Home

Awesome

AWS Notify Slack Terraform module

This module creates an SNS topic (or uses an existing one) and an AWS Lambda function that sends notifications to Slack using the incoming webhooks API.

Start by setting up an incoming webhook integration in your Slack workspace.

Doing serverless with Terraform? Check out serverless.tf framework, which aims to simplify all operations when working with the serverless in Terraform.

Supported Features

Usage

module "notify_slack" {
  source  = "terraform-aws-modules/notify-slack/aws"
  version = "~> 5.0"

  sns_topic_name = "slack-topic"

  slack_webhook_url = "https://hooks.slack.com/services/AAA/BBB/CCC"
  slack_channel     = "aws-notification"
  slack_username    = "reporter"
}

Using with Terraform Cloud Agents

Terraform Cloud Agents are a paid feature, available as part of the Terraform Cloud for Business upgrade package.

This module requires Python 3.11. You can customize tfc-agent to include Python using this sample Dockerfile:

FROM hashicorp/tfc-agent:latest
RUN apt-get -y update && apt-get -y install python3.11 python3-pip
ENTRYPOINT ["/bin/tfc-agent"]

Use existing SNS topic or create new

If you want to subscribe the AWS Lambda Function created by this module to an existing SNS topic you should specify create_sns_topic = false as an argument and specify the name of existing SNS topic name in sns_topic_name.

Examples

Local Development and Testing

See the functions for further details.

<!-- BEGIN_TF_DOCS -->

Requirements

NameVersion
<a name="requirement_terraform"></a> terraform>= 1.0
<a name="requirement_aws"></a> aws>= 4.8

Providers

NameVersion
<a name="provider_aws"></a> aws>= 4.8

Modules

NameSourceVersion
<a name="module_lambda"></a> lambdaterraform-aws-modules/lambda/aws6.8.0

Resources

NameType
aws_cloudwatch_log_group.lambdaresource
aws_iam_role.sns_feedback_roleresource
aws_sns_topic.thisresource
aws_sns_topic_subscription.sns_notify_slackresource
aws_caller_identity.currentdata source
aws_iam_policy_document.lambdadata source
aws_iam_policy_document.sns_feedbackdata source
aws_partition.currentdata source
aws_region.currentdata source

