🐵
AWS Personal Health Dashboardのslack通知をシュッッッとTerraform Apply
(Terraform codeと書いてますが実はTofuを使っているマンです。やっぱりOpenがいいですよね、Tofu美味しいですし。)
意外とググってもLambdaを使うものや、AWS chatbotを使っていてもterraformからCloudFormationを呼び出すものであったり、なかなか欲しいものが出てこなかったので、ここにメモがてら残しておきます。
- Configuring an EventBridge rule to send notifications about events in AWS Health - AWS Health
- Configuring AWS Chatbot to send notifications about events in AWS Health - AWS Health
と大体同じ内容をterraformで記述します。
- variables.tf
variable "app" {
type = string
}
variable "environment" {
type = string
}
variable "slack_channel_id" {
type = string
}
variable "slack_team_id" {
type = string
}
- main.tf
locals {
prefix = "${var.app}-${var.environment}"
phd_sns_topic_name = "${local.prefix}-personal-health-dashboard-event"
chatbot_name = "${local.prefix}-aws-monitor-chatbot"
}
##########################################
# AWS PersonalHealth Dashboard subscription
##########################################
resource "aws_sns_topic" "personal_health_dashboard_event" {
name = local.phd_sns_topic_name
}
resource "aws_sns_topic_policy" "this" {
arn = aws_sns_topic.personal_health_dashboard_event.arn
policy = data.aws_iam_policy_document.sns_topic_policy.json
}
data "aws_iam_policy_document" "sns_topic_policy" {
statement {
effect = "Allow"
actions = ["SNS:Publish"]
principals {
type = "Service"
identifiers = ["events.amazonaws.com"]
}
resources = [aws_sns_topic.personal_health_dashboard_event.arn]
}
}
resource "aws_cloudwatch_event_rule" "health_events" {
name = local.phd_sns_topic_name
event_pattern = jsonencode({
"source" : [
"aws.health"
],
"detail-type" : [
"AWS Health Event"
]
})
}
resource "aws_cloudwatch_event_target" "personal_health_dashboard_event_to_sns" {
rule = aws_cloudwatch_event_rule.health_events.name
arn = aws_sns_topic.personal_health_dashboard_event.arn
}
##########################################
# AWS Chatbot
##########################################
resource "aws_iam_role" "chatbot" {
name = local.chatbot_name
assume_role_policy = data.aws_iam_policy_document.assume_chatbot.json
}
data "aws_iam_policy_document" "assume_chatbot" {
statement {
actions = ["sts:AssumeRole"]
principals {
type = "Service"
identifiers = ["chatbot.amazonaws.com"]
}
}
}
resource "aws_iam_role_policy_attachment" "chatbot_cloudwatch_access" {
role = aws_iam_role.chatbot.name
policy_arn = "arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess"
}
resource "aws_chatbot_slack_channel_configuration" "this" {
configuration_name = local.chatbot_name
iam_role_arn = aws_iam_role.chatbot.arn
slack_channel_id = var.slack_channel_id
slack_team_id = var.slack_team_id
guardrail_policy_arns = ["arn:aws:iam::aws:policy/CloudWatchReadOnlyAccess"]
sns_topic_arns = [aws_sns_topic.personal_health_dashboard_event.arn]
tags = {
Name = local.chatbot_name
}
}
以上です。
まず、これを terraform applyすると下記のエラーが出ると思います。
* Failed to execute "terraform apply -auto-approve -lock-timeout=60s" in <your_path>
╷
│ Error: creating AWS Chatbot Slack Channel Configuration
│
│ with aws_chatbot_slack_channel_configuration.this,
│ on main.tf line 56, in resource "aws_chatbot_slack_channel_configuration" "this":
│ 56: resource "aws_chatbot_slack_channel_configuration" "this" {
│
│ operation error chatbot: CreateSlackChannelConfiguration, https response
│ error StatusCode: 400, RequestID: <UUID>,
│ InvalidRequestException: AWS Chatbot can't create the configuration because
│ Slack workspace <YOUR_SLACK_WORKSPACE_ID> is not authorized with AWS account <YOUR_AWS_ACCOUNT_ID>.
│ See
│ https://docs.aws.amazon.com/chatbot/latest/adminguide/slack-setup.html#slack-client-setup
╵
exit status 1
エラーメッセージに従って、
にアクセスして、下記のようにSlackを選んで、Configure clientボタンをクリックしてAWSとslackを連携しましょう。
その後、再びterraform applyすれば成功するはずです!
それでは良いTFライフを!
Discussion