如何使用 sns 警报的 lambda (python) 发送松弛通知

Question

我将 json 对象中的 sns 事件发送到我的电子邮件，但我希望使用 lambda 将特定部分发送到松弛通知。我希望解析时间、事件名称、组 ID、事件 ID 等并将其发送到 slack。我在网上尝试了各种示例，但不断出错。我有一个 cloudwatch 事件，它监视是否有人在给定的安全组上使用了 0.0.0.0/0。如果发生这种情况，这将触发与 sns 警报关联的云监视事件。我已经集成了电子邮件警报，但我希望在松弛时完成此操作。我需要这方面的指导，我尝试了其他在线示例？

*{
  "version": "0",
  "id": "5391448e-1276-49f1-d5a2-5b4898b1f863",
  "detail-type": "AWS API Call via CloudTrail",
  "source": "aws.ec2",
  "account": "982239453305",
  "time": "2019-10-02T10:07:07Z",
  "region": "eu-west-1",
  "resources": [],
  "detail": {
    "eventVersion": "1.05",
    "userIdentity": {
      "type": "AssumedRole",
      "principalId": "AROAIZE22Q5MDGTLWB2FW:jahmed",
      "arn": "arn:aws:sts::988339453305:assumed-role/dp-admins/arahman",
      "accountId": "988339453305",
      "accessKeyId": "*******",
      "sessionContext": {
        "sessionIssuer": {
          "type": "Role",
          "principalId": "********",
          "arn": "arn:aws:iam::988569453305:role/dp-admins",
          "accountId": "988569453305",
          "userName": "dp-admins"
        },
        "webIdFederationData": {},
        "attributes": {
          "mfaAuthenticated": "true",
          "creationDate": "2019-10-02T10:05:55Z"
        }
      }
    },
    "eventTime": "2019-10-02T10:07:07Z",
    "eventSource": "ec2.amazonaws.com",
    "eventName": "RevokeSecurityGroupIngress",
    "awsRegion": "eu-west-1",
    "sourceIPAddress": "195.89.75.182",
    "userAgent": "console.ec2.amazonaws.com",
    "requestParameters": {
      "groupId": "sg-00d088d28c60e6bd0",
      "ipPermissions": {
        "items": [
          {
            "ipProtocol": "tcp",
            "fromPort": 0,
            "toPort": 0,
            "groups": {},
            "ipRanges": {
              "items": [
                {
                  "cidrIp": "0.0.0.0/0",
                  "description": "test-MUST-REMOVE!"
                }
              ]
            },
            "ipv6Ranges": {},
            "prefixListIds": {}
          },
          {
            "ipProtocol": "tcp",
            "fromPort": 0,
            "toPort": 0,
            "groups": {},
            "ipRanges": {},
            "ipv6Ranges": {
              "items": [
                {
                  "cidrIpv6": "::/0",
                  "description": "test-MUST-REMOVE!"
                }
              ]
            },
            "prefixListIds": {}
          }
        ]
      }
    },
    "responseElements": {
      "requestId": "93fc850f-65e7-464f-b2e0-3db1753a0c94",
      "_return": true
    },
    "requestID": "93fc850f-65e7-464f-b2e0-3db1753a0c94",
    "eventID": "2aa40c8d-cc28-45af-89c8-e8885d98dc00",
    "eventType": "AwsApiCall"
  }
}*

Answer 1

• 这是我用来与 slack 集成的代码
• 阅读 SNS 消息，然后将消息发布到 slack webhook url。

import json
import logging
import os
from urllib2 import Request, urlopen, URLError, HTTPError
# Read all the environment variables
SLACK_WEBHOOK_URL = os.environ['SLACK_WEBHOOK_URL']
SLACK_USER = os.environ['SLACK_USER']
SLACK_CHANNEL = os.environ['SLACK_CHANNEL']

logger = logging.getLogger()
logger.setLevel(logging.INFO)

def lambda_handler(event, context):
    logger.info("Event: " + str(event))
    # Read message posted on SNS Topic
    message = json.loads(event['Records'][0]['Sns']['Message'])
    logger.info("Message: " + str(message))
# Construct a new slack message
    slack_message = {
        'channel': SLACK_CHANNEL,
        'username': SLACK_USER,
        'text': "%s" % (message)
    }
# Post message on SLACK_WEBHOOK_URL
    req = Request(SLACK_WEBHOOK_URL, json.dumps(slack_message))
    try:
        response = urlopen(req)
        response.read()
        logger.info("Message posted to %s", slack_message['channel'])
    except HTTPError as e:
        logger.error("Request failed: %d %s", e.code, e.reason)
    except URLError as e:
        logger.error("Server connection failed: %s", e.reason)