Inputs

NameDescriptionTypeDefaultRequired
<a name="input_architectures"></a> architecturesInstruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"].list(string)nullno
<a name="input_cloudwatch_log_group_kms_key_id"></a> cloudwatch_log_group_kms_key_idThe ARN of the KMS Key to use when encrypting log data for Lambdastringnullno
<a name="input_cloudwatch_log_group_retention_in_days"></a> cloudwatch_log_group_retention_in_daysSpecifies the number of days you want to retain log events in log group for Lambda.number0no
<a name="input_cloudwatch_log_group_tags"></a> cloudwatch_log_group_tagsAdditional tags for the Cloudwatch log groupmap(string){}no
<a name="input_create"></a> createWhether to create all resourcesbooltrueno
<a name="input_create_sns_topic"></a> create_sns_topicWhether to create new SNS topicbooltrueno
<a name="input_enable_sns_topic_delivery_status_logs"></a> enable_sns_topic_delivery_status_logsWhether to enable SNS topic delivery status logsboolfalseno
<a name="input_hash_extra"></a> hash_extraThe string to add into hashing function. Useful when building same source path for different functions.string""no
<a name="input_iam_policy_path"></a> iam_policy_pathPath of policies to that should be added to IAM role for Lambda Functionstringnullno
<a name="input_iam_role_boundary_policy_arn"></a> iam_role_boundary_policy_arnThe ARN of the policy that is used to set the permissions boundary for the rolestringnullno
<a name="input_iam_role_name_prefix"></a> iam_role_name_prefixA unique role name beginning with the specified prefixstring"lambda"no
<a name="input_iam_role_path"></a> iam_role_pathPath of IAM role to use for Lambda Functionstringnullno
<a name="input_iam_role_tags"></a> iam_role_tagsAdditional tags for the IAM rolemap(string){}no
<a name="input_kms_key_arn"></a> kms_key_arnARN of the KMS key used for decrypting slack webhook urlstring""no
<a name="input_lambda_attach_dead_letter_policy"></a> lambda_attach_dead_letter_policyControls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Functionboolfalseno
<a name="input_lambda_dead_letter_target_arn"></a> lambda_dead_letter_target_arnThe ARN of an SNS topic or SQS queue to notify when an invocation fails.stringnullno
<a name="input_lambda_description"></a> lambda_descriptionThe description of the Lambda functionstringnullno
<a name="input_lambda_function_ephemeral_storage_size"></a> lambda_function_ephemeral_storage_sizeAmount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB).number512no
<a name="input_lambda_function_name"></a> lambda_function_nameThe name of the Lambda function to createstring"notify_slack"no
<a name="input_lambda_function_s3_bucket"></a> lambda_function_s3_bucketS3 bucket to store artifactsstringnullno
<a name="input_lambda_function_store_on_s3"></a> lambda_function_store_on_s3Whether to store produced artifacts on S3 or locally.boolfalseno
<a name="input_lambda_function_tags"></a> lambda_function_tagsAdditional tags for the Lambda functionmap(string){}no
<a name="input_lambda_function_vpc_security_group_ids"></a> lambda_function_vpc_security_group_idsList of security group ids when Lambda Function should run in the VPC.list(string)nullno
<a name="input_lambda_function_vpc_subnet_ids"></a> lambda_function_vpc_subnet_idsList of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets.list(string)nullno
<a name="input_lambda_role"></a> lambda_roleIAM role attached to the Lambda Function. If this is set then a role will not be created for you.string""no
<a name="input_lambda_source_path"></a> lambda_source_pathThe source path of the custom Lambda functionstringnullno
<a name="input_log_events"></a> log_eventsBoolean flag to enabled/disable logging of incoming eventsboolfalseno
<a name="input_putin_khuylo"></a> putin_khuyloDo you agree that Putin doesn't respect Ukrainian sovereignty and territorial integrity? More info: https://en.wikipedia.org/wiki/Putin_khuylo!booltrueno
<a name="input_recreate_missing_package"></a> recreate_missing_packageWhether to recreate missing Lambda package if it is missing locally or notbooltrueno
<a name="input_reserved_concurrent_executions"></a> reserved_concurrent_executionsThe amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitationsnumber-1no
<a name="input_slack_channel"></a> slack_channelThe name of the channel in Slack for notificationsstringn/ayes
<a name="input_slack_emoji"></a> slack_emojiA custom emoji that will appear on Slack messagesstring":aws:"no
<a name="input_slack_username"></a> slack_usernameThe username that will appear on Slack messagesstringn/ayes
<a name="input_slack_webhook_url"></a> slack_webhook_urlThe URL of Slack webhookstringn/ayes
<a name="input_sns_topic_feedback_role_description"></a> sns_topic_feedback_role_descriptionDescription of IAM role to use for SNS topic delivery status loggingstringnullno
<a name="input_sns_topic_feedback_role_force_detach_policies"></a> sns_topic_feedback_role_force_detach_policiesSpecifies to force detaching any policies the IAM role has before destroying it.booltrueno
<a name="input_sns_topic_feedback_role_name"></a> sns_topic_feedback_role_nameName of the IAM role to use for SNS topic delivery status loggingstringnullno
<a name="input_sns_topic_feedback_role_path"></a> sns_topic_feedback_role_pathPath of IAM role to use for SNS topic delivery status loggingstringnullno
<a name="input_sns_topic_feedback_role_permissions_boundary"></a> sns_topic_feedback_role_permissions_boundaryThe ARN of the policy that is used to set the permissions boundary for the IAM role used by SNS topic delivery status loggingstringnullno
<a name="input_sns_topic_feedback_role_tags"></a> sns_topic_feedback_role_tagsA map of tags to assign to IAM the SNS topic feedback rolemap(string){}no
<a name="input_sns_topic_kms_key_id"></a> sns_topic_kms_key_idARN of the KMS key used for enabling SSE on the topicstring""no
<a name="input_sns_topic_lambda_feedback_role_arn"></a> sns_topic_lambda_feedback_role_arnIAM role for SNS topic delivery status logs. If this is set then a role will not be created for you.string""no
<a name="input_sns_topic_lambda_feedback_sample_rate"></a> sns_topic_lambda_feedback_sample_rateThe percentage of successful deliveries to lognumber100no
<a name="input_sns_topic_name"></a> sns_topic_nameThe name of the SNS topic to createstringn/ayes
<a name="input_sns_topic_tags"></a> sns_topic_tagsAdditional tags for the SNS topicmap(string){}no
<a name="input_subscription_filter_policy"></a> subscription_filter_policy(Optional) A valid filter policy that will be used in the subscription to filter messages seen by the target resource.stringnullno
<a name="input_subscription_filter_policy_scope"></a> subscription_filter_policy_scope(Optional) A valid filter policy scope MessageAttributes|MessageBodystringnullno
<a name="input_tags"></a> tagsA map of tags to add to all resourcesmap(string){}no
<a name="input_trigger_on_package_timestamp"></a> trigger_on_package_timestamp(Optional) Whether or not to ignore the file timestamp when deciding to create the archiveboolfalseno

Outputs

NameDescription
<a name="output_lambda_cloudwatch_log_group_arn"></a> lambda_cloudwatch_log_group_arnThe Amazon Resource Name (ARN) specifying the log group
<a name="output_lambda_iam_role_arn"></a> lambda_iam_role_arnThe ARN of the IAM role used by Lambda function
<a name="output_lambda_iam_role_name"></a> lambda_iam_role_nameThe name of the IAM role used by Lambda function
<a name="output_notify_slack_lambda_function_arn"></a> notify_slack_lambda_function_arnThe ARN of the Lambda function
<a name="output_notify_slack_lambda_function_invoke_arn"></a> notify_slack_lambda_function_invoke_arnThe ARN to be used for invoking Lambda function from API Gateway
<a name="output_notify_slack_lambda_function_last_modified"></a> notify_slack_lambda_function_last_modifiedThe date Lambda function was last modified
<a name="output_notify_slack_lambda_function_name"></a> notify_slack_lambda_function_nameThe name of the Lambda function
<a name="output_notify_slack_lambda_function_version"></a> notify_slack_lambda_function_versionLatest published version of your Lambda function
<a name="output_slack_topic_arn"></a> slack_topic_arnThe ARN of the SNS topic from which messages will be sent to Slack
<a name="output_sns_topic_feedback_role_arn"></a> sns_topic_feedback_role_arnThe Amazon Resource Name (ARN) of the IAM role used for SNS delivery status logging
<a name="output_this_slack_topic_arn"></a> this_slack_topic_arnThe ARN of the SNS topic from which messages will be sent to Slack (backward compatibility for version 4.x)
<!-- END_TF_DOCS -->

Authors

Module is maintained by Anton Babenko with help from these awesome contributors.

License

Apache 2 Licensed. See LICENSE for full details.