From 991c83000b06ac9b548af1fafe86d561b3b0df4d Mon Sep 17 00:00:00 2001 From: Cris Daniluk Date: Sun, 2 Jun 2019 16:12:18 -0400 Subject: [PATCH 1/6] Ran upgrade, manually tweaked some gaps and did basic testing --- iam.tf | 31 +++++++++++++-------- main.tf | 76 +++++++++++++++++++++++++++++++--------------------- outputs.tf | 26 ++++++++++++------ variables.tf | 4 +++ versions.tf | 4 +++ 5 files changed, 92 insertions(+), 49 deletions(-) create mode 100644 versions.tf diff --git a/iam.tf b/iam.tf index 54711709..63f52c75 100644 --- a/iam.tf +++ b/iam.tf @@ -1,5 +1,5 @@ data "aws_iam_policy_document" "assume_role" { - count = "${var.create}" + count = var.create ? 1 : 0 statement { effect = "Allow" @@ -14,7 +14,7 @@ data "aws_iam_policy_document" "assume_role" { } data "aws_iam_policy_document" "lambda_basic" { - count = "${var.create}" + count = var.create ? 1 : 0 statement { sid = "AllowWriteToCloudwatchLogs" @@ -32,9 +32,9 @@ data "aws_iam_policy_document" "lambda_basic" { } data "aws_iam_policy_document" "lambda" { - count = "${(var.create_with_kms_key == 1 ? 1 : 0) * var.create}" + count = var.create_with_kms_key || var.create ? 1 : 0 - source_json = "${data.aws_iam_policy_document.lambda_basic.0.json}" + source_json = data.aws_iam_policy_document.lambda_basic[0].json statement { sid = "AllowKMSDecrypt" @@ -43,22 +43,31 @@ data "aws_iam_policy_document" "lambda" { actions = ["kms:Decrypt"] - resources = ["${var.kms_key_arn == "" ? "" : var.kms_key_arn}"] + resources = [var.kms_key_arn == "" ? "" : var.kms_key_arn] } } resource "aws_iam_role" "lambda" { - count = "${var.create}" + count = var.create ? 1 : 0 name_prefix = "lambda" - assume_role_policy = "${data.aws_iam_policy_document.assume_role.0.json}" + assume_role_policy = data.aws_iam_policy_document.assume_role[0].json } resource "aws_iam_role_policy" "lambda" { - count = "${var.create}" + count = var.create ? 1 : 0 name_prefix = "lambda-policy-" - role = "${aws_iam_role.lambda.0.id}" - - policy = "${element(compact(concat(data.aws_iam_policy_document.lambda.*.json, data.aws_iam_policy_document.lambda_basic.*.json)), 0)}" + role = aws_iam_role.lambda[0].id + + policy = element( + compact( + concat( + data.aws_iam_policy_document.lambda.*.json, + data.aws_iam_policy_document.lambda_basic.*.json, + ), + ), + 0, + ) } + diff --git a/main.tf b/main.tf index 0ca24103..016d306d 100644 --- a/main.tf +++ b/main.tf @@ -1,84 +1,100 @@ data "aws_sns_topic" "this" { - count = "${(1 - var.create_sns_topic) * var.create}" + count = var.create_sns_topic && var.create ? 0 : 1 - name = "${var.sns_topic_name}" + name = var.sns_topic_name } resource "aws_sns_topic" "this" { - count = "${var.create_sns_topic * var.create}" + count = var.create_sns_topic && var.create ? 1 : 0 - name = "${var.sns_topic_name}" + name = var.sns_topic_name } locals { - sns_topic_arn = "${element(concat(aws_sns_topic.this.*.arn, data.aws_sns_topic.this.*.arn, list("")), 0)}" + sns_topic_arn = element( + concat( + aws_sns_topic.this.*.arn, + data.aws_sns_topic.this.*.arn, + [""], + ), + 0, + ) } resource "aws_sns_topic_subscription" "sns_notify_slack" { - count = "${var.create}" + count = var.create ? 1 : 0 - topic_arn = "${local.sns_topic_arn}" + topic_arn = local.sns_topic_arn protocol = "lambda" - endpoint = "${aws_lambda_function.notify_slack.0.arn}" + endpoint = aws_lambda_function.notify_slack[0].arn } resource "aws_lambda_permission" "sns_notify_slack" { - count = "${var.create}" + count = var.create ? 1 : 0 statement_id = "AllowExecutionFromSNS" action = "lambda:InvokeFunction" - function_name = "${aws_lambda_function.notify_slack.0.function_name}" + function_name = aws_lambda_function.notify_slack[0].function_name principal = "sns.amazonaws.com" - source_arn = "${local.sns_topic_arn}" + source_arn = local.sns_topic_arn } data "null_data_source" "lambda_file" { - inputs { - filename = "${substr("${path.module}/functions/notify_slack.py", length(path.cwd) + 1, -1)}" + inputs = { + filename = substr( + "${path.module}/functions/notify_slack.py", + length(path.cwd) + 1, + -1, + ) } } data "null_data_source" "lambda_archive" { - inputs { - filename = "${substr("${path.module}/functions/notify_slack.zip", length(path.cwd) + 1, -1)}" + inputs = { + filename = substr( + "${path.module}/functions/notify_slack.zip", + length(path.cwd) + 1, + -1, + ) } } data "archive_file" "notify_slack" { - count = "${var.create}" + count = var.create ? 1 : 0 type = "zip" - source_file = "${data.null_data_source.lambda_file.outputs.filename}" - output_path = "${data.null_data_source.lambda_archive.outputs.filename}" + source_file = data.null_data_source.lambda_file.outputs.filename + output_path = data.null_data_source.lambda_archive.outputs.filename } resource "aws_lambda_function" "notify_slack" { - count = "${var.create}" + count = var.create ? 