A Terraform module to create an AWS ChatBot Slack channel configuration. This module allows you to set up AWS ChatBot in your Slack channels and subscribe to your SNS topics as required.
This offers an alternative to receiving alerts via PagerDuty as described in the Mod Platform documentation.
It can be used in conjunction with any existing SNS topics to receive alerts directly to Slack and there is no extra cost for using the service!
You might want to use this for non-critical type events that don't need to be raised via PagerDuty e.g. receiving AWS health events, billing alerts or upcoming certificate expiry etc.
Please note that you need to manually setup the Slack client for each AWS account you wish to use with AWS Chatbot by following these steps: https://docs.aws.amazon.com/chatbot/latest/adminguide/slack-setup.html#slack-client-setup
Once this has been actioned you can create as many Slack channel configurations as required using this module.
module "template" {
source = "github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot"
slack_channel_id = "XXXXXXXXXXX"
sns_topic_arns = ["arn:aws:sns:eu-west-2:${local.environment_management.account_ids[terraform.workspace]}:<name-of-sns-topic>"]
tags = local.tags
application_name = local.application_name
}
You can fine-tune the permissions available to AWS Chatbot so that you can control what users receiving the alerts in Slack can do (e.g. query log insights, raise support requests or even trigger lambda functions)
By default the module will assign the arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess
policy to the chatbot iam role. This ensures that users can see information in the alerts on slack for the various alarms that have been triggered etc. You can amend this by supplying an alternative value to the managed_policy_arns
variable.
For more detail on policies you may typically want to assign to the role read https://docs.aws.amazon.com/chatbot/latest/adminguide/chatbot-iam-policies.html
By default this module will assign a Guardrail policy of arn:aws:iam::aws:policy/ReadOnlyAccess
. This will constrain and take precedence over both user roles and channel roles. You can amend this by supplying an alternative value to the guardrail_policies
variable.
For more detail read https://docs.aws.amazon.com/chatbot/latest/adminguide/understanding-permissions.html#channel-guardrails
If you're looking to raise an issue with this module, please create a new issue in the Modernisation Platform repository.
Name | Version |
---|---|
terraform | >= 1.0.1 |
aws | ~> 5.0 |
random | ~> 3.0 |
Name | Version |
---|---|
aws | ~> 5.0 |
random | ~> 3.0 |
No modules.
Name | Type |
---|---|
aws_chatbot_slack_channel_configuration.this | resource |
aws_iam_role.this | resource |
random_string.this | resource |
Name | Description | Type | Default | Required |
---|---|---|---|---|
application_name | Name of application | string |
n/a | yes |
guardrail_policies | A list of IAM policy ARNs that are applied as channel guardrails | list(string) |
[ |
no |
managed_policy_arns | A list of policies arns to attach to the aws chatbot iam role as required | list(string) |
[ |
no |
slack_channel_id | The Slack channel ID. Find the channel ID in Slack by right clicking on the channel in the channel list and copying the link. The channel ID is the string at the end of the URL. | string |
n/a | yes |
slack_team_id | The Slack workspace ID. Defaults to Ministry of Justice Slack workspace | string |
"T02DYEB3A" |
no |
sns_topic_arns | ARNs of SNS topics which delivers notifications to AWS Chatbot, for example CloudWatch alarm notifications. | list(string) |
n/a | yes |
tags | Common tags to be used by all resources | map(string) |
n/a | yes |
Name | Description |
---|---|
aws_chatbot_iam_role | n/a |
aws_chatbot_slack_channel_arn | n/a |
random_suffix | n/a |