This post will walk you through my journey getting up and running with AWS Chatbot. By the end of it, hopefully both you and I will have AWS Chatbot posting some alerts out to Slack!
I recently saw that AWS released a new offering called Chatbot and that it is advertised as a way to monitor and alert on events from AWS services. The big attention grabber for me was Chatbot’s ability to send to Slack.
Don’t have time for the guess and check aspect of this post? Scroll to the bottom to find my conclusion.
Getting Started
The beta preview link seems to only work is us-east-2…I hope that it can monitor resources in other regions…
After clicking the beta preview, I am prompted to configure a chat client, in this case I am going to pick Slack.
Getting started with AWS ChatBot
As you would expect, Chatbot needs your permission to be installed in your Slack workspace. The permissions seem reasonable given what we want the Chatbot to do so I will click install.
AWS Chatbot required access for Slack Integration
I am now redirected to the AWS Console where I need to configure my Slack settings. For this use case, I want to report to a private channel. I’ll create one now.
Creating a new private Slack channel
Then I need to copy the channel URL to paste back into the AWS Console. I will be using the default IAM role that AWS suggests and I will not add any regions for SNS topics. I did see that regions other than us-east-2 were options which boosts my confidence that we will be able to monitor other regions. Below is my initial configuration:
Initial configuration of AWS Chatbot working with a private Slack channel
Ok, at this point I will admit I didn’t read any of the docs about how AWS Chatbot works and I am quickly fearing that all it does is forward SNS alerts to Slack. I am not sure how this would be better than having SNS email alerts get forwarded to Slack…so let’s hope Chatbot can read logs or do something unique…
AWS Chatbot configured clients
Uh oh…
After completing the configuration I was redirected back to a page in the console showing the channels this Chatbot can talk to and a brief overview of the SNS topics each channel is mapped to. My fear has come true, I need to set up SNS topics to monitor my resources. When these topics get messages, they then trigger AWS Chatbot to send a message to Slack.
I hope you’ll join me on this journey…
I navigate over to SNS and create a new topic, giving it a custom name and using the default settings:
Creating a new SNS topic with a custom name and default settings
Of course I created the topic in us-east-2 by accident and all my Lambda’s are in us-east-1. So we should create a topic in the correct region, then navigate to the Lambda console and setup a Dead Letter Queue (DLQ).
It’s not long before I realize my Lambda permissions need to be changed to allow it to publish to the new SNS topic…
Default lambda role does not have SNS permissions
This should be an easy fix, I will try adding the following policy to my role (sub in your topic ARN for more security):
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "VisualEditor0",
"Effect": "Allow",
"Action": "sns:Publish",
"Resource": "arn:aws:sns:us-east-1:*:*"
}
]
}
Phew, that was an easy fix!
After fixing the IAM role, our lambda can publish to our new SNS topic
Now we need to setup AWS Chatbot to listen on this new topic…and probably change some IAM permissions along the way. Let’s see…
Back in the AWS Chatbot configuration, I select my region and SNS topic from the drop down before clicking save
Nothing about permissions yet…let’s give this a test.
Now I could either cause the lambda to fail and test this integration, or I can manually publish a message to the topic and see what happens. So before trying to cause an error in the lambda, lets do the manual test.
We will navigate back to our SNS topic and publish a basic message:
Manually publishing a message to the SNS topic
I published the message but got nothing in Slack…not a good sign. Time to do some digging.
After some deep thinking, I realized that I created a private Slack channel and I was the only user in it…how would AWS publish to the channel? I did some research and learned I have to invite the AWS Chatbot to my channel in Slack like this /invite @aws.
Inviting the AWS User to the channel
Lets fire off another test and see what happens…
No luck.
I tried a few more things…played with access policies on SNS, played with IAM permissions…nothing did the trick. Before giving up, I decided I would try with a Cloudwatch Alarm publishing to the topic to see if I got different data.
Creating alarms can be done in the Cloudwatch console, below is a screenshot of the alarm I went with:
A Cloudwatch Alarm to report on Lambda errors
Cloudwatch Alarm Configurations
Once the alarm was configured, I just had to cause the Lambda to fail a few times and wait 1 minute…the results were worth it!
A successful alert in Slack from AWS Chatbot!
Conclusion
AWS Chatbot may be more valuable than SNS alerts that get sent to a Slack email address because of the pretty format. AWS Chatbot does not seem to work for all message types which can cause frustration when trying to test subscriptions. If you want to have Chatbot publish to a private channel, you need to invite the Chatbot app to your channel. It appears Chatbot works great with certain Cloudwatch alarms which makes sense since that is what the product is designed to do. I am excited to see this product mature, maybe even to the point where I can send a message back in Slack to act on alarms, but at this time don’t expect to implement it in production.
I hope you found this useful and I’d love to hear how you are using AWS Chatbot in the comments…thanks for reading!
If you liked this post, share it with all of your programming buddies!
#aws #chatbot #devops #serverless
