Amazon EventBridge - Slack Notification on Event

Amazon EventBridge is the solution to an ever-growing demand for globally managed events as a service. The primary use case for EventBridge, and where most of the hype is; is in the SaaS space, which aims to provide a decoupled way for vendors and customers to share a common event bus. In this example we're only going to cover a simple use case that was already possible with CloudWatch events; I figure it's still useful to give people a basic use case for EventBridge while they get their head around it.

Overview

We're going to be deploying a very simple Slack bot that alerts our channel on a log-in Event from CloudTrail. The code for this exercise is available at waanimalsinc/waanimals-sign-in-event-bridge.

Slack Setup

To start with we need a Slack bot setup that can be used to send messages to our channel. To set up a new Slack App, navigate to https://api.slack.com/apps and create a new app.

Once you've named and selected your Slack group, go to the OAuth scope section of the app setup and ensure chat:write:bot is selected

Then click Install App to Workspace

Finally, make note of the OAuth token you are provided; we'll be using this shortly in our Serverless code

Serverless Lambda Setup

Next, we need to create a simple Lambda function that will be triggered by the Amazon EventBridge. To do this we'll use Serverless.

I recommend pulling down my repository to work with:

git clone https://github.com/waanimalsinc/waanimals-sign-in-event-bridge.git

If you choose to create a new Serverless project to work with, ensure you have the following:

serverless.yml

service: waanimals-sign-in-event-bridge

custom:
  pythonRequirements:
    dockerizePip: true
  environment: ${file(env.yml):dev}

provider:
  name: aws
  stage: dev
  region: ap-southeast-2
  runtime: python3.7
  environment:
    SLACK_API_TOKEN: ${self:custom.environment.SLACK_API_TOKEN}
    SLACK_CHANNEL_ID: ${self:custom.environment.SLACK_CHANNEL_ID}

functions:
  alert:
    handler: handler.alert

plugins:
  - serverless-python-requirements

requirements.txtEventBridge Setup 1

requests

handler.py

import json
import requests
import os

slack_token = os.environ['SLACK_API_TOKEN']
slack_channel_id = os.environ['SLACK_CHANNEL_ID']


def alert(event, context):
    account = event['account']
    user = event['detail']['userIdentity']['arn']
    data = {
        "channel": slack_channel_id,
        "text": "Login to account %s with the identity %s" % (account, user)
    }
    resp = requests.post("https://slack.com/api/chat.postMessage", headers={
        'Content-Type': 'application/json;charset=UTF-8', 'Authorization': 'Bearer %s' % slack_token}, json=data)

    return {}

env.yml

Replace the SLACK_API_TOKEN with the OAuth token you received when creating the Slack bot.

dev:
  SLACK_API_TOKEN: "xoxp-xxxxxxxxxxxx-xxxxxxxxxxxxx-xxxxxxxxxxx-xxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
  SLACK_CHANNEL_ID: "tech_development"

Other

Also, ensure that the serverless-python-requirements plugin is installed in the serverless project by running the following:

serverless plugin install -n serverless-python-requirements

Serverless Lambda Deploy

Deploy the lambda by running the following command

serverless deploy --stage dev

EventBridge Setup

Head over to the EventBridge portal and create a new Rule.

Define a new Pattern and ensure you setup an AWS Console Sign-in service event

Finally, select the Lambda function that we just deployed with Serverless

Testing

To test the event, log in to the account you deployed the resources in and you should see a message similar to below