Skip to content

fivexl/terraform-aws-ecs-events-to-slack

BranchesTags

Repository files navigation

FivexL

Want practical AWS infrastructure insights?

👉 Subscribe to our newsletter to get:

  • Real stories from real AWS projects
  • No-nonsense DevOps tactics
  • Cost, security & compliance patterns that actually work
  • Expert guidance from engineers in the field

=========================================================================

terraform-aws-ecs-events-to-slack

Rules for Amazon EventBridge that fetch ECS events and send them to Slack

Example

module "ecs_to_slack" {
  source            = "git::https://github.com/fivexl/terraform-aws-ecs-events-to-slack.git"
  name              = "ecs-to-slack"
  slack_webhook_url = "https://hooks.slack.com/YOUR-WEBHOOK-ID"
}

You can find more examples in the examples/ directory

Securing Slack Webhook URLs

Instead of passing the Slack webhook URL as plain text, you can securely store it in AWS Secrets Manager or AWS Systems Manager Parameter Store.

Using AWS Secrets Manager

Store your Slack webhook URL as a secret in AWS Secrets Manager:

module "ecs_to_slack" {
  source                        = "git::https://github.com/fivexl/terraform-aws-ecs-events-to-slack.git"
  name                          = "ecs-to-slack"
  slack_webhook_url             = "slack-webhook-secret"  # Secrets Manager secret name
  slack_webhook_url_source_type = "secretsmanager"
}

Prerequisites:

  • Create a secret in AWS Secrets Manager containing your Slack webhook URL

See: examples/simple-secretsmanager for a complete example.

Using AWS Systems Manager Parameter Store

Store your Slack webhook URL as a parameter in SSM Parameter Store:

module "ecs_to_slack" {
  source                        = "git::https://github.com/fivexl/terraform-aws-ecs-events-to-slack.git"
  name                          = "ecs-to-slack"
  slack_webhook_url             = "/myapp/slack-webhook"  # SSM parameter path (must include leading /)
  slack_webhook_url_source_type = "ssm"
}

Prerequisites:

  • Create a parameter in AWS Systems Manager Parameter Store with your Slack webhook URL

See: examples/simple-ssm for a complete example.

Info

Build Process

There are three ways to build and deploy this module's Lambda function:

  1. Use pre-created images pulled from ECR (default).
  2. Build the image locally with Docker by setting use_pre_created_image = false.
  3. Use your own ECR repository by overriding the ECR-related variables.

Example of using your own ECR repository:

module "ecs_to_slack" {
  source               = "git::https://github.com/fivexl/terraform-aws-ecs-events-to-slack.git"
  name                 = "ecs-to-slack"
  slack_webhook_url    = "https://hooks.slack.com/YOUR-WEBHOOK-ID"
  ecr_repo_name        = "example_repo_name"
  ecr_owner_account_id = "<example_account_id>"
}

GitHub CI for this repository builds the Lambda Docker image for every release and publishes it to FivexL's private ECR. Users can use this pre-built Docker image as the default deployment path instead of building the image locally.

ECR is private for the following reasons:

  • AWS Lambda can only use container images stored in ECR.
  • AWS Lambda cannot use public ECR images.
  • AWS Lambda does not support pulling container images from Amazon ECR through a pull-through cache rule, so users cannot rely on an intermediate private ECR that mirrors another registry such as GHCR.

Images and repositories are replicated in every region supported by this module except:

  • ap_east_1
  • eu_south_1
  • ap_southeast_3
  • af_south_1
  • me_south_1
  • il_central_1
  • me_central_1
  • eu_south_2
  • ap_south_2
  • eu_central_2
  • ap_southeast_4
  • ca_west_1
  • us_gov_east_1
  • us_gov_west_1

Those regions are not enabled by default. If you need support for a region that is not covered, please open an issue and we will add it.

AWS Terraform provider versions

  • version 0.1.2 is the last version that works with both Terraform AWS provider v3 and v4. There are no plans to update 0.1.X branch.
  • all versions later (0.2.0 and above) require Terraform AWS provider v4 as a baseline

Upgrade note for 0.3.4 -> 1.0.x

When upgrading this module from 0.3.4 to 1.0.x, the first deployment may fail because this release changes the Lambda packaging model from ZIP-based deployment to Docker image deployment, which causes the Lambda function to be re-created. Due to a Terraform AWS provider issue, the re-creation can fail if the old Lambda function still exists.

If that happens, use one of these recovery options and run terraform apply again:

  1. Delete the existing Lambda function manually. The Lambda function name is the same as the module input name.
aws lambda delete-function --function-name "<module_name>"

Example:

aws lambda delete-function --function-name "ecs-to-slack"
  1. Destroy and recreate the module:
terraform destroy -target=module.<module_name>
terraform apply

If you prefer to remove the Lambda function first and keep the rest of the module managed by Terraform, delete only the Lambda function with the AWS CLI and then rerun terraform apply.

