Customize slack channel per included account

[nitrocode]

I have a client setup like this

current setup - single channel for multiple accounts

module "clickops_notifier" {
  source  = "cloudandthings/clickops-notifier/aws"
  version = "5.0.4"

  cloudtrail_bucket_name = "org-cloudtrail"

  included_accounts = [
    module.account_map["production"],
    module.account_map["corp"],
  ]

  webhooks_for_slack_notifications = {
    "clickops" = jsondecode(data.aws_secretsmanager_secret_version.webhook.secret_string)["webhook"]
  }
}

I want to set this up so I can do a separate slack channel per account, which can be done with a for_each per account which results in duplicating a lot of infrastructure.

per account for separate channel using for_each

module "clickops_notifier" {
  source  = "cloudandthings/clickops-notifier/aws"
  version = "5.0.4"

  for_each = toset([
    "production",
    "corp",
  ])

  cloudtrail_bucket_name = "org-cloudtrail"

  included_accounts = [
    module.account_map[each.key],
  ]

  webhooks_for_slack_notifications = {
    "clickops-${each.key}" = jsondecode(data.aws_secretsmanager_secret_version.webhook[each.key].secret_string)["webhook"]
  }
}

What's more ideal is if we can do something like this

per account for separate channel using multiple hooks

Using the key as the account instead of the channel name

module "clickops_notifier" {
  source  = "cloudandthings/clickops-notifier/aws"
  version = "5.0.4"

  cloudtrail_bucket_name = "org-cloudtrail"

  included_accounts = [
    module.account_map["production"],
    module.account_map["corp"],
  ]

  # written out without a for loop to show mapping is
  # account = slack-web-hook
  webhooks_slack_notifications_per_account = {
    module.account_map["production"] = jsondecode(data.aws_secretsmanager_secret_version.webhook["production"].secret_string)["webhook"]
    module.account_map["corp"]       = jsondecode(data.aws_secretsmanager_secret_version.webhook["corp"].secret_string)["webhook"]
  }

  # or
  # webhooks_slack_notifications_per_account = {
  #   for account in data.aws_secretsmanager_secret_version.webhook:
  #   module.account_map[account] = jsondecode(data.aws_secretsmanager_secret_version.webhook[account].secret_string)["webhook"]
  # }
}

---

terraform-aws-clickops-notifier/main.tf

Lines 142 to 148 in be9694c

	resource "aws_ssm_parameter" "webhooks_for_slack" {
	for_each = nonsensitive(toset(keys(var.webhooks_for_slack_notifications)))
	name = "/${var.naming_prefix}/webhooks-for-slack/${each.key}"
	description = "Webhook \"${each.key}\" for clickops notifications via Slack."
	type = "SecureString"
	value = var.webhooks_for_slack_notifications[each.key]

terraform-aws-clickops-notifier/main.tf

Lines 104 to 105 in be9694c

	environment_variables = {
	PARAMETER_NAMES_FOR_SLACK_WEBHOOKS = jsonencode([for p in aws_ssm_parameter.webhooks_for_slack : p.name])

terraform-aws-clickops-notifier/clickopsnotifier/app.py

Lines 56 to 64 in be9694c

	logging.info("Configuring Slack messengers...")
	for parameter_name in PARAMETER_NAMES_FOR_SLACK_WEBHOOKS:
	webhook_url = get_webhook_url(parameter_name)
	messenger = Messenger(
	webhook_type="slack",
	webhook_url=webhook_url,
	parameter_name=parameter_name,
	)
	_MESSENGERS.append(messenger)