July 14, 2019     4min read

Amazon EventBridge - Slack Notification on Event


Amazon EventBridge is the solution to an ever-growing demand for globally managed events as a service. The primary use case for EventBridge, and where most of the hype is; are in the SaaS space, which aims to provide a decoupled way for vendors and customers to share a common event bus. In this example we're only going to cover a simple use case that was already possible with CloudWatch events; I figure it's still useful to give people a basic use case for EventBridge while they get their head around it.

Overview

We're going to be deploying a very simple Slack bot that alerts our channel on a Login Event from CloudTrail. The code for this exercise is available at waanimalsinc/waanimals-sign-in-event-bridge.

Slack Setup

To start with we need a Slack bot setup that is able to be used to send messages to our channel. To setup a new Slack App, navigate to https://api.slack.com/apps and create a new app.

EventBridge Slack Setup 1
EventBridge Slack Setup 1

Once you've named and selected your Slack group, go to the OAuth scope section of the app setup and ensure chat:write:bot is selected

EventBridge Slack Setup 2
EventBridge Slack Setup 2

Then click Install App to Workspace

EventBridge Slack Setup 3
EventBridge Slack Setup 3

Finally, make note of the OAuth token you are provided; we'll be using this shortly in our Serverless code

EventBridge Slack Setup 4
EventBridge Slack Setup 4

Serverless Lambda Setup

Next we need to create a simple Lambda function that will be triggered by the Amazon EventBridge. To do this we'll use Serverless.

I recommend pulling down my repository to work with:

git clone https://github.com/waanimalsinc/waanimals-sign-in-event-bridge.git

If you choose to create a new Serverless project to work with, ensure you have the following:

serverless.yml

service: waanimals-sign-in-event-bridge

custom:
  pythonRequirements:
    dockerizePip: true
  environment: ${file(env.yml):dev}

provider:
  name: aws
  stage: dev
  region: ap-southeast-2
  runtime: python3.7
  environment:
    SLACK_API_TOKEN: ${self:custom.environment.SLACK_API_TOKEN}
    SLACK_CHANNEL_ID: ${self:custom.environment.SLACK_CHANNEL_ID}

functions:
  alert:
    handler: handler.alert

plugins:
  - serverless-python-requirements

requirements.txtEventBridge Setup 1

requests

handler.py

import json
import requests
import os

slack_token = os.environ['SLACK_API_TOKEN']
slack_channel_id = os.environ['SLACK_CHANNEL_ID']


def alert(event, context):
    account = event['account']
    user = event['detail']['userIdentity']['arn']
    data = {
        "channel": slack_channel_id,
        "text": "Login to account %s with the identity %s" % (account, user)
    }
    resp = requests.post("https://slack.com/api/chat.postMessage", headers={
        'Content-Type': 'application/json;charset=UTF-8', 'Authorization': 'Bearer %s' % slack_token}, json=data)

    return {}

env.yml

Replace the SLACK_API_TOKEN with the OAuth toke you received when creating the Slack bot.

dev:
  SLACK_API_TOKEN: "xoxp-xxxxxxxxxxxx-xxxxxxxxxxxxx-xxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  SLACK_CHANNEL_ID: "tech_development"

Other

Also ensure that the serverless-python-requirements plugin is installed in the serverless project by running the following:

serverless plugin install -n serverless-python-requirements

Serverless Lambda Deploy

Deploy the lambda by running the following command

serverless deploy --stage dev

EventBridge Setup

Head over to the EventBridge portal and create a new Rule.

EventBridge Setup 1
EventBridge Setup 1

Define a new Pattern and ensure you setup an AWS Console Sign-in service event

EventBridge Setup 2
EventBridge Setup 2

Finally select the Lambda function that we just deployed with Serverless

EventBridge Setup 3
EventBridge Setup 3

Testing

To test the event, login to the account you deployed the resources in and you should see a message similar to below

EventBridge Slack message test
EventBridge Slack message test