feat: Slackbot chatbot (#32)

p6m7g8 · Nov 19, 2024 · 22ba029 · 22ba029
1 parent d505239
commit 22ba029
Show file tree

Hide file tree

Showing 4 changed files with 27 additions and 11 deletions.
diff --git a/bin/p6lzctl b/bin/p6lzctl
@@ -711,7 +711,10 @@ p6_lz_util_cdk_execute() {
   local action="$1"
   local stack="$2"
 
-  local args="--exclusively --require-approval never"
+  local args="--exclusively --require-approval never --no-rollback"
+  if [ "$action" = "destroy" ]; then
+    args="$args --force"
+  fi
   echo pnpm cdk $action $args $stack
   pnpm cdk $action $args $stack
 

diff --git a/src/constructs/p6-lz-sra-org-trail.ts b/src/constructs/p6-lz-sra-org-trail.ts
@@ -15,12 +15,12 @@ export class P6LzSraOrgTrail extends cdk.Resource {
   constructor(scope: Construct, id: string, props: IP6LzSraOrgTrailProps) {
     super(scope, id)
 
+    const cloudTrailPrinciple = new iam.ServicePrincipal('cloudtrail.amazonaws.com')
     const key = new kms.Key(this, 'Key', {
       alias: 'p6/lz/sra/org-trail',
       enableKeyRotation: true,
       removalPolicy: cdk.RemovalPolicy.DESTROY,
     })
-    const cloudTrailPrinciple = new iam.ServicePrincipal('cloudtrail.amazonaws.com')
     key.grantEncryptDecrypt(cloudTrailPrinciple)
 
     const _cfnTrail = new cloudtrail.CfnTrail(this, 'Trail', {

diff --git a/src/deploy.ts b/src/deploy.ts
@@ -15,15 +15,15 @@ const env = {
 const app = new cdk.App()
 
 const accounts = app.node.tryGetContext('Accounts') as Array<{ Name: string, AccountId: string }> ?? []
-const auditAccountId = accounts.find(account => account.Name === 'auditAccount')?.AccountId ?? '12345678912'
-const devAccountId = accounts.find(account => account.Name === 'devAccount')?.AccountId ?? '12345678912'
-const logarchiveAccountId = accounts.find(account => account.Name === 'logarchiveAccount')?.AccountId ?? '12345678912'
-const managementAccountId = accounts.find(account => account.Name === 'managementAccount')?.AccountId ?? '12345678912'
-const networkAccountId = accounts.find(account => account.Name === 'networkAccount')?.AccountId ?? '12345678912'
-const prodAccountId = accounts.find(account => account.Name === 'prodAccount')?.AccountId ?? '12345678912'
-const qaAccountId = accounts.find(account => account.Name === 'qaAccount')?.AccountId ?? '12345678912'
-const sharedAccountId = accounts.find(account => account.Name === 'sharedAccount')?.AccountId ?? '12345678912'
-const sandboxAccountId = accounts.find(account => account.Name === 'sandboxAccount')?.AccountId ?? '12345678912'
+const auditAccountId = accounts.find(account => account.Name === 'audit')?.AccountId ?? '12345678912'
+const devAccountId = accounts.find(account => account.Name === 'dev')?.AccountId ?? '12345678912'
+const logarchiveAccountId = accounts.find(account => account.Name === 'logarchive')?.AccountId ?? '12345678912'
+const managementAccountId = accounts.find(account => account.Name === 'management')?.AccountId ?? '12345678912'
+const networkAccountId = accounts.find(account => account.Name === 'network')?.AccountId ?? '12345678912'
+const prodAccountId = accounts.find(account => account.Name === 'prod')?.AccountId ?? '12345678912'
+const qaAccountId = accounts.find(account => account.Name === 'qa')?.AccountId ?? '12345678912'
+const sharedAccountId = accounts.find(account => account.Name === 'shared')?.AccountId ?? '12345678912'
+const sandboxAccountId = accounts.find(account => account.Name === 'sandbox')?.AccountId ?? '12345678912'
 
 const principals: string[] = [
   auditAccountId,

diff --git a/src/stacks/audit-1.ts b/src/stacks/audit-1.ts
@@ -1,7 +1,9 @@
 import type { Construct } from 'constructs'
 import type { AccountAlias, LogarchiveBucketArn, ShareWithOrg } from '../types'
 import * as cdk from 'aws-cdk-lib'
+import * as chatbot from 'aws-cdk-lib/aws-chatbot'
 import * as s3 from 'aws-cdk-lib/aws-s3'
+import * as sns from 'aws-cdk-lib/aws-sns'
 import { P6CDKNamer } from 'p6-cdk-namer'
 import { P6LzSraCloudWatch } from '../constructs/p6-lz-sra-cloudwatch'
 import { P6LzSraConfig } from '../constructs/p6-lz-sra-config'
@@ -22,6 +24,7 @@ export class AuditAccountStack1 extends cdk.Stack {
     })
 
     const bucket = s3.Bucket.fromBucketArn(this, 'CentralBucket', props.centralBucketArn.toString())
+
     const trail = new P6LzSraOrgTrail(this, 'P6LzSraOrgTrail', {
       logGroup: cw.logGroup,
       logRole: cw.logRole,
@@ -33,5 +36,15 @@ export class AuditAccountStack1 extends cdk.Stack {
       principals: props.principals,
       centralBucket: bucket,
     })
+
+    const snsTopic = new sns.Topic(this, 'P6LzTopicSlack', {
+      displayName: 'p6-lz-slack-notifications',
+    })
+    const slackChannel = new chatbot.SlackChannelConfiguration(this, 'MySlackChannel', {
+      slackChannelConfigurationName: 'p6-lz-notifications',
+      slackWorkspaceId: 'TMCK8D7S5',
+      slackChannelId: 'C081AG7GKEJ',
+    })
+    slackChannel.addNotificationTopic(snsTopic)
   }
 }