Skip to content

A Terraform module to create an AWS ChatBot Slack configuration. • This repository is defined and managed in Terraform

License

Notifications You must be signed in to change notification settings

ministryofjustice/modernisation-platform-terraform-aws-chatbot

Repository files navigation

Modernisation Platform Terraform AWS ChatBot

Standards Icon Format Code Icon Scorecards Icon SCA Icon Terraform SCA Icon

A Terraform module to create an AWS ChatBot Slack channel configuration. This module allows you to set up AWS ChatBot in your Slack channels and subscribe to your SNS topics as required.

This offers an alternative to receiving alerts via PagerDuty as described in the Mod Platform documentation.

It can be used in conjunction with any existing SNS topics to receive alerts directly to Slack and there is no extra cost for using the service!

You might want to use this for non-critical type events that don't need to be raised via PagerDuty e.g. receiving AWS health events, billing alerts or upcoming certificate expiry etc.

Initial Setup Required

Please note that you need to manually setup the Slack client for each AWS account you wish to use with AWS Chatbot by following these steps: https://docs.aws.amazon.com/chatbot/latest/adminguide/slack-setup.html#slack-client-setup

Once this has been actioned you can create as many Slack channel configurations as required using this module.

Usage

module "template" {

  source = "github.com/ministryofjustice/modernisation-platform-terraform-aws-chatbot"

  slack_channel_id = "XXXXXXXXXXX"
  sns_topic_arns   = ["arn:aws:sns:eu-west-2:${local.environment_management.account_ids[terraform.workspace]}:<name-of-sns-topic>"]
  tags             = local.tags
  application_name = local.application_name

}

Permissions

You can fine-tune the permissions available to AWS Chatbot so that you can control what users receiving the alerts in Slack can do (e.g. query log insights, raise support requests or even trigger lambda functions)

By default the module will assign the arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess policy to the chatbot iam role. This ensures that users can see information in the alerts on slack for the various alarms that have been triggered etc. You can amend this by supplying an alternative value to the managed_policy_arns variable.
For more detail on policies you may typically want to assign to the role read https://docs.aws.amazon.com/chatbot/latest/adminguide/chatbot-iam-policies.html

By default this module will assign a Guardrail policy of arn:aws:iam::aws:policy/ReadOnlyAccess. This will constrain and take precedence over both user roles and channel roles. You can amend this by supplying an alternative value to the guardrail_policies variable.
For more detail read https://docs.aws.amazon.com/chatbot/latest/adminguide/understanding-permissions.html#channel-guardrails

Looking for issues?

If you're looking to raise an issue with this module, please create a new issue in the Modernisation Platform repository.

Requirements

Name Version
terraform >= 1.0.1
aws ~> 5.0
random ~> 3.0

Providers

Name Version
aws ~> 5.0
random ~> 3.0

Modules

No modules.

Resources

Name Type
aws_chatbot_slack_channel_configuration.this resource
aws_iam_role.this resource
random_string.this resource

Inputs

Name Description Type Default Required
application_name Name of application string n/a yes
guardrail_policies A list of IAM policy ARNs that are applied as channel guardrails list(string)
[
"arn:aws:iam::aws:policy/ReadOnlyAccess"
]
no
managed_policy_arns A list of policies arns to attach to the aws chatbot iam role as required list(string)
[
"arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess"
]
no
slack_channel_id The Slack channel ID. Find the channel ID in Slack by right clicking on the channel in the channel list and copying the link. The channel ID is the string at the end of the URL. string n/a yes
slack_team_id The Slack workspace ID. Defaults to Ministry of Justice Slack workspace string "T02DYEB3A" no
sns_topic_arns ARNs of SNS topics which delivers notifications to AWS Chatbot, for example CloudWatch alarm notifications. list(string) n/a yes
tags Common tags to be used by all resources map(string) n/a yes

Outputs

Name Description
aws_chatbot_iam_role n/a
aws_chatbot_slack_channel_arn n/a
random_suffix n/a

About

A Terraform module to create an AWS ChatBot Slack configuration. • This repository is defined and managed in Terraform

Topics

Resources

License

Code of conduct

Security policy

Stars

Watchers

Forks

Packages

No packages published