This module helps you to send AWS EventBrige events to Slack / Microsoft teams
This module creates EventBridge rules aws_cloudwatch_event_rule that:
- Capture ECS events
- Send them to a specified SNS topic
The SNS topic sends messages to Amazon Q Developer, which then distributes them to:
-
Slack
-
Microsoft Teams
- ECS Task State Changes
- ECS Deployment State Changes
- ECS Service Actions
module "ecs_to_slack" {
source = "../terraform-aws-ecs-events-to-slack"
name = "amazon_q_notifications"
# Enable ECS task state change events
enable_ecs_task_state_event_rule = true
# Filter events for specific ECS cluster
ecs_task_state_event_rule_detail = {
clusterArn = ["arn:aws:ecs:us-east-1:123456789012:your-cluster/services"]
}
# Optional: Provide existing SNS topic ARN
# If not provided, module will create a new SNS topic
sns_topic_arn = "arn:aws:sns:region:account-id:topic-name"
# Optional: Provide custom KMS key for SNS topic encryption
# If not provided, SNS topic will not use encryption.
# If you have server-side encryption enabled for your Amazon SNS topics, you must give permissions to the sending services in your AWS KMS key policy to post events to the encrypted SNS topics.
# In order to successfully test the configuration from the console, your role must also have permission to use the AWS KMS key.
# AWS managed service keys don’t allow you to modify access policies, so you will need AWS KMS/CMK for encrypted SNS topics. You can then update the access permissions in the AWS KMS key policy to allow the service that sends messages to publish to your encrypted SNS topics (for example, EventBridge).
# https://docs.aws.amazon.com/chatbot/latest/adminguide/chatbot-troubleshooting.html
kms_master_key_id = "arn:aws:kms:region:account-id:key/key-id"
}- Amazon Q Developer workspace must be configured and accessible
- Chat bot must be subscribed to the SNS topic configuration
- If using existing SNS topic, ensure it has proper permissions for EventBridge to publish messages
- The module will create a new SNS topic if
sns_topic_arnis not provided - If you provide an existing SNS topic, ensure it has the correct permissions and encryption settings
- Chat bot must be properly configured in your Amazon Q Developer workspace to receive notifications
- Make sure to subscribe your chat bot to the SNS topic configuration after deployment
The module sends events in the following format that is compatible with Amazon Q Developer:
{
"version": "1.0",
"source": "custom",
"id": "<event_id>",
"content": {
"textType": "client-markdown",
"title": "<event_type>",
"description": "<formatted_message>",
"keywords": ["<region>"]
},
"metadata": {
"threadId": "<event_id>",
"summary": "<event_type>",
"eventType": "<event_type>",
"relatedResources": ["<resource_arns>"],
"additionalContext": {
"account": "<aws_account>",
"time": "<event_time>"
}
}
}- ECS Events Documentation
- EventBridge Patterns
- EventBridge Input Transformation
- Amazon Q Developer Documentation
If you use a custom KMS key for SNS topic encryption, you must add the following statement to your KMS key policy to allow EventBridge (CloudWatch Events) to publish to the encrypted SNS topic:
{
"Sid": "Allow CWE to use the key",
"Effect": "Allow",
"Principal": {
"Service": "events.amazonaws.com"
},
"Action": [
"kms:Decrypt",
"kms:GenerateDataKey"
],
"Resource": "*"
}This allows EventBridge to generate data keys and decrypt messages for publishing to the encrypted SNS topic. Without this policy, EventBridge will not be able to send events to your encrypted SNS topic.
| Name | Version |
|---|---|
| terraform | >= 0.13.1 |
| aws | >= 5.61.0 |
| Name | Version |
|---|---|
| aws | >= 5.61.0 |
No modules.
| Name | Type |
|---|---|
| aws_cloudwatch_event_rule.this | resource |
| aws_cloudwatch_event_target.this | resource |
| aws_sns_topic.this | resource |
| aws_sns_topic_policy.this | resource |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| custom_event_rules | A map of objects representing the custom EventBridge rule which will be created in addition to the default rules. | map(any) |
{} |
no |
| ecs_deployment_state_event_rule_detail | The content of the detail section in the EvenBridge Rule for ECS Deployment State Change events. Use it to filter the events which will be processed and sent to Slack. |
any |
{ |
no |
| ecs_service_action_event_rule_detail | The content of the detail section in the EvenBridge Rule for ECS Service Action events. Use it to filter the events which will be processed and sent to Slack. |
any |
{ |
no |
| ecs_task_state_event_rule_detail | The content of the detail section in the EvenBridge Rule for ECS Task State Change events. Use it to filter the events which will be processed and sent to Slack. |
any |
{ |
no |
| enable_ecs_deployment_state_event_rule | The boolean flag enabling the EvenBridge Rule for ECS Deployment State Change events. The detail section of this rule is configured with ecs_deployment_state_event_rule_detail variable. |
bool |
true |
no |
| enable_ecs_service_action_event_rule | The boolean flag enabling the EvenBridge Rule for ECS Service Action events. The detail section of this rule is configured with ecs_service_action_event_rule_detail variable. |
bool |
true |
no |
| enable_ecs_task_state_event_rule | The boolean flag enabling the EvenBridge Rule for ECS Task State Change events. The detail section of this rule is configured with ecs_task_state_event_rule_detail variable. |
bool |
true |
no |
| kms_master_key_id | The ID of an AWS-managed customer master key (CMK) for Amazon SNS or a custom CMK. If not provided, will use default AWS SNS key | string |
"" |
no |
| name | Name to be used on all the resources as identifier | string |
"aws-eventbridge-to-amazon-q-developer" |
no |
| sns_topic_arn | The ARN of the SNS topic used for notifications, If not provided, topic will create SNS topic it self | string |
"" |
no |
| tags | A map of tags to add to all resources | map(string) |
{} |
no |
| Name | Description |
|---|---|
| sns_topic_arn | ARN create SNS topic |