AWS Cloud Operations Blog
7 AWSome ways to use AWS Chatbot
AWS Chatbot is an interactive agent that makes it easy to monitor and interact with your AWS resources in your Slack channels and Amazon Chime chat rooms. With AWS Chatbot you can receive alerts, run commands to return diagnostic information, invoke AWS Lambda functions, and create AWS Support cases. There are many different ways to integrate AWS Chatbot with other AWS services. In this blog, I have listed down seven common use cases using AWS Chatbot that applies to all the customer domains. These use cases cover how you can gather notifications from across various areas like security, performance monitoring, CI/CD workflows, compliance, etc. to detect and prevent potential issues.
Metadata
Time to read | 9 min |
Learning Level | Intermediate (200) |
AWS services | AWS Chatbot, Amazon GuardDuty, Amazon Simple Notification Service (Amazon SNS), Amazon CloudWatch, Amazon EC2, AWS Lambda, AWS Systems Manager, AWS Support, AWS CodePipeline, AWS Billing and Cost Management |
Overview of solution
AWS Chatbot uses Amazon SNS to integrate with other AWS services, as shown in the diagram. This process sets up a CloudWatch alarm to notify an Amazon SNS topic, which in turn activates AWS Chatbot to notify a chat room. Various AWS services like Amazon EC2, AWS Lambda, Amazon GuardDuty etc. can trigger Amazon CloudWatch alarm when one of the metrics breaches the threshold for a specified number of evaluation periods. They can also be triggered based on certain Amazon CloudWatch Events if you have configured rules to send operational changes to Amazon SNS topic.
Prerequisites
You must have following prerequisites to move forward with the next steps.
- AWS account
- GuardDuty enabled
- Slack account
- Slack workspace ID and channel ID
Note: You must have administrative permissions for your Slack workspace or have the ability to work with workspace owners to get approval for installing AWS Chatbot.
Tutorial
In this blog, let’s discuss the following steps:
Initial configurations:
- Create Amazon SNS topic
- Configure AWS Chatbot on Slack
Create Amazon SNS topic
To use AWS Chatbot, you must have Amazon SNS topic setup. Follow the steps to create an Amazon SNS topic.
- Navigate to Amazon SNS console
- In the Create topic section, enter a topic name, for example slack-notification.
Configure AWS Chatbot on Slack
A Slack channel is a single place for a team to share messages, tools, and files. In Slack, teamwork and communication happen in channels. Let’s discuss how to configure AWS Chatbot on Slack.
- On the AWS web console, search for the service AWS, and select Slack as chat client from the dropdown list.
- Select “allow” on the next screen.
`
- Under Configuration details, enter a name for your configuration. The name must be unique across your account and can’t be edited later.
- For Slack channel, choose the channel that you want to use. To use private Slack channel with AWS Chatbot, choose Private channel.
- In Slack, copy the Channel ID of the private channel by right-clicking on the channel name and selecting Copy Link.
- On the AWS Management Console, in AWS Chatbot window, paste the ID into the Channel URL.
- Define the IAM permissions that the AWS Chatbot uses for messaging your Slack chat room
- For Policy templates, choose Notification permissions. This is the IAM policy template for AWS Chatbot. It provides the necessary read and list permissions for CloudWatch alarms, events and logs, and for Amazon SNS topics.
- Choose the Amazon SNS topic you previously created that sends notifications to the Slack channel.
You should see following screen once you configure the channel
Now that we have initial set up ready, let’s discuss a few use cases where you can use the bot with other AWS services.
Use cases:
- Notify Slack on Amazon EC2 CPU usage spike
- Run AWS Lambda Notify Slack on execution errors
- AWS Budget notifications on Slack when it exceeds threshold
- Create AWS Support case using Slack
- GuardDuty security threat alerts on Slack
- Notify Slack on AWS CodePipeline errors
- Monitor operations on AWS Systems Manager parameter
Let’s discuss each of these use cases in detail.
1. Notify Slack on Amazon EC2 CPU usage spike
We would like to receive notifications on Slack channel when the CPU utilization of EC2 instances reaches the threshold of 70%.
- Set up CloudWatch CPU usage alarm
- Go to Amazon CloudWatch console.
- In the navigation pane, choose Alarms, Create Alarm.
- Under EC2 metrics, choose a metric category (for example, per-instance metrics).
- In the next step, select the Amazon SNS topic you created earlier.
After configuring the alarm, as soon as your EC2 instances’ CPU usage crosses the threshold, you receive the following notification on your Slack channel.
2. Run Lambda functions. Notify Slack on execution errors
You can use AWS Chatbot to list your existing Lambda functions.
@aws lambda list-functions
To look up timeout and memory size parameters for a Lambda function.
