An AWS Lambda function for better Slack notifications. Check out the blog post.
This function was originally derived from the
AWS blueprint named cloudwatch-alarm-to-slack
. The
function in this repo improves on the default blueprint in several
ways:
Better default formatting for CloudWatch notifications:
Support for notifications from Elastic Beanstalk:
Support for notifications from Code Deploy:
Basic support for notifications from ElastiCache:
Support for encrypted and unencrypted Slack webhook url:
Clone this repository and open the Makefile in your editor, then follow the steps beow:
Fill in the variables at the top of the Makefile
. For example, your
variables may look like this:
LAMBDA_FUNCTION_NAME=cloudwatch-to-slack
AWS_REGION=us-west-2
AWS_ROLE=arn:aws:iam::123456789123:role/lambda_exec_role
AWS_PROFILE=default
Follow these steps to configure the webhook in Slack:
-
Navigate to https://.slack.com/services/new and search for and select "Incoming WebHooks".
-
Choose the default channel where messages will be sent and click "Add Incoming WebHooks Integration".
-
Copy the webhook URL from the setup instructions and use it in the next section.
-
Click 'Save Settings' at the bottom of the Slack integration page.
Next, open deploy.env.example
, there are several configuration
options here. At a minimum, you must fill out UNENCRYPTED_HOOK_URL
(or KMS_ENCRYPTED_HOOK_URL
) and SLACK_CHANNEL
(the name of the Slack room to send messages).
When you're done, copy the file to deploy.env
:
$ cp deploy.env.example deploy.env
If you don't want or need to encrypt your hook URL, you can use the
UNENCRYPTED_HOOK_URL
. If this variable is specified, the
KMS_ENCRYPTED_HOOK_URL
is ignored.
If you do want to encrypt your hook URL, follow these steps to encrypt your Slack hook URL for use in this function:
-
Create a KMS key - http://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html.
-
Encrypt the event collector token using the AWS CLI. $ aws kms encrypt --key-id alias/ --plaintext "<SLACK_HOOK_URL>"
Note: You must exclude the protocol from the URL (e.g. "hooks.slack.com/services/abc123").
-
Copy the base-64 encoded, encrypted key (CiphertextBlob) to the ENCRYPTED_HOOK_URL variable.
-
Give your function's role permission for the kms:Decrypt action. Example:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1443036478000",
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": [
"<your KMS key ARN>"
]
}
]
}
The final step is to deploy the integration to AWS Lambda:
make deploy
With the variables filled in, you can test the function:
npm install
make test
-
Environment variables specified in
deploy.env
may not show up on AWS Lambda but are still in use. -
node-lambda
appends-development
to Lambda function names. To fix this, check out the.env
file created bynode-lambda
and set theAWS_ENVIRONMENT
var to an empty string, likeAWS_ENVIRONMENT=
MIT License