To build the AWS components for this service, we will use the Serverless Framework. Let's fire up our sls commands and get into it:
- First, create the service. For this example, we will use Node.js, but feel free to use another runtime if you prefer:
sls create
--template aws-nodejs
--path serverless-configbot
- Then, we need to get our serverless.yml file into shape. All we need for now is a function with an endpoint that Slack can make API calls to using the POST method:
service: serverless-configbot
provider:
name: aws
runtime: nodejs10.x
functions:
configbot-brain:
handler: handler.configbotbrain
events:
- http:
path: events
method: post
Next, we need to create the brain for configbot. Our sls command has already created a handler.js file with some boilerplate code in it, so let's reuse that to add our functionality. In this example, instead of giving you the complete Lambda function to use, I'm going to give you snippets that you might want to add. I'll leave it up to you to find the best way to piece those together, but just be aware that these snippets won't work independently.
The first thing our Lambda should do is find out the identifiers of the security groups that are attached to our given instance. We can do this quite simply with the following function. This returns a resolved promise with the output of the describeInstances method from the EC2 API:
const getInstance = (instance) => {
return new Promise(resolve => {
let params = {
InstanceIds: [ instance ]
}
ec2.describeInstances(params, (e, data) => {
if(e) console.log(e, e.stack);
else resolve(data)
})
});
};
Then, we need to query the rules within the attached security group. For simplicity, my code assumes there is only one security group attached to the instance, but you can easily extend the example code in the future. The ports that are specified in each rule within the security group are added to an array and returned as a resolved promise. This function uses the describeSecurityGroups method from the EC2 API:
const getPorts = (securitygroups) => {
return new Promise(resolve => {
let params = { GroupIds: [ securitygroups ] };
ec2.describeSecurityGroups(params, (e, data) => {
if(e) console.log(e, e.stack);
else {
let rules = data.SecurityGroups[0].IpPermissions;
let ports = [];
rules.forEach(rule => {
if(rule.FromPort == rule.ToPort) ports.push(rule.FromPort)
else {
let range = rule.FromPort + "-" + rule.ToPort;
ports.push(range)
}
}); resolve(ports) } }) });
Awesome – so that completes our custom logic part of the brain. Now, we need to add some functionality so that we can communicate with our Slack app.
Remember those credentials that we created in the Slack console earlier? Now, we're going to build a validation step in to our function code so that Slack knows we're a trusted party.