Spamming Notification Medium

fivexl / terraform-aws-cloudtrail-to-slack

Parse AWS CloudTrail events and send alerts to Slack for events that match pre-configured rules

https://registry.terraform.io/modules/fivexl/cloudtrail-to-slack/aws/latest

Apache License 2.0

93 stars 26 forks source link

Spamming Notification Medium #28

Closed parth995 closed 1 year ago

parth995 commented 2 years ago

Hey, I guess while applying terraform code, there are multiple events for same resource in cloudtrail. Hence same bunch of messages get spammed/bombarded in notification channels like a noise. Would any workaround be suggested for the same please ? Thanks

Andrey9kin commented 2 years ago

Hi @parth995! What kind of messages are those? If they are "access denied" type, then the best way is to tune up your access to include necessary permissions. If not, can you share an example?

Andrey9kin commented 1 year ago

The current best thinking - have a dynamodb with configurable TTL and store messages there (only ones that match the filter), use principal structure hash and action as a composite key, and store raw event, and ts of the slack message. if we get a new event that will match the composite key then use slack ts to send message as a reply in the thread instead of standalone message

EreminAnton commented 1 year ago

5854bcc