1 : 0 - filename = "${data.archive_file.notify_slack.0.output_path}" + filename = data.archive_file.notify_slack[0].output_path - function_name = "${var.lambda_function_name}" + function_name = var.lambda_function_name - role = "${aws_iam_role.lambda.arn}" + role = aws_iam_role.lambda[0].arn handler = "notify_slack.lambda_handler" - source_code_hash = "${data.archive_file.notify_slack.0.output_base64sha256}" + source_code_hash = data.archive_file.notify_slack[0].output_base64sha256 runtime = "python3.6" timeout = 30 - kms_key_arn = "${var.kms_key_arn}" + kms_key_arn = var.kms_key_arn environment { variables = { - SLACK_WEBHOOK_URL = "${var.slack_webhook_url}" - SLACK_CHANNEL = "${var.slack_channel}" - SLACK_USERNAME = "${var.slack_username}" - SLACK_EMOJI = "${var.slack_emoji}" + SLACK_WEBHOOK_URL = var.slack_webhook_url + SLACK_CHANNEL = var.slack_channel + SLACK_USERNAME = var.slack_username + SLACK_EMOJI = var.slack_emoji } } lifecycle { ignore_changes = [ - "filename", - "last_modified", + filename, + last_modified, ] } } + diff --git a/outputs.tf b/outputs.tf index 7f3c51c5..4dde23c0 100644 --- a/outputs.tf +++ b/outputs.tf @@ -1,39 +1,49 @@ output "this_slack_topic_arn" { description = "The ARN of the SNS topic from which messages will be sent to Slack" - value = "${local.sns_topic_arn}" + value = local.sns_topic_arn } output "lambda_iam_role_arn" { description = "The ARN of the IAM role used by Lambda function" - value = "${element(concat(aws_iam_role.lambda.*.arn, list("")), 0)}" + value = element(concat(aws_iam_role.lambda.*.arn, [""]), 0) } output "lambda_iam_role_name" { description = "The name of the IAM role used by Lambda function" - value = "${element(concat(aws_iam_role.lambda.*.arn, list("")), 0)}" + value = element(concat(aws_iam_role.lambda.*.arn, [""]), 0) } output "notify_slack_lambda_function_arn" { description = "The ARN of the Lambda function" - value = "${element(concat(aws_lambda_function.notify_slack.*.arn, list("")), 0)}" + value = element(concat(aws_lambda_function.notify_slack.*.arn, [""]), 0) } output "notify_slack_lambda_function_name" { description = "The name of the Lambda function" - value = "${element(concat(aws_lambda_function.notify_slack.*.function_name, list("")), 0)}" + value = element( + concat(aws_lambda_function.notify_slack.*.function_name, [""]), + 0, + ) } output "notify_slack_lambda_function_invoke_arn" { description = "The ARN to be used for invoking Lambda function from API Gateway" - value = "${element(concat(aws_lambda_function.notify_slack.*.invoke_arn, list("")), 0)}" + value = element( + concat(aws_lambda_function.notify_slack.*.invoke_arn, [""]), + 0, + ) } output "notify_slack_lambda_function_last_modified" { description = "The date Lambda function was last modified" - value = "${element(concat(aws_lambda_function.notify_slack.*.last_modified, list("")), 0)}" + value = element( + concat(aws_lambda_function.notify_slack.*.last_modified, [""]), + 0, + ) } output "notify_slack_lambda_function_version" { description = "Latest published version of your Lambda function" - value = "${element(concat(aws_lambda_function.notify_slack.*.version, list("")), 0)}" + value = element(concat(aws_lambda_function.notify_slack.*.version, [""]), 0) } + diff --git a/variables.tf b/variables.tf index 7759c661..7fc569a4 100644 --- a/variables.tf +++ b/variables.tf @@ -1,16 +1,19 @@ variable "create" { description = "Whether to create all resources" default = true + type = bool } variable "create_sns_topic" { description = "Whether to create new SNS topic" default = true + type = bool } variable "create_with_kms_key" { description = "Whether to create resources with KMS encryption" default = false + type = bool } variable "lambda_function_name" { @@ -43,3 +46,4 @@ variable "kms_key_arn" { description = "ARN of the KMS key used for decrypting slack webhook url" default = "" } + diff --git a/versions.tf b/versions.tf new file mode 100644 index 00000000..ac97c6ac --- /dev/null +++ b/versions.tf @@ -0,0 +1,4 @@ + +terraform { + required_version = ">= 0.12" +} From d757594d1bb78ad7b02ce8b055c63c5d76f1b048 Mon Sep 17 00:00:00 2001 From: Cris Daniluk Date: Sun, 2 Jun 2019 16:30:18 -0400 Subject: [PATCH 2/6] path ref was not behaving the same in 0.12 but did not seem to need to be this complicated anyway --- main.tf | 13 +++---------- 1 file changed, 3 insertions(+), 10 deletions(-) diff --git a/main.tf b/main.tf index 016d306d..e9b155a7 100644 --- a/main.tf +++ b/main.tf @@ -41,21 +41,14 @@ resource "aws_lambda_permission" "sns_notify_slack" { data "null_data_source" "lambda_file" { inputs = { - filename = substr( - "${path.module}/functions/notify_slack.py", - length(path.cwd) + 1, - -1, - ) + filename = "${path.module}/functions/notify_slack.py" } } data "null_data_source" "lambda_archive" { inputs = { - filename = substr( - "${path.module}/functions/notify_slack.zip", - length(path.cwd) + 1, - -1, - ) + filename = "${path.module}/functions/notify_slack.zip" + } } From cb111b97349f8e9645e3852467fe9e30b140ec92 Mon Sep 17 00:00:00 2001 From: Cris Daniluk Date: Sun, 2 Jun 2019 16:30:36 -0400 Subject: [PATCH 3/6] fixed logic when determining whether to add kms policy statement --- iam.