cloudandthings / terraform-aws-clickops-notifier

Get notified when actions are taken in the AWS Console.
https://registry.terraform.io/modules/cloudandthings/clickops-notifier/aws/latest
MIT License
208 stars 17 forks source link

Customize slack channel per included account #76

Open nitrocode opened 10 months ago

nitrocode commented 10 months ago

I have a client setup like this

current setup - single channel for multiple accounts ```hcl module "clickops_notifier" { source = "cloudandthings/clickops-notifier/aws" version = "5.0.4" cloudtrail_bucket_name = "org-cloudtrail" included_accounts = [ module.account_map["production"], module.account_map["corp"], ] webhooks_for_slack_notifications = { "clickops" = jsondecode(data.aws_secretsmanager_secret_version.webhook.secret_string)["webhook"] } } ```

I want to set this up so I can do a separate slack channel per account, which can be done with a for_each per account which results in duplicating a lot of infrastructure.

per account for separate channel using for_each ```hcl module "clickops_notifier" { source = "cloudandthings/clickops-notifier/aws" version = "5.0.4" for_each = toset([ "production", "corp", ]) cloudtrail_bucket_name = "org-cloudtrail" included_accounts = [ module.account_map[each.key], ] webhooks_for_slack_notifications = { "clickops-${each.key}" = jsondecode(data.aws_secretsmanager_secret_version.webhook[each.key].secret_string)["webhook"] } } ```

What's more ideal is if we can do something like this

per account for separate channel using multiple hooks Using the key as the account instead of the channel name ```hcl module "clickops_notifier" { source = "cloudandthings/clickops-notifier/aws" version = "5.0.4" cloudtrail_bucket_name = "org-cloudtrail" included_accounts = [ module.account_map["production"], module.account_map["corp"], ] # written out without a for loop to show mapping is # account = slack-web-hook webhooks_slack_notifications_per_account = { module.account_map["production"] = jsondecode(data.aws_secretsmanager_secret_version.webhook["production"].secret_string)["webhook"] module.account_map["corp"] = jsondecode(data.aws_secretsmanager_secret_version.webhook["corp"].secret_string)["webhook"] } # or # webhooks_slack_notifications_per_account = { # for account in data.aws_secretsmanager_secret_version.webhook: # module.account_map[account] = jsondecode(data.aws_secretsmanager_secret_version.webhook[account].secret_string)["webhook"] # } } ```

https://github.com/cloudandthings/terraform-aws-clickops-notifier/blob/be9694cda07dbe74fad9e332723be3b38bb5267b/main.tf#L142-L148

https://github.com/cloudandthings/terraform-aws-clickops-notifier/blob/be9694cda07dbe74fad9e332723be3b38bb5267b/main.tf#L104-L105

https://github.com/cloudandthings/terraform-aws-clickops-notifier/blob/be9694cda07dbe74fad9e332723be3b38bb5267b/clickopsnotifier/app.py#L56-L64