Search code examples
amazon-web-servicesaws-cloudformationamazon-snsaws-event-bridgeaws-chatbot

AWS Chatbot not publishing to Slack

I'm trying to create a Chatbox using CloudFormation. When testing it by creating a message in the Notifaction Topi nothing is published to slack.

notifications.yml

AWSTemplateFormatVersion: 2010-09-09
Transform:
  - AWS::Serverless-2016-10-31

Parameters:
  Team:
    Type: String
  Environment:
    Type: String
  Domain:
    Type: String
  Channel:
    Type: String
  Workspace:
    Type: String

Resources:
  PipelineNotificationTopic:
    Type: AWS::SNS::Topic
    Properties:
      Tags:
        - Key: Domain
          Value: "CICD"
        - Key: Team
          Value: "Engineering"
      TopicName: "PipelineStatus"

  PipelineEventRule:
    Type: AWS::Events::Rule
    Properties:
      Description: "PipelineEventRule"
      EventPattern:
        source:
          - "aws.codepipeline"
        detail-type:
          - "CodePipeline Pipeline Execution State Change"
        detail:
          state:
            - STARTED
            - CANCELED
            - FAILED
            - SUCCEEDED
      State: "ENABLED"
      Targets:
        - Arn:
            Ref: PipelineNotificationTopic
          Id: "PipelineNotificationTopic"

  SlackBot:
    Type: AWS::Chatbot::SlackChannelConfiguration
    Properties:
      ConfigurationName: !Sub ${Team}-${Environment}-${Domain}
      IamRoleArn: !GetAtt Role.Arn
      SlackChannelId: !Ref Channel
      SlackWorkspaceId: !Ref Workspace
      SnsTopicArns: 
        - !Ref PipelineNotificationTopic

  Role:
    Type: AWS::IAM::Role
    Properties:
      AssumeRolePolicyDocument:
        Version: "2012-10-17"
        Statement:
          - Effect: Allow
            Principal:
              Service: chatbot.amazonaws.com
            Action: sts:AssumeRole
      Policies:
        - PolicyName: Events
          PolicyDocument:
            Version: 2012-10-17
            Statement:
              - Effect: Allow
                Action:
                  - "events:*"
                Resource:
                  - "*"
Solution

  • You need to authorize the slack channel to listen to the published SNS notifications. Refer to link [1] for more information on a step-by-step. Also, I would take their advice and open up IAM permissions using Amazon's pre-defined roles. (Like AWS-Chatbot-NotificationsOnly-Policy, AWS-Chatbot-LambdaInvoke-Policy, AWS-Chatbot-ReadOnly-Commands-Policy - If you think they are too permissive, you can dial them back with custom policies once you get it working). More information on that at link [2].

    1 https://docs.aws.amazon.com/chatbot/latest/adminguide/getting-started.html

    2 https://docs.aws.amazon.com/chatbot/latest/adminguide/getting-started.html#editing-iam-roles-for-chatbot