Created
March 26, 2021 15:41
-
-
Save giuseppeborgese/49a59fc5f72edd7c38ee200d9fba961a to your computer and use it in GitHub Desktop.
ms teams notification
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
AWSTemplateFormatVersion: "2010-09-09" | |
Description: this is the notification project with ms teams | |
Parameters: | |
ProjectName: | |
Description: this name will prefix many names | |
Type: String | |
Default: notif | |
Resources: | |
MSTLegendsParameter: | |
Type: AWS::SSM::Parameter | |
Properties: | |
Name: !Sub '${ProjectName}-arc-devops-msteams-legends' | |
Type: String | |
Value: "https://mycompany.webhook.office.com/webhookb2/xxxxxxxxxx" | |
Description: teams url to send notifications | |
MSTAvengersParameter: | |
Type: AWS::SSM::Parameter | |
Properties: | |
Name: !Sub '${ProjectName}-arc-devops-msteams-avengers' | |
Type: String | |
Value: "https://mycompany.webhook.office.com/webhookb2/yyyyyyyyyy" | |
Description: teams url to send notifications | |
MSTeamsNotiica: | |
Type: 'AWS::IAM::Role' | |
Properties: | |
RoleName: !Sub '${ProjectName}-arc-devops-msteams-notifications' | |
AssumeRolePolicyDocument: | |
Version: '2012-10-17' | |
Statement: | |
- Effect: Allow | |
Principal: | |
Service: 'lambda.amazonaws.com' | |
Action: 'sts:AssumeRole' | |
Policies: | |
- PolicyName: 'logs-parameter-xray' | |
PolicyDocument: | |
Statement: | |
- Effect: Allow | |
Action: | |
- 'ssm:GetParameter' | |
Resource: '*' | |
- Effect: Allow | |
Action: | |
- 'logs:CreateLogGroup' | |
- 'logs:CreateLogStream' | |
- 'logs:PutLogEvents' | |
Resource: '*' | |
NotificationLambdaFunction: | |
Type: 'AWS::Lambda::Function' | |
Properties: | |
FunctionName: !Sub '${ProjectName}-arc-devops-msteams-notifications' | |
Handler: index.lambda_handler | |
Code: | |
ZipFile: | | |
import urllib3 | |
import json | |
import os | |
import boto3 | |
http = urllib3.PoolManager() | |
def lambda_handler(event, context): | |
#### recover the info from the message event, it was not an easy one :) | |
message = json.loads(event['Records'][0]['Sns']['Message']) | |
alarm_description = json.loads(message['AlarmDescription']) | |
lambda_name = alarm_description['lambda_name'] | |
team = alarm_description['Team'] | |
kind_of_problem = alarm_description['kind_of_problem'] | |
### find the account alias from the account id | |
account_id = alarm_description['account_id'] | |
account_alias = "empty" | |
if account_id == "000000000000": | |
account_alias = "devops" | |
if account_id == "111111111111": | |
account_alias = "dev" | |
if account_id == "222222222222": | |
account_alias = "test" | |
if account_id == "333333333333": | |
account_alias = "prod" | |
#### find the url for the team | |
ssm_client = boto3.client('ssm') | |
param_string_prefix = "notif-arc-devops-msteams-" | |
param_response = ssm_client.get_parameter(Name=param_string_prefix+team) | |
url_to_call = param_response['Parameter']['Value'] | |
### send the message using https | |
name = "For the account: "+account_alias+ " there was a problem of type " + kind_of_problem + " on the lambda function: " + lambda_name | |
msg = { | |
"text": f"Alarm: {name}" | |
} | |
print(name) | |
encoded_msg = json.dumps(msg).encode('utf-8') | |
resp = http.request('POST',url_to_call, body=encoded_msg) | |
MemorySize: 128 | |
Runtime: 'python3.7' | |
Timeout: 30 | |
Role: !GetAtt MSTeamsNotiica.Arn | |
SNSTopic: | |
Type: AWS::SNS::Topic | |
Properties: | |
Subscription: | |
- Endpoint: | |
Fn::GetAtt: | |
- "NotificationLambdaFunction" | |
- "Arn" | |
Protocol: "lambda" | |
TopicName: !Sub '${ProjectName}-arc-devops-msteams-notifications' #if you change this name here you also need to change in the policy | |
#to allow sns topic to invoke the lambda function we need to setup this permissions | |
#if you do from webconosle this one is added automatically from the console but with iam | |
#you need to setup. https://docs.aws.amazon.com/lambda/latest/dg/with-sns-example.html#with-sns-create-x-account-permissions | |
LambdaPermissionFromSNS: | |
Type: AWS::Lambda::Permission | |
Properties: | |
Action: "lambda:InvokeFunction" | |
FunctionName: !Ref NotificationLambdaFunction | |
Principal: "sns.amazonaws.com" | |
SourceArn: !Ref SNSTopic | |
SNSPolicy: | |
Type: AWS::SNS::TopicPolicy | |
Properties: | |
Topics: | |
- !Ref SNSTopic | |
PolicyDocument: |- | |
{ | |
"Version": "2008-10-17", | |
"Id": "accee_multiple_accounts", | |
"Statement": [ | |
{ | |
"Sid": "Allow_Publish_Alarms", | |
"Effect": "Allow", | |
"Principal": { | |
"Service": [ | |
"cloudwatch.amazonaws.com" | |
] | |
}, | |
"Action": "sns:Publish", | |
"Resource": "arn:aws:sns:eu-west-1:000000000000:notif-arc-devops-msteams-notifications", | |
"Condition": { | |
"ArnLike": { | |
"aws:SourceArn": [ | |
"arn:aws:cloudwatch:eu-west-1:000000000000:*", | |
"arn:aws:cloudwatch:eu-west-1:111111111111:*", | |
"arn:aws:cloudwatch:eu-west-1:222222222222:*", | |
"arn:aws:cloudwatch:eu-west-1:333333333333:*" | |
] | |
} | |
} | |
}] | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment