概要
AWSのサービス障害・メンテナンス・イベント通知を自動でSlackに流す仕組みを、AWS Chatbot + SNS + EventBridgeで構築します。
本記事では、その仕組みをCloudFormationテンプレート1つで自動構築できるYAMLファイルとして紹介します。
AWS公式の「Health Dashboard」で確認できる障害情報を、Slackチャンネルに自動通知することで、いち早くAWSのインシデントを検知できるようになります。
今回はこちらの過去記事の更新となります。
構成図
使用するAWSサービス
| サービス | 役割 |
|---|---|
| EventBridge | AWS Healthイベントを検知し、SNSへルーティング |
| SNS | Chatbotにイベントを中継 |
| AWS Chatbot | SNSメッセージをSlackへ通知 |
| Slack | 運用チームが通知を受け取る場所 |
コード
template.yaml
AWSTemplateFormatVersion: '2010-09-09'
Description: aws-health-check
Resources:
# AWS障害
# Slackの「障害情報通知チャンネル」へ送信
IncidentChatbot:
Type: AWS::Chatbot::SlackChannelConfiguration
Properties:
ConfigurationName: incident-to-slack
SlackChannelId: "SlackChannelId_01"
SlackWorkspaceId: "SlackWorkspaceId"
IamRoleArn: !Sub arn:aws:iam::${AWS::AccountId}:role/health-chatbot-slack
GuardrailPolicies:
- !Sub arn:aws:iam::${AWS::AccountId}:policy/health-guardrail
SnsTopicArns:
- !Ref IncidentSNSTopic
IncidentSNSTopic:
Type: AWS::SNS::Topic
Properties:
TopicName: incident-to-slack
KmsMasterKeyId: "alias/health-key-sns"
IncidentSNSTopicPolicy:
Type: AWS::SNS::TopicPolicy
Properties:
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service: "events.amazonaws.com"
Action: "sns:Publish"
Resource: !Ref IncidentSNSTopic
Condition:
ArnEquals:
aws:SourceArn: !Sub arn:aws:events:ap-northeast-1:${AWS::AccountId}:rule/incident-to-slack
Topics:
- !Ref IncidentSNSTopic
IncidentSNSTopicSubscription:
Type: AWS::SNS::Subscription
Properties:
Endpoint: https://global.sns-api.chatbot.amazonaws.com
Protocol: HTTPS
TopicArn: !Ref IncidentSNSTopic
IncidentEventBridgeRule:
Type: AWS::Events::Rule
Properties:
EventBusName: default
EventPattern:
source:
- "aws.health"
detail-type:
- "AWS Health Event"
detail:
eventTypeCategory:
- "issue"
Name: incident-to-slack
State: ENABLED
Targets:
- Arn: !Ref IncidentSNSTopic
Id: "IncidentSNSTarget"
# 新機能リリース通知
# Slackの「awsイベント通知チャンネル」へ送信
ReleaseInfoChatbot:
Type: AWS::Chatbot::SlackChannelConfiguration
Properties:
ConfigurationName: releaseInfo-to-slack
SlackChannelId: "SlackChannelId_02"
SlackWorkspaceId: "SlackWorkspaceId"
IamRoleArn: !Sub arn:aws:iam::${AWS::AccountId}:role/health-chatbot-slack
GuardrailPolicies:
- !Sub arn:aws:iam::${AWS::AccountId}:policy/health-guardrail
SnsTopicArns:
- !Ref ReleaseInfoSNSTopic
ReleaseInfoSNSTopic:
Type: AWS::SNS::Topic
Properties:
TopicName: releaseInfo-to-slack
KmsMasterKeyId: "alias/health-key-sns"
ReleaseInfoSNSTopicPolicy:
Type: AWS::SNS::TopicPolicy
Properties:
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service: "events.amazonaws.com"
Action: "sns:Publish"
Resource: !Ref ReleaseInfoSNSTopic
Condition:
ArnEquals:
aws:SourceArn: !Sub arn:aws:events:ap-northeast-1:${AWS::AccountId}:rule/releaseInfo-to-slack
Topics:
- !Ref ReleaseInfoSNSTopic
ReleaseInfoSNSTopicSubscription:
Type: AWS::SNS::Subscription
Properties:
Endpoint: https://global.sns-api.chatbot.amazonaws.com
Protocol: HTTPS
TopicArn: !Ref ReleaseInfoSNSTopic
ReleaseInfoEventBridgeRule:
Type: AWS::Events::Rule
Properties:
EventBusName: default
EventPattern:
source:
- "aws.health"
detail-type:
- "AWS Health Event"
detail:
eventTypeCategory:
- "accountNotification"
Name: releaseInfo-to-slack
State: ENABLED
Targets:
- Arn: !Ref ReleaseInfoSNSTopic
Id: "ReleaseInfoSNSTarget"
# メンテナンス通知やEOL情報など
# Slackの「メンテナンス情報通知チャンネル」へ送信
MaintenanceChatbot:
Type: AWS::Chatbot::SlackChannelConfiguration
Properties:
ConfigurationName: maintenance-to-slack
SlackChannelId: "SlackChannelId_03"
SlackWorkspaceId: "SlackWorkspaceId"
IamRoleArn: !Sub arn:aws:iam::${AWS::AccountId}:role/health-chatbot-slack
GuardrailPolicies:
- !Sub arn:aws:iam::${AWS::AccountId}:policy/health-guardrail
SnsTopicArns:
- !Ref MaintenanceSNSTopic
MaintenanceSNSTopic:
Type: AWS::SNS::Topic
Properties:
TopicName: maintenance-to-slack
KmsMasterKeyId: "alias/health-key-sns"
MaintenanceSNSTopicPolicy:
Type: AWS::SNS::TopicPolicy
Properties:
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: "Allow"
Principal:
Service: "events.amazonaws.com"
Action: "sns:Publish"
Resource: !Ref MaintenanceSNSTopic
Condition:
ArnEquals:
aws:SourceArn: !Sub arn:aws:events:ap-northeast-1:${AWS::AccountId}:rule/maintenance-to-slack
Topics:
- !Ref MaintenanceSNSTopic
MaintenanceSNSTopicSubscription:
Type: AWS::SNS::Subscription
Properties:
Endpoint: https://global.sns-api.chatbot.amazonaws.com
Protocol: HTTPS
TopicArn: !Ref MaintenanceSNSTopic
MaintenanceEventBridgeRule:
Type: AWS::Events::Rule
Properties:
EventBusName: default
EventPattern:
source:
- "aws.health"
detail-type:
- "AWS Health Event"
detail:
eventTypeCategory:
- "scheduledChange"
Name: maintenance-to-slack
State: ENABLED
Targets:
- Arn: !Ref MaintenanceSNSTopic
Id: "MaintenanceSNSTarget"
通知の種類
| AWS Healthイベントカテゴリ | 通知先Slackチャンネル | 用途 |
|---|---|---|
| issue | 障害情報 | AWS基盤障害・リージョン障害など |
| accountNotification | awsイベント通知 | 新機能・サービスアップデート |
| scheduledChange | メンテナンス | EOLやスケジュール変更など |
ポイント
EventBridgeルール単位で無効化すれば、特定カテゴリの通知を止められます。
Slackチャンネルごとに通知カテゴリを分けることで、大事な情報の見逃しを防げます。
さいごに
Slackで障害発生している場合はそもそも通知が届かないこともあります。。。