Merge pull request #99 from hudl/SK24-AddRoleToSlackInstallFunc

SK24 - Add role to Slack Install in order to access secrets
hudl · Oct 24, 2024 · 10c391a · 10c391a
2 parents 1463285 + 6b29ff0
commit 10c391a
Show file tree

Hide file tree

Showing 2 changed files with 12 additions and 0 deletions.
diff --git a/serverless.yml b/serverless.yml
@@ -30,6 +30,7 @@ functions:
       - http:
           path: 'slack/install'
           method: get
+    role: slackbotRole
   create-user:
     handler: src/index.createUser
     events:
@@ -124,6 +125,16 @@ resources:
                           - Ref: 'AWS::Region'
                           - Ref: 'AWS::AccountId'
                           - 'table/cal2slack-usersettings'
+                - Effect: Allow
+                  Action:
+                    - secretsmanager:GetSecretValue
+                  Resource:
+                    - 'Fn::Join':
+                        - ':'
+                        - - 'arn:aws:secretsmanager'
+                          - Ref: 'AWS::Region'
+                          - Ref: 'AWS::AccountId'
+                          - 'secret:${self:custom.lambda.slackbot.secretsPrefix}/*'
                 - Effect: 'Allow'
                   Action:
                     - lambda:InvokeFunction

diff --git a/src/index.ts b/src/index.ts
@@ -155,6 +155,7 @@ export const authorizeMicrosoftGraph: Handler = async (event: any) => {
 };
 
 export const slackInstall: Handler = async () => {
+  console.log('Slack install requested.')
   const clientId = await getSlackClientIdWithKey('clientId');
 
   return {