SlackEventAdapter not working with AWS S3 Bucket, AWS Lambda & API Gateway

[gnohgnij]

Description

I'm using AWS Lambda and API Gateway to host my Flask code for a Slack App. Currently, I'm struggling with responding to the challenge parameter when entering the Request URL. The way I'm implementing my code is:

1. Use serverless framework to develop code in a test environment
2. Once the code works in the test environment, I download the zip file from the test Lambda function, unzip it, change the variables to production environment variables and zip it.
3. I upload the code to the production S3 bucket, which is linked to the production AWS Lambda.

Here are some routes that I have in my code:

app = Flask(__name__)
slack_event_adapter = SlackEventAdapter(os.environ["TEST_SLACK_SIGNING_SECRET"], "/slack/events", app)

@app.route("/")
def hello_from_root():
    return jsonify(message=f'Slack signing secret: {os.environ["TEST_SLACK_SIGNING_SECRET"]}'). 

@app.route("/interactions", methods=['GET', 'POST'])
def parse_interactions():
    """
    Parse interactions here
    """

I suspected that the environment variables weren't being read, but I am able to receive the slack signing secret when sending a GET request to the API Gateway URL

What could be the issue?

What type of issue is this? (place an x in one of the [ ])

• [ ] bug
• [ ] enhancement (feature request)
• [x] question
• [ ] documentation related
• [ ] testing related
• [ ] discussion

Requirements

• [x] I've read and understood the Contributing guidelines and have done my best effort to follow them.
• [x] I've read and agree to the Code of Conduct.
• [x] I've searched for any related issues and avoided creating a duplicate issue.

Bug Report

Filling out the following details about bugs will help us solve your issue sooner.

Reproducible in:

slackeventsapi version: 3.0.1 python version: 3.9.6 OS version(s): macOS Ventura 13.2.1

Steps to reproduce:

1. Deploy serverless framework
2. Export function
3. Unzip function, change env variables to prod variables, upload to prod S3 bucket
4. Enter "prod-api-gateway-url/slack/events" to Slack events subscription request url

Expected result:

The request url to be accepted

Actual result:

The request url not accepted

Attachments:

[seratch]

Hi @gnohgnij, thanks for asking the question.

I am still unshare why you don't use serverless framework for prod deployement while you use it for development. If you use serverless framework for deployments too, just setting env variables in your serverless.yml file should work. Here is my example: https://github.com/seratch/ChatGPT-in-Slack/blob/e8202b144d0d90e5095623f207e291f9008ca8ff/serverless.yml#L33

Also, as mentioned at https://github.com/slackapi/python-slack-events-api#%EF%B8%8F--important-notice, our latest recommendation is to use bolt-python instead. https://github.com/slackapi/python-slack-events-api/issues/84 can be a challenge as long as you go with this package. bolt-python offers better options for AWS lambda use cases:

• https://slack.dev/bolt-python/concepts#lazy-listeners
• https://github.com/slackapi/bolt-python/tree/main/examples/aws_lambda

I highly recommend switching to bolt-python if it's still possible. I hope this helps.

[gnohgnij]

@seratch Hi, thanks for responding. My company practices infrastructure as code and provisions cloud resources through terraform. The serverless framework is just for me to test my code and ultimately, I have to deploy the code using terraform. Is there any reason why the Slack Event Adapter is not respondin with the challenge parameter? When I deployed using the serverless framework, it responded.

[seratch]

@gnohgnij this library is a tiny one so pointing the source code out should be easier for you too. As you can see here, the signature verifications should be failing before responding to the url verification request. I cannot guess what's actually happening on your end but the most common cause is the absence of the signing secret (or using an invalid one such as the one for a different app). I don't think this is your case but another pattern is the system clock problem, which may cause this error.

[gnohgnij]

@seratch Oh I think I've figured it out, my company's terraform API Gateway module uses REST API while serverless framework uses HTTP API

[seratch]

Great to hear that you've identified the cause! Would you mind if I close this issue now?

[gnohgnij]

Yup, you may close the issue