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/iam.tf b/iam.tf index 63f52c75..8078a5c7 100644 --- a/iam.tf +++ b/iam.tf @@ -32,7 +32,7 @@ data "aws_iam_policy_document" "lambda_basic" { } data "aws_iam_policy_document" "lambda" { - count = var.create_with_kms_key || var.create ? 1 : 0 + count = var.create_with_kms_key && var.create ? 1 : 0 source_json = data.aws_iam_policy_document.lambda_basic[0].json From 54ceea71bdc3dd480f53a0785902f5714ff42fa3 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 12 Jun 2019 10:34:56 +0200 Subject: [PATCH 4/6] Upgraded module to support Terraform 0.12 --- .chglog/CHANGELOG.tpl.md | 51 +++++++ .chglog/config.yml | 10 ++ .pre-commit-config.yaml | 6 +- CHANGELOG.md | 143 ++++++++++++++++++ Makefile | 7 + README.md | 10 +- examples/cloudwatch-alerts-to-slack/README.md | 8 +- examples/cloudwatch-alerts-to-slack/main.tf | 33 +--- .../cloudwatch-alerts-to-slack/outputs.tf | 39 ++++- examples/notify-slack-kms/README.md | 80 ---------- examples/notify-slack-kms/main.tf | 35 ----- examples/notify-slack-kms/outputs.tf | 4 - examples/notify-slack-simple/README.md | 2 + examples/notify-slack-simple/outputs.tf | 41 ++++- iam.tf | 12 +- main.tf | 3 +- outputs.tf | 17 +-- variables.tf | 21 ++- versions.tf | 4 - 19 files changed, 334 insertions(+), 192 deletions(-) create mode 100644 .chglog/CHANGELOG.tpl.md create mode 100644 .chglog/config.yml create mode 100644 CHANGELOG.md create mode 100644 Makefile delete mode 100644 examples/notify-slack-kms/README.md delete mode 100644 examples/notify-slack-kms/main.tf delete mode 100644 examples/notify-slack-kms/outputs.tf delete mode 100644 versions.tf diff --git a/.chglog/CHANGELOG.tpl.md b/.chglog/CHANGELOG.tpl.md new file mode 100644 index 00000000..389f9114 --- /dev/null +++ b/.chglog/CHANGELOG.tpl.md @@ -0,0 +1,51 @@ +{{ if .Versions -}} + +## [Unreleased] +{{ if .Unreleased.CommitGroups -}} +{{ range .Unreleased.CommitGroups -}} +### {{ .Title }} +{{ range .Commits -}} +- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} +{{ end }} +{{ end -}} +{{ else }} +{{ range .Unreleased.Commits -}} +- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} +{{ end }} +{{ end -}} +{{ end -}} + +{{ range .Versions }} + +## {{ if .Tag.Previous }}[{{ .Tag.Name }}]{{ else }}{{ .Tag.Name }}{{ end }} - {{ datetime "2006-01-02" .Tag.Date }} +{{ if .CommitGroups -}} +{{ range .CommitGroups -}} +### {{ .Title }} +{{ range .Commits -}} +- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} +{{ end }} +{{ end -}} +{{ else }} +{{ range .Commits -}} +- {{ if .Scope }}**{{ .Scope }}:** {{ end }}{{ .Subject }} +{{ end }} +{{ end -}} + +{{- if .NoteGroups -}} +{{ range .NoteGroups -}} +### {{ .Title }} +{{ range .Notes }} +{{ .Body }} +{{ end }} +{{ end -}} +{{ end -}} +{{ end -}} + +{{- if .Versions }} +[Unreleased]: {{ .Info.RepositoryURL }}/compare/{{ $latest := index .Versions 0 }}{{ $latest.Tag.Name }}...HEAD +{{ range .Versions -}} +{{ if .Tag.Previous -}} +[{{ .Tag.Name }}]: {{ $.Info.RepositoryURL }}/compare/{{ .Tag.Previous.Name }}...{{ .Tag.Name }} +{{ end -}} +{{ end -}} +{{ end -}} \ No newline at end of file diff --git a/.chglog/config.yml b/.chglog/config.yml new file mode 100644 index 00000000..17669e52 --- /dev/null +++ b/.chglog/config.yml @@ -0,0 +1,10 @@ +style: github +template: CHANGELOG.tpl.md +info: + title: CHANGELOG + repository_url: https://github.com/terraform-aws-modules/terraform-aws-notify-slack +options: + header: + pattern: "^(.*)$" + pattern_maps: + - Subject diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 804e5bb6..f0e6b77e 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -1,10 +1,10 @@ repos: - repo: git://github.com/antonbabenko/pre-commit-terraform - rev: v1.7.3 + rev: v1.12.0 hooks: - id: terraform_fmt - - id: terraform_docs +# - id: terraform_docs - repo: git://github.com/pre-commit/pre-commit-hooks - rev: v1.3.0 + rev: v2.2.3 hooks: - id: check-merge-conflict diff --git a/CHANGELOG.md b/CHANGELOG.md new file mode 100644 index 00000000..3b1f41f6 --- /dev/null +++ b/CHANGELOG.md @@ -0,0 +1,143 @@ + +## [Unreleased] + + + + +## [v2.0.0] - 2019-06-02 + +- fixed logic when determining whether to add kms policy statement +- path ref was not behaving the same in 0.12 but did not seem to need to be this complicated anyway +- Ran upgrade, manually tweaked some gaps and did basic testing + + + +## [v1.13.0] - 2019-02-22 + +- need to convert from json string to dict when extracting message from event ([#30](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/30)) + + + +## [v1.12.0] - 2019-02-21 + +- Pass the subject ot default_notification ([#29](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/29)) + + + +## [v1.11.0] - 2018-12-28 + +- No longer parsing the SNS event