AWS Notify Slack Terraform module
This module creates an SNS topic (or uses an existing one) and an AWS Lambda function that sends notifications to Slack using the incoming webhooks API.
Start by setting up an incoming webhook integration in your Slack workspace.
Doing serverless with Terraform? Check out serverless.tf framework, which aims to simplify all operations when working with the serverless in Terraform.
Terraform versions
Terraform 0.12. Pin module version to ~> v3.0. Submit pull-requests to master branch.
Terraform 0.11. Pin module version to ~> v1.0.
Features
- AWS Lambda runtime Python 3.8
- Create new SNS topic or use existing one
- Support plaintext and encrypted version of Slack webhook URL
- Most of Slack message options are customizable
- Support different types of SNS messages:
- AWS CloudWatch Alarms
- AWS CloudWatch LogMetrics Alarms
- Send pull-request to add support of other message types
- Local pytest driven testing of the lambda to a Slack sandbox channel
Usage
module "notify_slack" {
source = "terraform-aws-modules/notify-slack/aws"
version = "~> 3.0"
sns_topic_name = "slack-topic"
slack_webhook_url = "https://hooks.slack.com/services/AAA/BBB/CCC"
slack_channel = "aws-notification"
slack_username = "reporter"
}Upgrade from 2.0 to 3.0
Version 3 uses Terraform AWS Lambda module to handle most of heavy-lifting related to Lambda packaging, roles, and permissions, while maintaining the same interface for the user of this module after many of resources will be recreated.
Use existing SNS topic or create new
If you want to subscribe the AWS Lambda Function created by this module to an existing SNS topic you should specify create_sns_topic = false as an argument and specify the name of existing SNS topic name in sns_topic_name.
Examples
- notify-slack-simple - Creates SNS topic which sends messages to Slack channel.
- cloudwatch-alerts-to-slack - End to end example which shows how to send AWS Cloudwatch alerts to Slack channel and use KMS to encrypt webhook URL.
Testing with pytest
To run the tests:
-
Set up a dedicated slack channel as a test sandbox with it's own webhook. See Slack Incoming Webhooks docs for details.
-
Make a copy of the sample pytest configuration and edit as needed.
cp functions/pytest.ini.sample functions/pytest.ini -
Run the tests:
pytest functions/notify_slack_test.py
Requirements
| Name | Version |
|---|---|
| terraform | >= 0.12.6, < 0.14 |
| aws | >= 2.35, < 4.0 |
Providers
| Name | Version |
|---|---|
| aws | >= 2.35, < 4.0 |
Inputs
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| cloudwatch_log_group_kms_key_id | The ARN of the KMS Key to use when encrypting log data for Lambda | string |
null |
no |
| cloudwatch_log_group_retention_in_days | Specifies the number of days you want to retain log events in log group for Lambda. | number |
0 |
no |
| cloudwatch_log_group_tags | Additional tags for the Cloudwatch log group | map(string) |
{} |
no |
| create | Whether to create all resources | bool |
true |
no |
| create_sns_topic | Whether to create new SNS topic | bool |
true |
no |
| iam_role_boundary_policy_arn | The ARN of the policy that is used to set the permissions boundary for the role | string |
null |
no |
| iam_role_name_prefix | A unique role name beginning with the specified prefix | string |
"lambda" |
no |
| iam_role_policy_name_prefix | A unique policy name beginning with the specified prefix | string |
"lambda-policy-" |
no |
| iam_role_tags | Additional tags for the IAM role | map(string) |
{} |
no |
| kms_key_arn | ARN of the KMS key used for decrypting slack webhook url | string |
"" |
no |
| lambda_description | The description of the Lambda function | string |
null |
no |
| lambda_function_name | The name of the Lambda function to create | string |
"notify_slack" |
no |
| lambda_function_tags | Additional tags for the Lambda function | map(string) |
{} |
no |
| log_events | Boolean flag to enabled/disable logging of incoming events | bool |
false |
no |
| reserved_concurrent_executions | The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations | number |
-1 |
no |
| slack_channel | The name of the channel in Slack for notifications | string |
n/a | yes |
| slack_emoji | A custom emoji that will appear on Slack messages | string |
":aws:" |
no |
| slack_username | The username that will appear on Slack messages | string |
n/a | yes |
| slack_webhook_url | The URL of Slack webhook | string |
n/a | yes |
| sns_topic_kms_key_id | ARN of the KMS key used for enabling SSE on the topic | string |
"" |
no |
| sns_topic_name | The name of the SNS topic to create | string |
n/a | yes |
| sns_topic_tags | Additional tags for the SNS topic | map(string) |
{} |
no |
| subsription_filter_policy | (Optional) A valid filter policy that will be used in the subscription to filter messages seen by the target resource. | string |
null |
no |
| tags | A map of tags to add to all resources | map(string) |
{} |
no |
Outputs
| Name | Description |
|---|---|
| lambda_cloudwatch_log_group_arn | The Amazon Resource Name (ARN) specifying the log group |
| lambda_iam_role_arn | The ARN of the IAM role used by Lambda function |
| lambda_iam_role_name | The name of the IAM role used by Lambda function |
| notify_slack_lambda_function_arn | The ARN of the Lambda function |
| notify_slack_lambda_function_invoke_arn | The ARN to be used for invoking Lambda function from API Gateway |
| notify_slack_lambda_function_last_modified | The date Lambda function was last modified |
| notify_slack_lambda_function_name | The name of the Lambda function |
| notify_slack_lambda_function_version | Latest published version of your Lambda function |
| this_slack_topic_arn | The ARN of the SNS topic from which messages will be sent to Slack |
Authors
Module managed by Anton Babenko.
License
Apache 2 Licensed. See LICENSE for full details.