terraform-aws-cloudtrail-to-slack icon indicating copy to clipboard operation
terraform-aws-cloudtrail-to-slack copied to clipboard

Published 20 hours ago verified publisher icon fivexl

Optional short messages to a slack channel

Open admssa opened this issue 2 years ago • 3 comments

Some events may contain huge requestParameters or responseElements sections, RunInstances events, for example. This PR adds a short_messages option. This will make lambda send links to the event in AWS Console instead of messages containing JSON objects.

admssa avatar Jul 10 '22 11:07 admssa

@admssa Thanks for the PR! Message already contains a path to s3 object containing an event in question. So with the link we will provide pretty much the same information. Also, link points to CloudTrail in AWS Console and I don't think it will work in all cases. For instance, when using AWS Organisations you would enable CloudTrail in organisation management account and then sync S3 with cloudtrail logs to a separate account. Most of our customers have exactly this setup. So in their case Lambda is being deployed to security account where it is triggered on cloudtrail logs sync from organisation account. Thus generated link will not work.

I like the idea of providing the whole event back using button but there should be a better way to do it.

Let me know what you think

Andrey9kin avatar Jul 12 '22 12:07 Andrey9kin

@Andrey9kin thank you for answering fast. Here are my thoughts:

Message already contains a path to s3 object I find it extremely inconvenient that each time you need to combine it with a bucket name, download a file, unarchive it, and dig for a specific event. I don't think it will work in all cases You just need to be authorized within the account where CloudTrail is deployed. The link isn't tied to a specific account. For instance, when using AWS Organisations Unfortunately, I don't have access to a main(organization) account to test it and confirm it works in the way stated above. But I'm pretty sure it should work. Will try to find out shortly.

PS Another thing i would like to point out is that this function isn't mandatory, but optional. The same as you shouldn't pass KMS key value if don't have a proper setup for s3. It breaks nothing for the existing setups.

UPD. the region value in the link needs to be different, it should be a region of cloudtrail, but not a region of an event. Will change it.

admssa avatar Jul 12 '22 12:07 admssa

@Andrey9kin I fixed the link, now it takes region from a variable. Something like:

  cloudtrail_home_region         = aws_cloudtrail.this.home_region

But I can understand if this isn't what you expect. I mean i will be happy to get suggestions as for shortening the messages. I was going to fold JSON into a snippet initially, but i wasn't able to find something like that in slack. Thus the button with the link seemed to be the most obvious choice. And it works pretty well, despite a small delay on cloudtrail side.

admssa avatar Jul 13 '22 13:07 admssa

I don't need any more also. just forked, worked fine with organisations

admssa avatar Dec 18 '22 17:12 admssa