as incoming JSON ([#23](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/23)) + + + +## [v1.10.0] - 2018-08-20 + +- Fixed bug which causes apply failure when create = false ([#19](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/19)) + + + +## [v1.9.0] - 2018-06-21 + +- Allow computed KMS key value (fixed [#10](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/10)) ([#18](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/18)) + + + +## [v1.8.0] - 2018-06-20 + +- include short alarm name in slack notification text ([#14](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/14)) + + + +## [v1.7.0] - 2018-06-20 + +- Renamed enable to create, minor fixes after [#15](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/15) +- Add flag to enable/disable creation of resources ([#15](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/15)) + + + +## [v1.6.0] - 2018-06-19 + +- Fixed formatting +- Fix Lambda path in shared state ([#17](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/17)) +- Fixed spelling a bit +- Cirumvent TF's path.module limitation for lambda filenames +- Cirumvent TF's path.module limitation for lambda filenames +- Cirumvent TF's path.module limitation for lambda filenames + + + +## [v1.5.0] - 2018-06-06 + +- Fixed formatting (ran 'pre-commit run -a') +- Add in slack emoji support ([#11](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/11)) +- Update comments in examples/ about aws_kms_ciphertext ([#12](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/12)) + + + +## [v1.4.0] - 2018-06-05 + +- Ignore `last_modified` timestamp deciding whether to do an update ([#9](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/9)) +- Updated formatting in examples + + + +## [v1.3.0] - 2018-05-29 + +- Ignore changes in filename (fixed [#6](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/6)) + + + +## [v1.2.0] - 2018-05-16 + +- Added pre-commit hook to autogenerate terraform-docs ([#7](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/7)) + + + +## [v1.1.0] - 2018-03-22 + +- Feature/lambda function name variable ([#5](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/5)) + + + +## [v1.0.1] - 2018-02-22 + +- Fix mismatch in alarm state labels and values ([#4](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/4)) + + + +## [v1.0.0] - 2018-02-15 + +- Added better code, examples, docs ([#2](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/2)) + + + +## v0.0.1 - 2018-02-12 + +- Merge pull request [#1](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/issues/1) from nazartm/cloudwatch-event +- Add encrypted webhook URL example +- Fix decryption of webhook URL +- Update readme +- Add basic example +- Make KMS optional +- Add README description +- Add preliminary cloudwatch event handling lambda +- Initial commit + + +[Unreleased]: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v2.0.0...HEAD +[v2.0.0]: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v1.13.0...v2.0.0 +[v1.13.0]: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v1.12.0...v1.13.0 +[v1.12.0]: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v1.11.0...v1.12.0 +[v1.11.0]: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v1.10.0...v1.11.0 +[v1.10.0]: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v1.9.0...v1.10.0 +[v1.9.0]: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v1.8.0...v1.9.0 +[v1.8.0]: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v1.7.0...v1.8.0 +[v1.7.0]: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v1.6.0...v1.7.0 +[v1.6.0]: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v1.5.0...v1.6.0 +[v1.5.0]: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v1.4.0...v1.5.0 +[v1.4.0]: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v1.3.0...v1.4.0 +[v1.3.0]: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v1.2.0...v1.3.0 +[v1.2.0]: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v1.1.0...v1.2.0 +[v1.1.0]: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v1.0.1...v1.1.0 +[v1.0.1]: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v1.0.0...v1.0.1 +[v1.0.0]: https://github.com/terraform-aws-modules/terraform-aws-notify-slack/compare/v0.0.1...v1.0.0 diff --git a/Makefile b/Makefile new file mode 100644 index 00000000..558dac5a --- /dev/null +++ b/Makefile @@ -0,0 +1,7 @@ +.PHONY: changelog release + +changelog: + git-chglog -o CHANGELOG.md --next-tag `semtag final -s minor -o` + +release: + semtag final -s minor diff --git a/README.md b/README.md index 89f041c5..f92c7629 100644 --- a/README.md +++ b/README.md @@ -4,6 +4,12 @@ This module creates SNS topic (or use existing one) and a AWS Lambda function wh Start by setting up an [incoming webhook integration](https://my.slack.com/services/new/incoming-webhook/) in your Slack workspace. +## Terraform versions + +Terraform 0.12. Pin module version to `~> v2.0`. Submit pull-requests to `master` branch. + +Terraform 