This article describes how to implement the AWS service Chatbot to visualize alarms in Slack channels and address situations before they become full-blown issues, whether it is a budget deviation, a system overload, or a security event.
The AWS Chatbot Slack integration is easy to configure and benefits various groups of users allowing them to monitor systems and respond to events efficiently: Support teams can set up AWS Chatbot custom messages about operational events, DevOps teams can get AWS Chatbot notifications about security findings in real-time, and Finance teams can receive budget alerts directly in the Slack chat room.
AWS Chatbot Slack Integration: Pre-requisites
- You will need an AWS account.
- Basic knowledge of AWS services.
AWS Chatbot Slack Integration: Let’s Set It Up!
1.- Configuring the AWS Chatbot
To set up AWS Chatbot notifications, you need to configure the client. Open the AWS Chatbot service on the console.
On the main page, choose “Slack” under chat client, and then click on “Configure client”.
Next, you need to allow the requested permissions to access the Slack workspace:
After you click “Allow”, you need to provide configuration details:
- Configuration name: type a name for your configuration. This name cannot be changed once the configuration is created.
- Logging (optional): you can enable AWS Chatbot to publish logs to Amazon CloudWatch Logs.
- Channel type: choose the Slack channel type. In this demo, we selected a public channel named aws-chatbot.
- IAM role: you can select to create an IAM role or an existing one. If you choose to create a new IAM role, you will need to provide a role name and the policy templates attached to this role. The policy templates are as follows:
- Notification permissions – Allows AWS Chatbot to retrieve metric graphs from Amazon CloudWatch.
- Read-only command permissions – Allows read-only commands in supported clients.
- Lambda-invoke command permissions – Allows Lambda-invoke commands in supported clients.
- AWS Support command permissions – Allows calling AWS Support APIs in supported clients.
- Incident Manager permissions – Allows calling Incident Manager APIs in supported clients.
Note: Remember to follow the least privilege principle to restrict unnecessary permissions.
- SNS Region: choose the region where you have an SNS topic that you will use.
- SNS Topic: choose the topic that you want to use.
- Note: If you need to know how to create an SNS Topic, in the next section are the instructions to create one.
Finally, create the configuration.
2.- Creating an SNS Topic
On the console, open “SNS service” and on the left, click “Topics” and then on the right, click “Create topic”.
On the next page, choose “Standard type” and write a name for the topic (all the remaining configurations are optional), and finally, click “Create topic”.
3.- Creating a CloudWatch Alarm
We will create an alarm that will be sent to the Slack channel we configured before.
Open the console on the CloudWatch service. On the left menu, click on “All alarms” and on the right, click on “Create alarm”.
On the next screen, click “Select metric” and choose the metric you want to use for the alarm. In this example, we will use CPU Utilization for an EC2 instance.
Click “Next” on the next screen, under “Notification” choose “In alarm”, click “Select an existing SNS topic”, and choose your topic in “Send a notification to…”.
You will notice that the Email (endpoints) has the chatbot URL.
Click “Next” on the next screen, write the Alarm name and click “Next” again.
Finally, review your configuration and click “Create alarm”.
4.- Integrating the AWS Chatbot with Slack
Open Slack, under Apps, type “aws”, and click on AWS Chatbot
After doing this, you will receive the alarms notifications in the Slack channel that you configured on AWS Chatbot; see below:
Depending on the permissions of the IAM role that you applied to the Chatbot, you can use some CLI commands on the channel to retrieve information, even to invoke Lambdas.
For example, if you want to see all alarms in a region, type the following command in the channel: @aws cloudwatch describe-alarms --region us-east-2
Note: if Slack asks you to invite the bot to the channel, please do so.
Conclusion: The Benefit of Setting Up an AWS Chatbot Slack Integration
It is very easy to configure the AWS Chatbot to send alerts to Slack channels. The AWS Chatbot custom messages notify the right people immediately when an alarm is breaching, and proper actions can be taken faster. This AWS Chatbot service is free, and you are only charged for the other services such as SNS, EC2, CloudWatch. The AWS Chatbot Slack Integration is an excellent tool for better communication and faster incident resolutions.