There are 3 parts to configuring this to run as a Lambda
- IAM Role for Lambda - The IAM Role for you Lambda will have to give permissions for Lambda and Cost Explorer.
- Trigger - Event Bridge(Cloudwatch Alarms) setup with a cron expression to trigger a run daily.
- Function Code - You can directly paste in the get_forecast.py file is all ready to go.
-
Navigate to https://.slack.com/services/new
-
Search for and select "Incoming WebHooks".
-
Choose the default channel where messages will be sent and click "Add Incoming WebHooks Integration".
-
Copy the webhook URL from the setup instructions and use it in the next section.
(*TODO: currently not supported you must use secrets manager)
-
Create or use an existing KMS Key - http://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html
-
Expand "Encryption configuration" and click the "Enable helpers for encryption in transit" checkbox
-
Paste <SLACK_CHANNEL> into the slackChannel environment variable
Note: The Slack channel does not contain private info, so do NOT click encrypt
- Paste <SLACK_HOOK_URL> into the kmsEncryptedHookUrl environment variable and click "Encrypt"
Note: You must exclude the protocol from the URL (e.g. "hooks.slack.com/services/abc123").
- Give your function's role permission for the
kms:Decrypt
action using the provided policy template
When you create the Lambda it will create a role for you with required Lambda permissions, you must add the following
permissions to it:
Here is an example trigger, keep in mind the cron runs in UTC Timezone.
You can directly copy and paste get_forecast.py into the Lambda definition without modifications.