subsribed to as well as IAM permissions required for supported services to publish to the SNS topic.
See Using AWS Chatbot with other AWS services for supported sources of notifications.
Additionally an IAM role for Chatbot itself is created which defines what Chatbot can do via Slack commands. Permissions corresponding to the policy templates provided by the AWS Chatbot console are supported by this module.
Currently this module creates a CloudWatch Events rule forwarding AWS Health events to AWS Chatbot. AWS Config, GuardDuty and Security Hub should follow.
Implementation note: Since terraform does not support AWS Chatbot yet this module uses a CloudFormation Stack resource to create the slack channel configuration.
NOTE: Before applying this module AWS Chatbot has to be manually authorized to access the Slack workspace in question by performing steps 1 to 4 of Setting up AWS Chatbot with Slack.
See example.
Name | Version |
---|---|
terraform | >= 0.12 |
Name | Version |
---|---|
aws | n/a |
Name | Description | Type | Default | Required |
---|---|---|---|---|
chatbot_config_name | Name of Slack channel configuration in AWS Chatbot. | string |
n/a | yes |
chatbot_role_allow_labmda_invoke | Allow users to invoke Lambda functions from Slack. | bool |
false |
no |
chatbot_role_allow_notifications | Grant read access for CloudWatch to AWS Chatbot. Enables Chatbot to e.g. show metrics graphs and users to invoke cloudwatch commands in Slack. |
bool |
true |
no |
chatbot_role_allow_read_only_access | Provide users with read access to all AWS resources from within Slack. | bool |
false |
no |
chatbot_role_allow_support_access | Allow users to interact with AWS support from Slack. | bool |
false |
no |
chatbot_role_permissions_boundary_policy_arn | IAM policy document to use as permissions boundary in the Chatbot IAM role. Useful in combination with read only access to limit resources that can be accessed from Slack. |
string |
"" |
no |
enabled | Whether to create resources or not. | bool |
true |
no |
kms_key_id | KMS key id to use with SNS topic. | string |
"" | no |
log_level | Log level AWS Chatbot should use. Possible values are ERROR, INFO, NONE. | string |
"INFO" |
no |
slack_channel_id | ID of the Slack channel configure with AWS Chatbot. Can be determined by right-clicking the channel in Slack and choosing copy link. The channel ID is the last part of the copied URL. |
string |
n/a | yes |
slack_workspace_id | ID of the Slack workspace containing the channel to use with AWS Chatbot. Can be found in the AWS Chatbot console. |
string |
n/a | yes |
sns_topic_name | Name of SNS topic to subscribe AWS Chatbot to. | string |
n/a | yes |
Name | Description |
---|---|
iam_role_arn | ARN of IAM role assigned to AWS Chatbot. |
iam_role_name | Name of IAM role assigned to AWS Chatbot. |
sns_topic_arn | ARN of SNS topic which AWS Chatbot is subscribed to. |