0.11. Pin module version to `~> v1.0`. Submit pull-requests to `terraform011` branch. + ## Features - [x] AWS Lambda runtime Python 3.6 @@ -18,7 +24,8 @@ Start by setting up an [incoming webhook integration](https://my.slack.com/servi ```hcl module "notify_slack" { - source = "terraform-aws-modules/notify-slack/aws" + source = "terraform-aws-modules/notify-slack/aws" + version = "~> 2.0" sns_topic_name = "slack-topic" @@ -35,7 +42,6 @@ If you want to subscribe AWS Lambda Function created by this module to an existi ## Examples * [notify-slack-simple](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/tree/master/examples/notify-slack-simple) - Creates SNS topic which sends messages to Slack channel. -* [notify-slack-kms](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/tree/master/examples/notify-slack-simple) - Creates SNS topic which sends messages to Slack channel (using KMS to encrypt Slack webhook URL). * [cloudwatch-alerts-to-slack](https://github.com/terraform-aws-modules/terraform-aws-notify-slack/tree/master/examples/cloudwatch-alerts-to-slack) - End to end example which shows how to send AWS Cloudwatch alerts to Slack channel and use KMS to encrypt webhook URL. diff --git a/examples/cloudwatch-alerts-to-slack/README.md b/examples/cloudwatch-alerts-to-slack/README.md index 76416e0f..ec8016d2 100644 --- a/examples/cloudwatch-alerts-to-slack/README.md +++ b/examples/cloudwatch-alerts-to-slack/README.md @@ -21,10 +21,10 @@ resource "aws_kms_key" "this" { resource "aws_kms_alias" "this" { name = "alias/kms-test-key" - target_key_id = "${aws_kms_key.this.id}" + target_key_id = aws_kms_key.this.id } -// kms_key_arn = "${aws_kms_key.this.arn}" +// kms_key_arn = aws_kms_key.this.arn // create_with_kms_key = true ``` @@ -35,7 +35,7 @@ data "aws_kms_alias" "this" { name = "alias/kms-test-key" } -// kms_key_arn = "${data.aws_kms_alias.this.target_key_arn}" +// kms_key_arn = data.aws_kms_alias.this.target_key_arn // create_with_kms_key = true ``` @@ -46,7 +46,7 @@ variable "kms_key_arn" { default = "arn:aws:kms:eu-west-1:835367859851:key/054b4846-95fe-4537-94f2-1dfd255238cf" } -// kms_key_arn = "${var.kms_key_arn}" +// kms_key_arn = var.kms_key_arn // create_with_kms_key = true ``` diff --git a/examples/cloudwatch-alerts-to-slack/main.tf b/examples/cloudwatch-alerts-to-slack/main.tf index c52e8087..524c0e82 100644 --- a/examples/cloudwatch-alerts-to-slack/main.tf +++ b/examples/cloudwatch-alerts-to-slack/main.tf @@ -2,24 +2,15 @@ provider "aws" { region = "eu-west-1" } -variable "kms_key_arn" { - default = "arn:aws:kms:eu-west-1:000014191260:key/66db1c5d-d42b-4e28-8efb-07a9cf607a73" -} - resource "aws_kms_key" "this" { description = "KMS key for notify-slack test" } -resource "aws_kms_alias" "this" { - name = "alias/kms-test-key" - target_key_id = "${aws_kms_key.this.id}" -} - # Encrypt the URL, storing encryption here will show it in logs and in tfstate # https://www.terraform.io/docs/state/sensitive-data.html -data "aws_kms_ciphertext" "slack_url" { +resource "aws_kms_ciphertext" "slack_url" { plaintext = "https://hooks.slack.com/services/AAA/BBB/CCC" - key_id = "${aws_kms_key.this.arn}" + key_id = aws_kms_key.this.arn } module "notify_slack" { @@ -27,21 +18,11 @@ module "notify_slack" { sns_topic_name = "slack-topic" - slack_webhook_url = "${data.aws_kms_ciphertext.slack_url.ciphertext_blob}" + slack_webhook_url = aws_kms_ciphertext.slack_url.ciphertext_blob slack_channel = "aws-notification" slack_username = "reporter" - # Option 1 - kms_key_arn = "${aws_kms_key.this.arn}" - - # Option 2 - // kms_key_arn = "${data.aws_kms_alias.this.target_key_arn}" - - - # Option 3 - // kms_key_arn = "${var.kms_key_arn}" - - create_with_kms_key = true + kms_key_arn = aws_kms_key.this.arn } resource "aws_cloudwatch_metric_alarm" "LambdaDuration" { @@ -55,9 +36,9 @@ resource "aws_cloudwatch_metric_alarm" "LambdaDuration" { threshold = "5000" alarm_description = "Duration of notifying slack exceeds threshold" - alarm_actions = ["${module.notify_slack.this_slack_topic_arn}"] + alarm_actions = [module.notify_slack.this_slack_topic_arn] - dimensions { - FunctionName = "${module.notify_slack.notify_slack_lambda_function_name}" + dimensions = { + FunctionName = module.notify_slack.notify_slack_lambda_function_name } } diff --git a/examples/cloudwatch-alerts-to-slack/outputs.tf b/examples/cloudwatch-alerts-to-slack/outputs.tf index 18b225ec..2137b5a6 100644 --- a/examples/cloudwatch-alerts-to-slack/outputs.tf +++ b/examples/cloudwatch-alerts-to-slack/outputs.tf @@ -1,4 +1,39 @@ output "this_sns_topic_arn" { - description = "The ARN of the created SNS topic from which messages will be sent to Slack" - value = "${module.notify_slack.this_slack_topic_arn}" + description = "The ARN of the SNS topic from which messages will be sent to Slack" + value = module.notify_slack.this_slack_topic_arn +} + +output "lambda_iam_role_arn" { + description = "The ARN of the IAM