AWS DevOps Blog

Running AWS commands from Slack using AWS Chatbot

DevOps teams widely use Slack channels as communication hubs where team members interact—both with one another and with the systems they operate. Chatbots help facilitate these interactions, delivering important notifications and relaying commands from users back to systems. Many teams even prefer that operational events and notifications come through Slack channels. This allows the entire team to see notifications and act on them through commands to chatbots.

Earlier this year, AWS announced a beta of AWS Chatbot that enabled DevOps teams receive AWS notifications in Slack channels and Amazon Chime chat rooms. Customers have used AWS Chatbot to stay on top of their operational, security, CI/CD, and cost alerts.

Today, we introduced a new feature that enables DevOps teams to run AWS commands and actions from Slack. You can retrieve diagnostic information, invoke AWS Lambda functions, and create support cases right from your Slack channels, so your team can collaborate and respond to events faster. AWS Chatbot supports commands using the already familiar AWS Command Line Interface syntax that you can use from Slack on desktop or mobile devices.

AWS Chatbot commands diagram

In addition to running commands, you can retrieve Amazon CloudWatch Logs by simply clicking the Show logs button on CloudWatch Alarms notifications in Slack. AWS Chatbot supports actions for showing logs for AWS Lambda and Amazon API Gateway.

The scope of AWS Chatbot’s permissions in your account is defined by an IAM role that you can create using policy templates in the AWS Chatbot console or by specifying custom IAM policies with granular permissions that meet your needs. If you already use AWS Chatbot for sending notifications to Slack, you must create a new IAM role or update the existing one with additional permissions to be able to run commands.

AWS Chatbot is available free of charge and you only pay for the AWS resources you use, such as CloudWatch Log Insights that is used for querying logs.

Walkthrough

In this post, I will walk you through the configuration steps to set up AWS Chatbot in a Slack channel and show how to get help and run commands using the bot.

As part of this tutorial, we will do the following:

  1. Configure AWS Chatbot in a Slack channel
  2. Test AWS Chatbot in Slack and get help
  3. Show CloudWatch Alarms in Slack
  4. Describe AWS resources in Slack
  5. Invoke a Lambda function from Slack
  6. Retrieve logs for a Lambda function
  7. Create an AWS Support case

Prerequisites

To follow along with this example, you need an AWS account, as well as a Slack channel to configure with AWS Chatbot.

1. Configure AWS Chatbot in a Slack channel

In the AWS Chatbot console’s home page, choose Slack in the Chat client dropdown and choose Configure client.

The setup wizard redirects you to the Slack OAuth 2.0 page. In the top-right corner, select the Slack workspace to configure and choose Allow. Your Slack workspace installs the AWS Slack App, and the AWS account that you logged in with is now authorized to communicate with your Slack workspace.

Slack OAuth 2.0 flow

Slack redirects you from here to the Configure Slack Channel page. Select the channel in which you want to run commands. You can either select a public channel from the dropdown list or paste the URL or ID of a private channel.

For private Slack channels, find the URL of the channel by opening the context (right-click) menu on the channel name in the left sidebar in Slack, and choosing Copy link.

After you choose the Slack channel, under Permissions, choose Create an IAM role using a template. Type a role name in the Role name textbox. In the Policy templates dropdown, choose Read-only command permissions, Lambda-invoke command permissions, and AWS Support command permissions. AWS Chatbot will create an IAM role that it will assume to run commands from the selected Slack channel. You can see the permissions granted to AWS Chatbot or modify them in the IAM console. Learn more about permissions in AWS Chatbot documentation.

Permissions in AWS Chatbot console

Finally, if you also want to receive notifications, such as CloudWatch Alarms or AWS Budgets, select SNS topics that those notifications are published to.

After you choose Configure, the configuration completes.

2. Test AWS Chatbot in Slack and get help

To test AWS Chatbot, open the Slack channel that you configured in step 1 and type /invite @aws to invite AWS Chatbot to the channel.

Type @aws help to get help on using AWS Chatbot.

