Skip to content
/ slack-event-alarms Public

Provides Slack notifications on errors from AWS accounts using CloudWatch Event Rules

0 stars 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

dundunndone/slack-event-alarms

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits
.github/workflows
.github/workflows
 
 
.gitignore
.gitignore
 
 
README.md
README.md
 
 
slack_alarms.py
slack_alarms.py
 
 
slack_alarms.yml
slack_alarms.yml
 
 

Repository files navigation

Slack Event Alarms Deploy

Provides Slack notifications on errors from AWS accounts using CloudWatch Event Rules.

Purpose

This tool is designed to alert teams on event errors from CloudTrail by sending a notification to a Slack channel. Information helps alert teams to misconfigurations and access issues within an account.

How It Works

Checks custom S3 bucket for events from account. CloudWatch event rule runs every 15 minutes where the Lambda function checks 3 or more events within the last 15 minutes that contain error codes. Function can be customized to support different thresholds or S3 bucket structures.

This tool is designed to work with AWS Event Monitor. However, Slack Event Alarms can be customized to support existing S3 buckets such as your Primary CloudTrail bucket.

Within Slack, access the Incoming Webhooks app to create new webhooks and determine existing Slack webhooks for your target (Public and Private) channels.

Information below references parameters in the slack_alarms.yml template and how to configure them.

  • CustomS3BucketName
  • Existing s3 bucket is setup to read events using this structure "s3://custom-s3-bucket/eventlogs/accountid/region/yyyy-mm-dd/eventid.json". For each event ID a separate .json file is created.
  • SlackChannels
  • This entry should be formatted as a directory using this format {"account-alias":"https://hooks.slack.com/services/"}. The account alias name in this parameter should be present within the AccountAliases parameter below. Optionally, you can send alarms to multiple Slack channels for 1 AWS account.
  • AccountAliases:
  • This entry should be formatted as a directory using this format {"account-alias":"account-id"}. If your events only target 1 AWS account, you should include account alias name and the AWS account ID. If you have a centralized S3 bucket logging CloudTrail events from multiple accounts, you should add all applicable accounts aliases/ID here.

Deployment

Deploy templates and resources in order.

  • slack_alarms.yml
    • Contains: IAM, Lambda, CloudWatch Event rule
    • Deploy: us-east-1 only
  • slack_alarms.py
    • Contains: Zip file and upload to target "LambdaBucketName"
    • Deploy: us-east-1 only

Supports

  • Supports single and centralized account(s) logging events from CloudTrail to S3.
  • Customizable template to send events /w errors from an AWS account to a public or private Slack channel.
  • This function uses python requests library to send events to Slack. Lambda Layers are used to package the library and upload the requests.zip file into Lambda.

About

Provides Slack notifications on errors from AWS accounts using CloudWatch Event Rules

Topics

python slack lambda cloudformation cloudwatch-events

Resources

Readme
Activity

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages