This module builds the infrastructure required to run a Lambda Function to retrieve the current AWS cost and the end of month forecasted cost. The function can be configured to report it's finding regularly (scheduled mode) or only if certain threshold is exceeded (alerts only mode). In both cases it uses an Slack webhook to send ots findings. Use the input parameter alerts_only to define this behaviour.
Before Running Terraform
- Before instantiating the module, follow these instructions to create an slack webhook
- Create a customer manager KMS key. Make sure the account Terraform will use to create the infrastructure can use it.
- Encript the slack webhook URL
echo -n 'slack webhook URL' > plaintext-file
aws kms encrypt --key-id <id of CMK created in step 2> --plaintext fileb://plaintext-file --output text --query CiphertextBlob
- Use the output of this command as a value for encripted_slack_webhook_url. The module will decript it, and store it as a secret in AWS Secrets Manager
- Run
/lambda/build.py. - Fill the rest of the module input parameters and run Terraform plan/apply
| Name | Version |
|---|---|
| aws | 4.60.0 |
| Name | Version |
|---|---|
| aws | 4.60.0 |
No modules.
| Name | Type |
|---|---|
| aws_cloudwatch_event_rule.lambda_trigger | resource |
| aws_cloudwatch_event_target.event_target | resource |
| aws_iam_role.iam_for_lambda | resource |
| aws_lambda_function.cost_alert | resource |
| aws_lambda_permission.allow_events_bridge_to_run_lambda | resource |
| aws_secretsmanager_secret.secret | resource |
| aws_secretsmanager_secret_version.secret_version | resource |
| aws_iam_policy_document.assume_role | data source |
| aws_iam_policy_document.inline_policy | data source |
| aws_kms_secrets.secret_value | data source |
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| alert_threshold | Integer representing the % above which alerts will be sent to slack | number |
n/a | yes |
| alerts_only | The lambda will only post messages if a threshold is exceeded (alerts only mode). If set to false (a.k.a. scheduled mode) messages will be sent regularly | bool |
true |
no |
| encripted_slack_webhook_url | Encript the webhook URL with KMS, and use it in this variable. See readme.md | string |
n/a | yes |
| frequency | Frequency to run the lambda (cron formating is also accepted) | string |
"rate(1 day)" |
no |
| image_uri | URI of the repo where the lambda image is stored | string |
n/a | yes |
| name | Name prefix to be applied to all resources | string |
"cost_alert" |
no |
| Name | Description |
|---|---|
| lambda_arn | Lambda function ARN |