Terraform AWS Notify

Description

The purpose of this module is to provide a building block for processing and delivering notifications, sourced from SNS and forwarded to one or more endpoints (email, slack, teams and or custom subscribers).

Usage

module "notifications" {
  source = "../.."

  # creates the SNS topic of the given name, and allows CloudWatch service to post to topic
  allowed_aws_services = [
    "budgets.amazonaws.com",
    "cloudwatch.amazonaws.com",
    "cloudtrail.amazonaws.com",
    "events.amazonaws.com",
  ]
  create_sns_topic = false
  sns_topic_name   = "lza-cloudaccess-notifications"

  # consistent tags applied across all resources
  tags = {
    Environment = "Test"
    Owner       = "DevOps"
  }

  slack = {
    # slack webhook URL
    webhook_url = "https://hooks.slack.com/services/XXXXXXXXX/XXXXXXXXX/XXXXXXXXXXXXXXXX"
  }

  # list of email address that will be subscribed
  email = {
    addresses = []
  }
}

Update Documentation

The terraform-docs utility is used to generate this README. Follow the below steps to update:

1. Make changes to the .terraform-docs.yml file
2. Fetch the terraform-docs binary (https://terraform-docs.io/user-guide/installation/)
3. Run terraform-docs markdown table --output-file ${PWD}/README.md --output-mode inject .

Maintenance

Frequently (quartley at least) check and upgrade:

1. Python runtime - python_runtime
2. AWS PowerTools Lambda Layer for python ARN: powertools_layer_arn_suffix

Acknowledgements

• notify-teams - distributed under Apache 2.0 license; obligations met under this GNU V3 license
• terraform-aws-notify-slack - distributed under Apache 2.0 license; obligations met under this GNU V3 license

Providers

Name	Version
aws	>= 5.0.0

Inputs

Name	Description	Type	Default	Required
sns_topic_name	The name of the source sns topic where events are published	string	n/a	yes
allowed_aws_principals	Optional, list of AWS accounts able to publish via the SNS topic (when creating topic) e.g 123456789012	list(string)	[]	no
allowed_aws_services	Optional, list of AWS services able to publish via the SNS topic (when creating topic) e.g cloudwatch.amazonaws.com	list(string)	[]	no
cloudwatch_log_group_class	The class of the CloudWatch log group	string	"STANDARD"	no
cloudwatch_log_group_kms_key_id	The KMS key id to use for encrypting the cloudwatch log group (default is none)	string	null	no
cloudwatch_log_group_retention	The retention period for the cloudwatch log group (for lambda function logs) in days	number	14	no
create_sns_topic	Whether to create an SNS topic for notifications	bool	false	no
email	The configuration for Email notifications	object({ addresses = optional(list(string)) # The email addresses to send notifications to })	null	no
ephemeral_storage_size	Amount of ephemeral storage (/tmp) in MB your Lambda Function can use at runtime	number	512	no
function_name	Name of the Lambda function	string	"lz-notifications"	no
lambda_log_level	The log level for the Lambda function	string	"INFO"	no
lambda_role_description	Description of the IAM role for the Lambda function	string	"IAM role for Lambda function"	no
lambda_role_name	Name of the IAM role for the Lambda function	string	null	no
lambda_role_permissions_boundary	ARN of the permissions boundary to be used on the Lambda IAM role	string	null	no
lambda_runtime	The runtime to use for the Lambda function	string	"python3.12"	no
memory_size	Amount of memory in MB your Lambda Function can use at runtime	number	128	no
notification_platform	Platform to send notifications to (slack or teams)	string	"slack"	no
slack	The configuration for Slack notifications	object({ lambda_name = optional(string, "slack-notify") # The name of the lambda function to create lambda_description = optional(string, "Lambda function to send slack notifications") # An optional secret name in secrets manager to use for the slack configuration webhook_url = optional(string) })	null	no
sns_topic_policy	The policy to attach to the sns topic, else we default to account root	string	null	no
subscribers	Optional list of custom subscribers to the SNS topic	map(object({ protocol = string # The protocol to use. The possible values for this are: sqs, sms, lambda, application. (http or https are partially supported, see below). endpoint = string # The endpoint to send data to, the contents will vary with the protocol. (see below for more information) endpoint_auto_confirms = bool # Boolean indicating whether the end point is capable of auto confirming subscription e.g., PagerDuty (default is false) raw_message_delivery = bool # Boolean indicating whether or not to enable raw message delivery (the original message is directly passed, not wrapped in JSON with the original message in the message property) (default is false) }))	{}	no
tags	Tags to apply to all resources	map(string)	{}	no
teams	The configuration for teams notifications	object({ lambda_name = optional(string, "teams-notify") # The name of the lambda function to create lambda_description = optional(string, "Lambda function to send teams notifications") # An optional secret name in secrets manager to use for the slack configuration webhook_url = optional(string) })	null	no
timeout	The amount of time your Lambda Function has to run in seconds	number	30	no

Outputs

Name	Description
lambda_function_arn	The ARN of the Lambda function
lambda_function_invoke_arn	The invoke ARN of the Lambda function
lambda_function_name	The name of the Lambda function
lambda_function_role_arn	The ARN of the IAM role created for the Lambda function
sns_topic_arn	The ARN of the SNS topic