The purpose of this module is to provide a building block for processing and delivering notifications, sourced from SNS and forwarded to one or more endpoints (email, slack, teams and or custom subscribers).
module "notifications" {
source = "../.."
allowed_aws_services = ["cloudwatch.amazonaws.com"]
create_sns_topic = true
sns_topic_name = var.sns_topic_name
tags = var.tags
subscribers = {
"opsgenie" = {
protocol = "https"
endpoint = "https://api.opsgenie.com/v2/alerts"
endpoint_auto_confirms = true
raw_message_delivery = true
}
}
}
The terraform-docs
utility is used to generate this README. Follow the below steps to update:
- Make changes to the
.terraform-docs.yml
file - Fetch the
terraform-docs
binary (https://terraform-docs.io/user-guide/installation/) - Run
terraform-docs markdown table --output-file ${PWD}/README.md --output-mode inject .
The slack
configuration can be sourced from AWS Secrets Manager, using the var.slack.secret_name
. The secret should be a JSON object reassembling the slack
configuration.
{
"channel": "#channel",
"username": "username",
"webhook_url": "https://hooks.slack.com/services/..."
}
Name | Version |
---|---|
terraform | >= 1.0.7 |
aws | >= 5.0.0 |
Name | Version |
---|---|
aws | >= 5.0.0 |
Name | Source | Version |
---|---|---|
slack | terraform-aws-modules/notify-slack/aws | 6.4.0 |
sns | terraform-aws-modules/sns/aws | v6.0.1 |
Name | Type |
---|---|
aws_sns_topic_subscription.email | resource |
aws_sns_topic_subscription.subscribers | resource |
aws_caller_identity.current | data source |
aws_iam_policy_document.current | data source |
aws_region.current | data source |
aws_secretsmanager_secret.slack | data source |
aws_secretsmanager_secret_version.slack | data source |
Name | Description | Type | Default | Required |
---|---|---|---|---|
sns_topic_name | The name of the source sns topic where events are published | string |
n/a | yes |
tags | Tags to apply to all resources | map(string) |
n/a | yes |
allowed_aws_principals | Optional, list of AWS accounts able to publish via the SNS topic (when creating topic) e.g 123456789012 | list(string) |
[] |
no |
allowed_aws_services | Optional, list of AWS services able to publish via the SNS topic (when creating topic) e.g cloudwatch.amazonaws.com | list(string) |
[] |
no |
cloudwatch_log_group_kms_key_id | The KMS key id to use for encrypting the cloudwatch log group (default is none) | string |
null |
no |
cloudwatch_log_group_retention | The retention period for the cloudwatch log group (for lambda function logs) in days | string |
"3" |
no |
create_sns_topic | Whether to create an SNS topic for notifications | bool |
false |
no |
The configuration for Email notifications | object({ |
null |
no | |
slack | The configuration for Slack notifications | object({ |
null |
no |
sns_topic_policy | The policy to attach to the sns topic, else we default to account root | string |
null |
no |
subscribers | Optional list of custom subscribers to the SNS topic | map(object({ |
{} |
no |
Name | Description |
---|---|
sns_topic_arn | The ARN of the SNS topic |