terraform-aws-clickops-notifier icon indicating copy to clipboard operation
terraform-aws-clickops-notifier copied to clipboard

Published 20 hours ago verified publisher icon cloudandthings

Customize slack channel per included account

Open nitrocode opened this issue 1 year ago • 0 comments

I have a client setup like this

current setup - single channel for multiple accounts 
module "clickops_notifier" {
  source  = "cloudandthings/clickops-notifier/aws"
  version = "5.0.4"

  cloudtrail_bucket_name = "org-cloudtrail"

  included_accounts = [
    module.account_map["production"],
    module.account_map["corp"],
  ]

  webhooks_for_slack_notifications = {
    "clickops" = jsondecode(data.aws_secretsmanager_secret_version.webhook.secret_string)["webhook"]
  }
}

I want to set this up so I can do a separate slack channel per account, which can be done with a for_each per account which results in duplicating a lot of infrastructure.

per account for separate channel using for_each 
module "clickops_notifier" {
  source  = "cloudandthings/clickops-notifier/aws"
  version = "5.0.4"

  for_each = toset([
    "production",
    "corp",
  ])

  cloudtrail_bucket_name = "org-cloudtrail"

  included_accounts = [
    module.account_map[each.key],
  ]

  webhooks_for_slack_notifications = {
    "clickops-${each.key}" = jsondecode(data.aws_secretsmanager_secret_version.webhook[each.key].secret_string)["webhook"]
  }
}

What's more ideal is if we can do something like this

per account for separate channel using multiple hooks

Using the key as the account instead of the channel name

module "clickops_notifier" {
  source  = "cloudandthings/clickops-notifier/aws"
  version = "5.0.4"

  cloudtrail_bucket_name = "org-cloudtrail"

  included_accounts = [
    module.account_map["production"],
    module.account_map["corp"],
  ]

  # written out without a for loop to show mapping is
  # account = slack-web-hook
  webhooks_slack_notifications_per_account = {
    module.account_map["production"] = jsondecode(data.aws_secretsmanager_secret_version.webhook["production"].secret_string)["webhook"]
    module.account_map["corp"]       = jsondecode(data.aws_secretsmanager_secret_version.webhook["corp"].secret_string)["webhook"]
  }

  # or
  # webhooks_slack_notifications_per_account = {
  #   for account in data.aws_secretsmanager_secret_version.webhook:
  #   module.account_map[account] = jsondecode(data.aws_secretsmanager_secret_version.webhook[account].secret_string)["webhook"]
  # }
}

https://github.com/cloudandthings/terraform-aws-clickops-notifier/blob/be9694cda07dbe74fad9e332723be3b38bb5267b/main.tf#L142-L148

https://github.com/cloudandthings/terraform-aws-clickops-notifier/blob/be9694cda07dbe74fad9e332723be3b38bb5267b/main.tf#L104-L105

https://github.com/cloudandthings/terraform-aws-clickops-notifier/blob/be9694cda07dbe74fad9e332723be3b38bb5267b/clickopsnotifier/app.py#L56-L64

nitrocode avatar Dec 14 '23 19:12 nitrocode