role used by Lambda function" + value = module.notify_slack.lambda_iam_role_arn +} + +output "lambda_iam_role_name" { + description = "The name of the IAM role used by Lambda function" + value = module.notify_slack.lambda_iam_role_name +} + +output "notify_slack_lambda_function_arn" { + description = "The ARN of the Lambda function" + value = module.notify_slack.notify_slack_lambda_function_arn +} + +output "notify_slack_lambda_function_name" { + description = "The name of the Lambda function" + value = module.notify_slack.notify_slack_lambda_function_name +} + +output "notify_slack_lambda_function_invoke_arn" { + description = "The ARN to be used for invoking Lambda function from API Gateway" + value = module.notify_slack.notify_slack_lambda_function_invoke_arn +} + +output "notify_slack_lambda_function_last_modified" { + description = "The date Lambda function was last modified" + value = module.notify_slack.notify_slack_lambda_function_last_modified +} + +output "notify_slack_lambda_function_version" { + description = "Latest published version of your Lambda function" + value = module.notify_slack.notify_slack_lambda_function_version } diff --git a/examples/notify-slack-kms/README.md b/examples/notify-slack-kms/README.md deleted file mode 100644 index a803acf8..00000000 --- a/examples/notify-slack-kms/README.md +++ /dev/null @@ -1,80 +0,0 @@ -# Slack notification with KMS encrypted webhook URL - -Configuration in this directory creates an SNS topic that sends messages to a Slack channel with Slack webhook URL encrypted using KMS. - -## KMS keys - -There are 3 ways to define KMS key which should be used by Lambda function: - -1. Create [aws_kms_key resource](https://www.terraform.io/docs/providers/aws/r/kms_key.html) and put ARN of it as `kms_key_arn` argument to this module -1. Use [aws_kms_alias data-source](https://www.terraform.io/docs/providers/aws/d/kms_alias.html) to get an existing KMS key alias and put ARN of it as `kms_key_arn` argument to this module -1. Hard-code the ARN of KMS key - -Note: Set `create_with_kms_key = true` when providing value of `kms_key_arn` to create required IAM policy which allows to decrypt using specified KMS key. - -### Option 1: -``` -resource "aws_kms_key" "this" { - description = "KMS key for notify-slack test" -} - -resource "aws_kms_alias" "this" { - name = "alias/kms-test-key" - target_key_id = "${aws_kms_key.this.id}" -} - -// kms_key_arn = "${aws_kms_key.this.arn}" -// create_with_kms_key = true -``` - -### Option 2: - -``` -data "aws_kms_alias" "this" { - name = "alias/kms-test-key" -} - -// kms_key_arn = "${data.aws_kms_alias.this.target_key_arn}" -// create_with_kms_key = true -``` - -### Option 3: - -``` -variable "kms_key_arn" { - default = "arn:aws:kms:eu-west-1:835367859851:key/054b4846-95fe-4537-94f2-1dfd255238cf" -} - -// kms_key_arn = "${var.kms_key_arn}" -// create_with_kms_key = true -``` - -## Usage - -To run this example you need to execute: - -```bash -$ terraform init -$ terraform plan -$ terraform apply -``` - -Note that in practice, encryption of the Slack webhook URL should happen differently (outside of this module). - -Note that this example may create resources which can cost money. Run `terraform destroy` when you don't need these resources. - - - -## Inputs - -| Name | Description | Type | Default | Required | -|------|-------------|:----:|:-----:|:-----:| -| kms_key_arn | | string | `arn:aws:kms:eu-west-1:000014191260:key/66db1c5d-d42b-4e28-8efb-07a9cf607a73` | no | - -## Outputs - -| Name | Description | -|------|-------------| -| this_sns_topic_arn | The ARN of the created SNS topic from which messages will be sent to Slack | - - diff --git a/examples/notify-slack-kms/main.tf b/examples/notify-slack-kms/main.tf deleted file mode 100644 index 87ca5958..00000000 --- a/examples/notify-slack-kms/main.tf +++ /dev/null @@ -1,35 +0,0 @@ -provider "aws" { - region = "eu-west-1" -} - -variable "kms_key_arn" { - default = "arn:aws:kms:eu-west-1:000014191260:key/66db1c5d-d42b-4e28-8efb-07a9cf607a73" -} - -# Encrypt the URL, storing encryption here will show it in logs and in tfstate -# https://www.terraform.io/docs/state/sensitive-data.html -data "aws_kms_ciphertext" "slack_url" { - plaintext = "https://hooks.slack.com/services/AAA/BBB/CCC" - key_id = "${var.kms_key_arn}" -} - -module "notify_slack" { - source = "../../" - - sns_topic_name = "slack-topic" - - slack_webhook_url = "${data.aws_kms_ciphertext.slack_url.ciphertext_blob}" - slack_channel = "aws-notification" - slack_username = "reporter" - - # Option 1 - // kms_key_arn = "${aws_kms_key.this.arn}" - - - # Option 2 - // kms_key_arn = "${data.aws_kms_alias.this.target_key_arn}" - - # Option 3 - kms_key_arn = "${var.kms_key_arn}" - create_with_kms_key = true -} diff --git a/examples/notify-slack-kms/outputs.tf b/examples/notify-slack-kms/outputs.tf deleted file mode 100644 index 18b225ec..00000000 --- a/examples/notify-slack-kms/outputs.tf +++ /dev/null @@ -1,4 +0,0 @@ -output "this_sns_topic_arn" { - description = "The ARN of the created SNS topic from which messages will be sent to Slack" - value = "${module.notify_slack.this_slack_topic_arn}" -} diff --git a/examples/notify-slack-simple/README.md b/examples/notify-slack-simple/README.md index 040d96c2..f5c73eb0 100644 --- a/examples/notify-slack-simple/README.md +++ b/examples/notify-slack-simple/README.md @@ -3,6 +3,8 @@ Basic Slack notification Configuration in this directory creates an SNS topic that sends messages to a Slack channel. +Note, this example does not use KMS key. + Usage ===== diff --git a/examples/notify-slack-simple/outputs.tf b/examples/notify-slack-simple/outputs.tf index 8ca7a923..2137b5a6 100644 --- a/examples/notify-slack-simple/outputs.tf +++ b/examples/notify-slack-simple/outputs.tf @@ -1,4 +1,39 @@ -output "sns_topic_arn" { - description = "ARN of the created SNS topic for Slack" - value = "${module.notify_slack.this_slack_topic_arn}" +output "this_sns_topic_arn" { + description = "The ARN of the SNS topic from which messages will be sent to Slack" + value = module.notify_slack.this_slack_topic_arn +} + +output "lambda_iam_role_arn" { + description = "The ARN of the IAM role used by Lambda function" + value = module.notify_slack.lambda_iam_role_arn +} + +output "lambda_iam_role_name" { + description = "The name of the IAM role used by Lambda function" + value = module.notify_slack.lambda_iam_role_name +} + +output "notify_slack_lambda_function_arn" { + description = "The ARN of the Lambda function" + value = module.notify_slack.notify_slack_lambda_function_arn +} + +output "notify_slack_lambda_function_name" { + description = "The name of the Lambda function" + value = module.notify_slack.notify_slack_lambda_function_name +} + +output "notify_slack_lambda_function_invoke_arn" { + description = "The ARN to be used for invoking Lambda function from API Gateway" + value = module.notify_slack.notify_slack_lambda_function_invoke_arn +} + +output "notify_slack_lambda_function_last_modified" { + description = "The date Lambda function was last modified" + value = module.notify_slack.notify_slack_lambda_function_last_modified +} + +output "notify_slack_lambda_function_version" { + description = "Latest published version of your Lambda function" + value = module.notify_slack.notify_slack_lambda_function_version } diff --git a/iam.tf b/iam.tf index 8078a5c7..112971f6 100644 --- a/iam.tf +++ b/iam.tf @@ -32,7 +32,7 @@ data "aws_iam_policy_document" "lambda_basic" { } data "aws_iam_policy_document" "lambda" { - count = var.create_with_kms_key && var.create ? 1 : 0 + count = var.kms_key_arn != "" && var.create ? 1 : 0 source_json = data.aws_iam_policy_document.lambda_basic[0].json @@ -43,7 +43,7 @@ data "aws_iam_policy_document" "lambda" { actions = ["kms:Decrypt"] - resources = [var.kms_key_arn == "" ? "" : var.kms_key_arn] + resources = [var.kms_key_arn] } } @@ -61,11 +61,9 @@ resource "aws_iam_role_policy" "lambda" { role = aws_iam_role.lambda[0].id policy = element( - compact( - concat( - data.aws_iam_policy_document.lambda.*.json, - data.aws_iam_policy_document.lambda_basic.*.json, - ), + concat( + data.aws_iam_policy_document.lambda.*.json, + data.aws_iam_policy_document.lambda_basic.*.json, ), 0, ) diff --git a/main.tf b/main.tf index e9b155a7..05232d11 100644 --- a/main.tf +++ b/main.tf @@ -1,5 +1,5 @@ data "aws_sns_topic" "this" { - count = var.create_sns_topic && var.create ? 0 : 1 + count = false == var.create_sns_topic && var.create ? 1 : 0 name = var.sns_topic_name } @@ -48,7 +48,6 @@ data "null_data_source" "lambda_file" { data "null_data_source" "lambda_archive" { inputs = { filename = "${path.module}/functions/notify_slack.zip" - } } diff --git a/outputs.tf b/outputs.tf index 4dde23c0..cf71f757 100644 --- a/outputs.tf +++ b/outputs.tf @@ -10,7 +10,7 @@ output "lambda_iam_role_arn" { output "lambda_iam_role_name" { description = "The name of the IAM role used by Lambda function" - value = element(concat(aws_iam_role.lambda.*.arn, [""]), 0) + value = element(concat(aws_iam_role.lambda.*.name, [""]), 0) } output "notify_slack_lambda_function_arn" { @@ -20,26 +20,17 @@ output "notify_slack_lambda_function_arn" { output "notify_slack_lambda_function_name" { description = "The name of the Lambda function" - value = element( - concat(aws_lambda_function.notify_slack.*.function_name, [""]), - 0, - ) + value = element(concat(aws_lambda_function.notify_slack.*.function_name, [""]), 0) } output "notify_slack_lambda_function_invoke_arn" { description = "The ARN to be used for invoking Lambda function from API Gateway" - value = element( - concat(aws_lambda_function.notify_slack.*.invoke_arn, [""]), - 0, - ) + value = element(concat(aws_lambda_function.notify_slack.*.invoke_arn, [""]), 0) } output "notify_slack_lambda_function_last_modified" { description = "The date Lambda function was last modified" - value = element( - concat(aws_lambda_function.notify_slack.