Requirements

Name Version
terraform >= 0.13.1
aws ~> 6.0

Providers

Name Version
aws ~> 6.0

Modules

Name Source Version
slack_notifications terraform-aws-modules/lambda/aws 8.2.0

Resources

Name Type
aws_cloudwatch_event_rule.this resource
aws_cloudwatch_event_target.this resource
aws_caller_identity.current data source
aws_iam_policy_document.secretsmanager data source
aws_iam_policy_document.ssm data source
aws_region.current data source

Inputs

Name Description Type Default Required
cloudwatch_logs_retention_in_days Specifies the number of days you want to retain log events in the specified log group. Possible values are: 1, 3, 5, 7, 14, 30, 60, 90, 120, 150, 180, 365, 400, 545, 731, 1827, and 3653. number 14 no
create_role Controls whether IAM role for Lambda Function should be created bool true no
custom_event_rules A map of objects representing the custom EventBridge rule which will be created in addition to the default rules. any {} no
ecr_owner_account_id In what account is the ECR repository located. string "222341826240" no
ecr_repo_name The name of the ECR repository. string "fivexl-opensource/terraform-aws-ecs-events-to-slack" no
ecr_repo_tag The tag of the image in the ECR repository. string "1.0.0" no
ecs_deployment_state_event_rule_detail The content of the detail section in the EvenBridge Rule for ECS Deployment State Change events. Use it to filter the events which will be processed and sent to Slack. any 
{
  "eventType": [
    "ERROR"
  ]
}
 no
ecs_service_action_event_rule_detail The content of the detail section in the EvenBridge Rule for ECS Service Action events. Use it to filter the events which will be processed and sent to Slack. any 
{
  "eventType": [
    "WARN",
    "ERROR"
  ]
}
 no
ecs_task_state_event_rule_detail The content of the detail section in the EvenBridge Rule for ECS Task State Change events. Use it to filter the events which will be processed and sent to Slack. any 
{
  "lastStatus": [
    "STOPPED"
  ],
  "stoppedReason": [
    {
      "anything-but": {
        "prefix": "Scaling activity initiated by (deployment ecs-svc/"
      }
    }
  ]
}
 no
enable_ecs_deployment_state_event_rule The boolean flag enabling the EvenBridge Rule for ECS Deployment State Change events. The detail section of this rule is configured with ecs_deployment_state_event_rule_detail variable. bool true no
enable_ecs_service_action_event_rule The boolean flag enabling the EvenBridge Rule for ECS Service Action events. The detail section of this rule is configured with ecs_service_action_event_rule_detail variable. bool true no
enable_ecs_task_state_event_rule The boolean flag enabling the EvenBridge Rule for ECS Task State Change events. The detail section of this rule is configured with ecs_task_state_event_rule_detail variable. bool true no
lambda_memory_size Amount of memory in MB your Lambda Function can use at runtime. Valid value between 128 MB to 10,240 MB (10 GB), in 64 MB increments. number 256 no
lambda_role IAM role ARN attached to the Lambda Function. This governs both who / what can invoke your Lambda Function, as well as what resources our Lambda Function has access to. See Lambda Permission Model for more details. string "" no
name The string which will be used for the name of AWS Lambda function and other created resources string n/a yes
recreate_missing_package Whether to recreate missing Lambda package bool true no
role_name The string which will be used for the name of Lambda IAM role string null no
slack_webhook_url (default) A Slack incoming webhook URL.
(if slack_webhook_url_source_type is 'secret') A secretsmanager secret name
(if slack_webhook_url_source_type is 'ssm') The full path to the SSM parameter including the initial slash.		 string n/a yes
slack_webhook_url_source_type Define where to get the slack webhook URL for variable slack_webhook_url. Either as text input or from an AWS secretsmanager lookup string "text" no
tags A map of tags to add to all resources map(string) {} no
use_pre_created_image If true, the image will be pulled from the ECR repository. If false, the image will be built using Docker from the source code. bool true no

Outputs

No outputs.

Post review

  • Post review url

About

Rules for Amazon EventBridge that fetch ECS events and send that events to Slack

registry.terraform.io/modules/fivexl/ecs-events-to-slack/aws

Topics

aws devops terraform ecs terraform-modules

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

12 stars

Watchers

0 watching

Forks

10 forks
Report repository

Releases 20

1.0.3 Latest
Mar 19, 2026
+ 19 releases

Packages

 
 
 

Contributors

Languages