Example of a help message

3. Show CloudWatch Alarms in Slack

When you have an operational event or want to check in on your application’s health, you can use AWS Chatbot to show details about CloudWatch Alarms in your account.

Type @aws cloudwatch describe-alarms --region us-east-1 to see all alarms in North Virginia Region. The bot will return an image with CloudWatch alarms and metric trends as well as the standard output of the CloudWatch DescribeAlarms API call.

Example of @aws cloudwatch describe-alarm command

You can modify the command to only include alarms in the ALARM state by adding the --state ALARM parameter: @aws cloudwatch describe-alarms --state ALARM. There is no need to specify the Region this time because AWS Chatbot remembered it from the previous command execution.

4. Describe AWS resources in Slack

You can use AWS Chatbot to look up information about your resources.

Example 1: You can use AWS Chatbot to look up timeout and memory size parameters for a Lambda function.

If you don’t know the exact function name, you can first run @aws lambda list-functions, locate the function and then run @aws lambda get-function –-function-name FUNCTION_NAME.

Note that for commands that have only one required parameter, for example, function-name for lambda get-function, you can omit the parameter name: @aws lambda get-function FUNCTION_NAME.

Example of @aws lambda get-function command

Example 2: To get an output value from a CloudFormation stack, you can run @aws cloudformation describe-stacks --stack-name STACK_NAME.

The example below shows a CloudFormation output for an API Gateway endpoint.

Example of getting a value from a CloudFormation stack using AWS Chatbot.

5. Invoke a Lambda function from Slack

To trigger a workflow or a runbook from Slack, you can invoke a Lambda function by running @aws lambda invoke FUNCTION_NAME. AWS Chatbot will ask for a confirmation.

Example of an @aws lambda invoke command.

After you choose Yes, AWS Chatbot will invoke the function. Once the function invocation completes, AWS Chatbot will show the output of the Invoke call.

Example of an @aws lambda invoke command.

If you want to provide inputs to your function, you can add them with a --payload parameter, for example, @aws lambda invoke MyAwesomeLambda --payload {"key":"value"}.

6. Retrieve logs for a Lambda function

You can quickly access logs for Lambda invocations using the new AWS Chatbot action buttons on CloudWatch Alarm notifications in Slack.

To get started, first configure Slack notifications for CloudWatch Alarms for a Lambda function via AWS Chatbot. Then, make your function fail to trigger the CloudWatch Alarm to go into the alarm state.

Example of an Amazon CloudWatch Alarm notification with Show Logs buttons.

Choose Show logs to access the Lambda execution logs. AWS Chatbot will show the first 30 log entries starting from the beginning of the alarm evaluation period.

Example of logs returned by the Show logs action.

Choose Show error logs to filter results to only log entries containing “error”, “exception”, or “fail”.

AWS Chatbot uses Amazon CloudWatch Log Insights to query for logs. The response will contain a deep link to the CloudWatch Log Insights console where you can continue the log dive.

7. Create an AWS Support case

To complete this step, you need to have a subscription to an AWS Support plan.

To create an AWS Support case from Slack, type @aws support create-case and follow the AWS Chatbot prompts to provide it with all the required parameters. For example, to provide a subject type @aws subject SUBJECT STRING.

Example of @aws support create-case command.

When you finish providing required parameters, AWS Chatbot will ask you to confirm creation of the case. After you choose Yes, AWS Chatbot will return the Support case ID.

Example of @aws support create-case command.

Note that file attachments are not currently supported in AWS Chatbot.

Conclusion

Running AWS commands from Slack using AWS Chatbot expands the toolkit your team uses to respond to operational events and interact with AWS. In this post, I walked you through some of the use cases where AWS Chatbot helped reduce the time to recovery while also increasing transparency within DevOps teams.

About the author

Ilya Bezdelev (AWS)

Ilya Bezdelev is the Principal Product Manager for AWS User Experience, where he focuses on conversational interfaces. He cares about making DevOps teams more effective and helping them minimize the mean time to recovery using collaborative ChatOps on AWS.