*.last_modified, [""]), - 0, - ) + value = element(concat(aws_lambda_function.notify_slack.*.last_modified, [""]), 0) } output "notify_slack_lambda_function_version" { diff --git a/variables.tf b/variables.tf index 7fc569a4..4a9074f3 100644 --- a/variables.tf +++ b/variables.tf @@ -1,49 +1,56 @@ variable "create" { description = "Whether to create all resources" - default = true type = bool + default = true } variable "create_sns_topic" { description = "Whether to create new SNS topic" - default = true type = bool + default = true } -variable "create_with_kms_key" { - description = "Whether to create resources with KMS encryption" - default = false - type = bool -} +//variable "create_with_kms_key" { +// description = "Whether to create resources with KMS encryption" +// type = bool +// default = false +//} variable "lambda_function_name" { description = "The name of the Lambda function to create" + type = string default = "notify_slack" } variable "sns_topic_name" { description = "The name of the SNS topic to create" + type = string } variable "slack_webhook_url" { description = "The URL of Slack webhook" + type = string } variable "slack_channel" { description = "The name of the channel in Slack for notifications" + type = string } variable "slack_username" { description = "The username that will appear on Slack messages" + type = string } variable "slack_emoji" { description = "A custom emoji that will appear on Slack messages" + type = string default = ":aws:" } variable "kms_key_arn" { description = "ARN of the KMS key used for decrypting slack webhook url" + type = string default = "" } diff --git a/versions.tf b/versions.tf deleted file mode 100644 index ac97c6ac..00000000 --- a/versions.tf +++ /dev/null @@ -1,4 +0,0 @@ - -terraform { - required_version = ">= 0.12" -} From 8a73ed6679bf3c42accacaa85db627386f1efa16 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 12 Jun 2019 10:38:33 +0200 Subject: [PATCH 5/6] Fixed README --- README.md | 1 - examples/cloudwatch-alerts-to-slack/README.md | 11 +---------- 2 files changed, 1 insertion(+), 11 deletions(-) diff --git a/README.md b/README.md index f92c7629..9e55a22e 100644 --- a/README.md +++ b/README.md @@ -52,7 +52,6 @@ If you want to subscribe AWS Lambda Function created by this module to an existi |------|-------------|:----:|:-----:|:-----:| | create | Whether to create all resources | string | `true` | no | | create_sns_topic | Whether to create new SNS topic | string | `true` | no | -| create_with_kms_key | Whether to create resources with KMS encryption | string | `false` | no | | kms_key_arn | ARN of the KMS key used for decrypting slack webhook url | string | `` | no | | lambda_function_name | The name of the Lambda function to create | string | `notify_slack` | no | | slack_channel | The name of the channel in Slack for notifications | string | - | yes | diff --git a/examples/cloudwatch-alerts-to-slack/README.md b/examples/cloudwatch-alerts-to-slack/README.md index ec8016d2..900bf76d 100644 --- a/examples/cloudwatch-alerts-to-slack/README.md +++ b/examples/cloudwatch-alerts-to-slack/README.md @@ -10,8 +10,6 @@ There are 3 ways to define KMS key which should be used by Lambda function: 1. Use [aws_kms_alias data-source](https://www.terraform.io/docs/providers/aws/d/kms_alias.html) to get an existing KMS key alias and put ARN of it as `kms_key_arn` argument to this module 1. Hard-code the ARN of KMS key -Note: Set `create_with_kms_key = true` when providing value of `kms_key_arn` to create required IAM policy which allows to decrypt using specified KMS key. - ### Option 1: ```hcl @@ -25,7 +23,6 @@ resource "aws_kms_alias" "this" { } // kms_key_arn = aws_kms_key.this.arn -// create_with_kms_key = true ``` ### Option 2: @@ -36,18 +33,12 @@ data "aws_kms_alias" "this" { } // kms_key_arn = data.aws_kms_alias.this.target_key_arn -// create_with_kms_key = true ``` ### Option 3: ``` -variable "kms_key_arn" { - default = "arn:aws:kms:eu-west-1:835367859851:key/054b4846-95fe-4537-94f2-1dfd255238cf" -} - -// kms_key_arn = var.kms_key_arn -// create_with_kms_key = true +// kms_key_arn = "arn:aws:kms:eu-west-1:835367859851:key/054b4846-95fe-4537-94f2-1dfd255238cf" ``` ## Usage From a0a1c1f2560f8065ec70859cc8a3601c1699ece4 Mon Sep 17 00:00:00 2001 From: Anton Babenko Date: Wed, 12 Jun 2019 10:39:34 +0200 Subject: [PATCH 6/6] Fixed variables --- variables.tf | 6 ------ 1 file changed, 6 deletions(-) diff --git a/variables.tf b/variables.tf index 4a9074f3..6df698f8 100644 --- a/variables.tf +++ b/variables.tf @@ -10,12 +10,6 @@ variable "create_sns_topic" { default = true } -//variable "create_with_kms_key" { -// description = "Whether to create resources with KMS encryption" -// type = bool -// default = false -//} - variable "lambda_function_name" { description = "The name of the Lambda function to create" type = string