/pagerduty-oncall-slack-bot

PagerDuty OnCall Slack bot

Primary LanguageJavaScriptMIT LicenseMIT

PagerDuty OnCall Slack bot

Local development

  1. vagrant up
  2. vagrant ssh
  3. cd /vagrant
  4. npm install
  5. npm test

Deploying

Follow these steps to configure the slash command in Slack:

  1. Navigate to https://.slack.com/services/new
  2. Search for and select "Slash Commands".
  3. Enter a name for your command and click "Add Slash Command Integration".
  4. Copy the token string from the integration settings and use it in the next section.
  5. After you complete the deployment to AWS, enter the provided API endpoint URL in the URL field.

Follow these steps to encrypt your Slack token for use in this function:

  1. Create a KMS key - http://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html.
  2. Give your function's role the permission for the kms:Decrypt action.
  3. Encrypt the Slack token using the AWS CLI: $ aws kms encrypt --region <region> --key-id alias/<KMS key name> --plaintext "<SLACK_TOKEN>"
  4. Copy the base-64 encoded, encrypted key (CiphertextBlob) to the relevant kmsEncyptedSlackToken configuration key value in index.js.
  5. Obtain a read-only PagerDuty API V2 key - https://support.pagerduty.com/hc/en-us/articles/202829310-Generating-an-API-Key
  6. Encrypt the PagerDuty API key using the AWS CLI: $ aws kms encrypt --region <region> --key-id alias/<KMS key name> --plaintext "<PAGERDUTY_KEY>"
  7. Copy the base-64 encoded, encrypted key (CiphertextBlob) to the relevate kmsEncryptedPagerDutyApiToken configuration key value in index.js.
  8. Obtain a Slack API token for testing and development: https://api.slack.com/docs/oauth-test-tokens
  9. Encrypt the Slack API token using the AWS CLI: $ aws kms encrypt --region <region> --key-id alias/<KMS key name> --plaintext "<API_TOKEN>"
  10. Copy the base-64 encoded, encrypted token (CiphertextBlob) to the relevate kmsEncryptedSlackApiToken configuration key value in index.js.

Example role permission:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "kms:Decrypt"
      ],
      "Resource": [
        "<your KMS key ARN>"
      ]
    }
  ]
}

Follow these steps to deploy the AWS Lambda function:

  1. aws configure
  2. serverless deploy
  3. Update the URL for your Slack slash command with the invocation URL for the created API resource in the prod stage.
  4. serverless invoke --function slack --path event.json

Todo

  • allow filtering by policy
  • allow filtering by escalation level