Added slack chatbot to terraform

Author: dlzhry2nhs

terraform/batch_processor_errors_slack_chatbot.tf

@@ -0,0 +1,29 @@
+resource "awscc_chatbot_slack_channel_configuration" "batch_processor_errors" {
+  count              = var.batch_error_notifications_enabled ? 1 : 0
+
+  configuration_name = "${local.resource_scope}-batch-processor-errors-slack-channel-config"
+  iam_role_arn       = awscc_iam_role.batch_processor_errors_chatbot[0].arn
+  slack_channel_id   = var.environment == "prod" ? "TODO - make channel" : "C09E48NDP18"
+  slack_workspace_id = "TJ00QR03U"
+  sns_topic_arns     = [aws_sns_topic.batch_processor_errors[0].arn]
+}
+
+resource "awscc_iam_role" "batch_processor_errors_chatbot" {
+  count = var.batch_error_notifications_enabled ? 1 : 0
+
+  role_name = "${local.resource_scope}-batch-processor-errors-chatbot-channel-role"
+  assume_role_policy_document = jsonencode({
+    Version = "2012-10-17"
+    Statement = [
+      {
+        Action = "sts:AssumeRole"
+        Effect = "Allow"
+        Sid    = ""
+        Principal = {
+          Service = "chatbot.amazonaws.com"
+        }
+      },
+    ]
+  })
+  managed_policy_arns = ["arn:aws:iam::aws:policy/AWSResourceExplorerReadOnlyAccess"]
+}

terraform/batch_processor_errors_sns_topic.tf

@@ -1,9 +1,11 @@
 resource "aws_sns_topic" "batch_processor_errors" {
-  name = "${local.short_prefix}-batch-processor-errors"
+  count = var.batch_error_notifications_enabled ? 1 : 0
+  name  = "${local.resource_scope}-batch-processor-errors"
 }
 
 resource "aws_sns_topic_policy" "batch_processor_errors_topic_policy" {
-  arn    = aws_sns_topic.batch_processor_errors.arn
+  count  = var.batch_error_notifications_enabled ? 1 : 0
+  arn    = aws_sns_topic.batch_processor_errors[0].arn
   policy = jsonencode({
     Version = "2012-10-17",
     Statement = [
@@ -14,14 +16,8 @@ resource "aws_sns_topic_policy" "batch_processor_errors_topic_policy" {
           Service = "cloudwatch.amazonaws.com"
         },
         Action    = "SNS:Publish",
-        Resource  = aws_sns_topic.batch_processor_errors.arn
+        Resource  = aws_sns_topic.batch_processor_errors[0].arn
       }
     ]
   })
 }
-
-resource "aws_sns_topic_subscription" "batch_processor_errors_email_target" {
-  topic_arn     = aws_sns_topic.batch_processor_errors.arn
-  protocol      = "email"
-  endpoint      = var.batch_processor_errors_target_email
-}

terraform/batch_processor_filter_lambda.tf

@@ -303,6 +303,8 @@ resource "aws_lambda_event_source_mapping" "batch_file_created_sqs_to_lambda" {
 }
 
 resource "aws_cloudwatch_log_metric_filter" "batch_processor_filter_error_logs" {
+  count          = var.batch_error_notifications_enabled ? 1 : 0
+
   name           = "${local.short_prefix}-BatchProcessorFilterErrorLogsFilter"
   pattern        = "%\\[ERROR\\]|\\[CRITICAL\\]%"
   log_group_name = aws_cloudwatch_log_group.batch_processor_filter_lambda_log_group.name
@@ -315,6 +317,8 @@ resource "aws_cloudwatch_log_metric_filter" "batch_processor_filter_error_logs"
 }
 
 resource "aws_cloudwatch_metric_alarm" "batch_processor_filter_error_alarm" {
+  count               = var.batch_error_notifications_enabled ? 1 : 0
+
   alarm_name          = "${local.short_prefix}-batch-processor-filter-lambda-error"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -324,6 +328,6 @@ resource "aws_cloudwatch_metric_alarm" "batch_processor_filter_error_alarm" {
   statistic           = "Sum"
   threshold           = 1
   alarm_description   = "This sets off an alarm for any error logs found in the batch processor filter Lambda function"
-  alarm_actions       = [aws_sns_topic.batch_processor_errors.arn]
+  alarm_actions       = [aws_sns_topic.batch_processor_errors[0].arn]
   treat_missing_data  = "notBreaching"
 }

terraform/file_name_processor.tf

@@ -320,6 +320,8 @@ resource "aws_cloudwatch_log_group" "file_name_processor_log_group" {
 }
 
 resource "aws_cloudwatch_log_metric_filter" "file_name_processor_error_logs" {
+  count          = var.batch_error_notifications_enabled ? 1 : 0
+
   name           = "${local.short_prefix}-FilenameProcessorErrorLogsFilter"
   pattern        = "%\\[ERROR\\]|\\[CRITICAL\\]%"
   log_group_name = aws_cloudwatch_log_group.file_name_processor_log_group.name
@@ -332,6 +334,8 @@ resource "aws_cloudwatch_log_metric_filter" "file_name_processor_error_logs" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "file_name_processor_error_alarm" {
+  count               = var.batch_error_notifications_enabled ? 1 : 0
+
   alarm_name          = "${local.short_prefix}-file-name-processor-lambda-error"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -341,6 +345,6 @@ resource "aws_cloudwatch_metric_alarm" "file_name_processor_error_alarm" {
   statistic           = "Sum"
   threshold           = 1
   alarm_description   = "This sets off an alarm for any error logs found in the file name processor Lambda function"
-  alarm_actions       = [aws_sns_topic.batch_processor_errors.arn]
+  alarm_actions       = [aws_sns_topic.batch_processor_errors[0].arn]
   treat_missing_data  = "notBreaching"
 }

terraform/variables.tf

@@ -7,14 +7,6 @@ variable "sub_environment" {
 variable "immunisation_account_id" {}
 variable "dspp_core_account_id" {}
 
-# TODO - change this. Get a shared mailbox/switch to Lambda -> Slack integration
-# Also should have different config for Prod vs PTL
-variable "batch_processor_errors_target_email" {
-  default     = "[email protected]"
-  description = "The target email address for the Batch Processor Errors SNS topic"
-  type        = string
-}
-
 variable "create_mesh_processor" {
   default = false
 }
@@ -43,6 +35,13 @@ variable "pds_check_enabled" {
   default = true
 }
 
+# Remember to switch off in PR envs after testing
+variable "batch_error_notifications_enabled" {
+  default     = true
+  description = "Switch to enable batch processing error notifications to Slack"
+  type        = bool
+}
+
 variable "has_sub_environment_scope" {
   default = false
 }