@aws lambda get-function –-function-name FUNCTION_NAME
You can also use AWS Chatbot to invoke a Lambda function.
To receive a notification when a Lambda function fails to execute, create a CloudWatch alarm, select AWS Lambda namespace, Errors as metric name and select the Lambda function to watch.
You receive following notification on Slack channel when the specific Lambda fails to execute.
3. AWS Budget notifications on Slack when it exceeds threshold
Cost management is quickly becoming prominent important to enterprises to make the most out of their cloud infrastructure and keep costs down. You can integrate AWS Chatbot with AWS Billing and Cost Management to receive AWS account budget alerts on your Slack channel. The service sends alerts to an Amazon SNS topic. You then map the Amazon SNS topic in AWS Chatbot to send those notifications to your chat rooms.
First create a budget using your AWS Management Console.
Next, use Amazon SNS console to grand permissions to your budget. To do that, go to Access policy, choose Advanced, in the policy text box after “Statement”: [, add the following text
{
"Sid": "for example, AWSBudgetsSNSPublishingPermissions",
"Effect": "Allow",
"Principal": {
"Service": "budgets.amazonaws.com"
},
"Action": "SNS:Publish",
"Resource": "your topic ARN"
},
Replace your topic ARN with the Amazon SNS topic ARN
Replace for example, AWSBudgetsSNSPublishingPermissions with a string.
Notification received on Slack
4. Create an AWS Support case using Slack
For this use case, you must have a subscription to an AWS Support plan.
To create an AWS Support case from Slack, enter @aws support create-case and follow the AWS Chatbot prompts to provide it with all the required parameters. For example, to provide a subject enter @aws subject SUBJECT STRING.
You can also run full command in one go by passing necessary parameter values as follows.
AWS Chatbot asks you to confirm creation of the case. After you choose Yes, AWS Chatbot returns the AWS Support case ID.
5. GuardDuty security threat alerts on Slack
Amazon GuardDuty reports its security incidents and threats through findings. Findings appear in the GuardDuty console and automatically appear as CloudWatch Events. GuardDuty generates finding types for different threat purpose.
In this example, we discuss how you can track and be notified on any stealth threat in your AWS account. Stealth threat can be an attacker’s attempt to disable logging to cover their tracks by reducing any trace of their activity while gaining access to your AWS resources for malicious purposes. This finding can be triggered by a successful deletion or update of a trail. It can also be triggered by a successful deletion of an S3 bucket that stores the logs from a trail that is associated with GuardDuty.
On AWS Management Console, search for Amazon CloudWatch and navigate to rules section. Create a CloudWatch rule that triggers on GuardDuty events. Select previously created Amazon SNS topic as Target.
Note: You can edit event pattern filter to fit your needs with the values as shown in the following screenshot:
When someone tries to disable AWS CloudTrail logging, such events get captured as findings on GuradDuty console.
In the following screenshot, you see the preceding finding notified on Slack channel.
6. Notify Slack on AWS CodePipeline errors
To receive notification when the AWS CodePipeline execution fails,
- Create an AWS CodePipeline. It can have multiple stages like source, build, and deploy.
- Configure notification rule
Create a notification rule for your AWS CodePipeline.
To receive AWS CodePipeline notifications, you can either select Amazon SNS topic or AWS Chatbot as the target from the dropdown list.
Notification of Slack
7. Monitor operations on AWS Systems Manager parameter
If you are using AWS Systems Manager parameter to store data such as passwords, database strings, Amazon Machine Image (AMI) IDs, and license codes as parameter values, you might want to monitor the operations occurring on them such as delete or update.
- Create a CloudWatch event to monitor the state of SSM Parameter Store. Set Amazon SNS topic you created earlier as the target to receive notification.
Notification of Slack
Troubleshooting AWS Chatbot
If you encounter issues when trying to receive notifications, click troubleshooting AWS Chatbot documentation.
Cleaning up
There is no additional charge for AWS Chatbot. You only pay for the underlying services that you use, in the same manner as if you were using them without AWS Chatbot. Make sure to delete any resources that you do not plan to use in the future to avoid incurring costs.
Conclusion
In this post, we described seven use cases where you can use AWS Chatbot to receive notifications on your Slack channel from different AWS services. This helps you proactively detect and fix issues in your infrastructure and avoid any major outages, security breaches, and cost deviations. We used AWS Management Console to do necessary configurations for each use case. You can automate these solutions based on your specific requirements using AWS CloudFormation or AWS CLI or SDK.
About the author
Mahek Pavagadhi is an Associate Cloud Developer at Amazon Web Services in San Francisco, CA. She has a Master’s Degree in Software Engineering with majors in Cloud Computing. She is passionate about cloud services and building solutions with it. Outside of work, she is an avid traveler who loves to explore local cafeterias. |