An AWS Lambda function for better Cisco Spark notifications. This work is a direct descendant of function and wouldn't be possible without it.
This function was originally derived from the
lambda-cloudwatch-slack project which was originally derived from the
AWS blueprint named cloudwatch-alarm-to-spark
. The
function in this repo improves on the default blueprint in several ways:
Better default formatting for CloudWatch notifications:
Support for notifications from Elastic Beanstalk:
Support for notifications from Code Deploy:
Basic support for notifications from ElastiCache:
Support for encrypted and unencrypted Spark access token:
Clone this repository and open the Makefile in your editor, then follow the steps below:
Fill in the variables at the top of the Makefile
. For example, your
variables may look like this:
LAMBDA_FUNCTION_NAME=cloudwatch-to-spark
AWS_REGION=us-west-2
AWS_ROLE=arn:aws:iam::123456789123:role/lambda_exec_role
AWS_PROFILE=myprofile
Next, open config.js
. there are several mandatory and optional
configuration options. We've tried to choose a good set of defaults:
A hook URL and a sparkChannel
are required configurations. The
sparkChannel
is the name of the Spark room to send the messages. To
get the value for the URL, you'll need to set up a Spark hook,
as described below.
To configure a proper Spark webhook URL, either the
kmsEncyptedHookUrl
or unencryptedHookUrl
needs to be filled
out. kmsEncyptedHookUrl
uses the AWS KMS encryption service. See the
documentation below for more details
(unencrypted hook url &
encrypted hook url)
All other configuration options are "optional". Some customize the
look and text in the Spark notification; sparkUsername
and orgIcon
will enhance the messages appearance.
Follow these steps to configure the webhook in Spark:
-
Navigate to https://.spark.com/services/new and search for and select "Incoming WebHooks".
-
Choose the default channel where messages will be sent and click "Add Incoming WebHooks Integration".
-
Copy the access token from the setup instructions and use it in the next section.
-
Click 'Save Settings' at the bottom of the Spark integration page.
If you don't want or need to encrypt your access token, you can use the
unencryptedAccessToken
. If this variable is specified, the
kmsEncyptedAccessToken is ignored.
Follow these steps to encrypt your Spark access token for use in this function:
-
Create a KMS key - http://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html.
-
Encrypt the event collector token using the AWS CLI. $ aws kms encrypt --key-id alias/ --plaintext "<SPARK_ACCESS_TOKEN>"
-
Copy the base-64 encoded, encrypted key (CiphertextBlob) to the ENCRYPTED_ACCESS_TOKEN variable.
-
Give your function's role permission for the kms:Decrypt action. Example:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid": "Stmt1443036478000",
"Effect": "Allow",
"Action": [
"kms:Decrypt"
],
"Resource": [
"<your KMS key ARN>"
]
}
]
}
With the variables filled in, you can test the function:
npm install
make test
MIT License