tofu-module-aws-slack-notify

Forked from terraform-aws-modules/terraform-aws-notify-slack

This module creates an SNS topic (or uses an existing one) and an AWS Lambda function that sends notifications to Slack using the incoming webhooks API.

Supported Features

• AWS Lambda runtime Python 3.11
• Create new SNS topic or use existing one
• Support plaintext and encrypted version of Slack webhook URL
• Most of Slack message options are customizable
• Custom Lambda function
• Various event types are supported, even generic messages:
  • AWS CloudWatch Alarms
  • AWS CloudWatch LogMetrics Alarms
  • AWS GuardDuty Findings

Usage

module "notify_slack" {
  source = "git@github.com:Notifycal/tofu-module-aws-slack-notify.git",

  sns_topic_name = "slack-topic"

  slack_channel     = "#aws-notification"
  slack_bot_token   = "xoxb-...."
}

Use existing SNS topic or create new

If you want to subscribe the AWS Lambda Function created by this module to an existing SNS topic you should specify create_sns_topic = false as an argument and specify the name of existing SNS topic name in sns_topic_name.

Local Development and Testing

See the functions for further details.

Requirements

Name	Version
terraform	>= 1.0
aws	>= 4.8

Providers

Name	Version
aws	6.33.0

Modules

Name	Source	Version
lambda	terraform-aws-modules/lambda/aws	8.7.0

Resources

Name	Type
aws_cloudwatch_log_group.lambda	resource
aws_iam_role.sns_feedback_role	resource
aws_sns_topic.this	resource
aws_sns_topic_subscription.sns_notify_slack	resource
aws_caller_identity.current	data source
aws_iam_policy_document.lambda	data source
aws_iam_policy_document.sns_feedback	data source
aws_partition.current	data source
aws_region.current	data source

Inputs

Name	Description	Type	Default	Required
architectures	Instruction set architecture for your Lambda function. Valid values are ["x86_64"] and ["arm64"].	list(string)	null	no
cloudwatch_log_group_kms_key_id	The ARN of the KMS Key to use when encrypting log data for Lambda	string	null	no
cloudwatch_log_group_retention_in_days	Specifies the number of days you want to retain log events in log group for Lambda.	number	0	no
cloudwatch_log_group_tags	Additional tags for the Cloudwatch log group	map(string)	{}	no
create	Whether to create all resources	bool	true	no
create_sns_topic	Whether to create new SNS topic	bool	true	no
enable_sns_topic_delivery_status_logs	Whether to enable SNS topic delivery status logs	bool	false	no
hash_extra	The string to add into hashing function. Useful when building same source path for different functions.	string	""	no
iam_role_boundary_policy_arn	The ARN of the policy that is used to set the permissions boundary for the role	string	null	no
iam_role_name_prefix	A unique role name beginning with the specified prefix	string	"lambda"	no
iam_role_path	Path of IAM role to use for Lambda Function	string	null	no
iam_role_tags	Additional tags for the IAM role	map(string)	{}	no
kms_key_arn	ARN of the KMS key used for decrypting slack webhook url	string	""	no
lambda_attach_dead_letter_policy	Controls whether SNS/SQS dead letter notification policy should be added to IAM role for Lambda Function	bool	false	no
lambda_dead_letter_target_arn	The ARN of an SNS topic or SQS queue to notify when an invocation fails.	string	null	no
lambda_description	The description of the Lambda function	string	null	no
lambda_function_ephemeral_storage_size	Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime. Valid value between 512 MB to 10,240 MB (10 GB).	number	512	no
lambda_function_name	The name of the Lambda function to create	string	"notify_slack"	no
lambda_function_s3_bucket	S3 bucket to store artifacts	string	null	no
lambda_function_store_on_s3	Whether to store produced artifacts on S3 or locally.	bool	false	no
lambda_function_tags	Additional tags for the Lambda function	map(string)	{}	no
lambda_function_vpc_security_group_ids	List of security group ids when Lambda Function should run in the VPC.	list(string)	null	no
lambda_function_vpc_subnet_ids	List of subnet ids when Lambda Function should run in the VPC. Usually private or intra subnets.	list(string)	null	no
lambda_role	IAM role attached to the Lambda Function. If this is set then a role will not be created for you.	string	""	no
lambda_source_path	The source path of the custom Lambda function	string	null	no
log_events	Boolean flag to enabled/disable logging of incoming events	bool	false	no
recreate_missing_package	Whether to recreate missing Lambda package if it is missing locally or not	bool	true	no
reserved_concurrent_executions	The amount of reserved concurrent executions for this lambda function. A value of 0 disables lambda from being triggered and -1 removes any concurrency limitations	number	-1	no
slack_bot_token	Token for the Slack App/Bot	string	n/a	yes
slack_channel	The name of the channel in Slack for notifications	string	n/a	yes
sns_topic_feedback_role_description	Description of IAM role to use for SNS topic delivery status logging	string	null	no
sns_topic_feedback_role_force_detach_policies	Specifies to force detaching any policies the IAM role has before destroying it.	bool	true	no
sns_topic_feedback_role_name	Name of the IAM role to use for SNS topic delivery status logging	string	null	no
sns_topic_feedback_role_path	Path of IAM role to use for SNS topic delivery status logging	string	null	no
sns_topic_feedback_role_permissions_boundary	The ARN of the policy that is used to set the permissions boundary for the IAM role used by SNS topic delivery status logging	string	null	no
sns_topic_feedback_role_tags	A map of tags to assign to IAM the SNS topic feedback role	map(string)	{}	no
sns_topic_kms_key_id	ARN of the KMS key used for enabling SSE on the topic	string	""	no
sns_topic_lambda_feedback_role_arn	IAM role for SNS topic delivery status logs. If this is set then a role will not be created for you.	string	""	no
sns_topic_lambda_feedback_sample_rate	The percentage of successful deliveries to log	number	100	no
sns_topic_name	The name of the SNS topic to create	string	n/a	yes
sns_topic_tags	Additional tags for the SNS topic	map(string)	{}	no
subscription_filter_policy	(Optional) A valid filter policy that will be used in the subscription to filter messages seen by the target resource.	string	null	no
subscription_filter_policy_scope	(Optional) A valid filter policy scope MessageAttributes|MessageBody	string	null	no
tags	A map of tags to add to all resources	map(string)	{}	no
trigger_on_package_timestamp	(Optional) Whether or not to ignore the file timestamp when deciding to create the archive	bool	false	no

Outputs

Name	Description
lambda_cloudwatch_log_group_arn	The Amazon Resource Name (ARN) specifying the log group
lambda_iam_role_arn	The ARN of the IAM role used by Lambda function
lambda_iam_role_name	The name of the IAM role used by Lambda function
notify_slack_lambda_function_arn	The ARN of the Lambda function
notify_slack_lambda_function_invoke_arn	The ARN to be used for invoking Lambda function from API Gateway
notify_slack_lambda_function_last_modified	The date Lambda function was last modified
notify_slack_lambda_function_name	The name of the Lambda function
notify_slack_lambda_function_version	Latest published version of your Lambda function
slack_topic_arn	The ARN of the SNS topic from which messages will be sent to Slack
sns_topic_feedback_role_arn	The Amazon Resource Name (ARN) of the IAM role used for SNS delivery status logging
this_slack_topic_arn	The ARN of the SNS topic from which messages will be sent to Slack (backward compatibility for version 4.x)

Authors

Module is maintained by Notifycal. It's been forked from this module.

License

Apache 2 Licensed. See LICENSE for full details.