This sample is to illutrate the use of AWS SAM, and Lambda, API Gateway, Webhook and Slack. It is based on this set of articles but using the following difference:
- Python based lambda with an unique function to support the business logic of supporting different event types
- Use a coarse grained API where all the git events are managed by a single Function. This is more inline with domain driven design and EDA design: the domain is the Software Configuration Management (GitHub), Aggregate is GitCommand, and events are at least CodePushed, StarAdded, ForkHappened....
- Still using API Gateway to present a webhook to Git
- SAM focus
The architecture looks like in the following diagram:
-
Set up the Slack Webhook URL for my personal slack account. Test the API by posting a simple message using curl:
curl -X POST https://hooks.slack.com/services/T4D.... -H 'Content-type: application/json' --data '{"text": "This is a line of text in a channel.\nAnd this is another line of text."}'
-
Create the with sam, hello world template as it includes also API gateway for python
sam init --runtime python3.9 --dependency-manager pip --app-template hello-world --name gitEventHandler
-
Change to
src
folder to keep lambda function -
Modify code to use
requests
library, env variable and json. Add a method to call Slack WebHook.def send_slack_message(payload): webhook = os.environ.get("SLACK_WEBHOOK") return requests.post(webhook, json.dumps(payload))
-
Install dependencies
pip3 install -r requirements.txt
-
Unit testing can be done with the following command in one terminal:
export SLACK_WEBHOOK=.... sam local start-api --port 8080
And in another terminal:
curl -X POST http://localhost:8080/ -H 'Content-type: application/json' -d @events/unittestevent.json
As a result the Slack app should get the message.
-
Deploy the application to AWS using SAM cli:
sam build sam validate --lint sam deploy --guided
Below is an example of input to enter:
Stack Name [sam-app]: gitEventHandler AWS Region [us-west-2]: Parameter slackUrl []: https://hooks.slack.com/services/T4D.... #Shows you resources changes to be deployed and require a 'Y' to initiate deploy Confirm changes before deploy [y/N]: y #SAM needs permission to be able to create roles to connect to the resources in your template Allow SAM CLI IAM role creation [Y/n]: y #Preserves the state of previously provisioned resources when an operation fails Disable rollback [y/N]: y GitEventHandler may not have authorization defined, Is this okay? [y/N]: y Save arguments to configuration file [Y/n]: SAM configuration file [samconfig.toml]: SAM configuration environment [default]:
The output is a Cloud Formation with the followng elements:
GitEventHandlerGitEventsPermission AWS::Lambda::Permission GitEventHandlerRole AWS::IAM::Role -> to be able to write to CloudWatch GitEventHandler AWS::Lambda::Function ServerlessHttpApiApiGatewayDefaultS AWS::ApiGatewayV2::Stage ServerlessHttpApi AWS::ApiGatewayV2::Api
IAM Role with policy to write to CloudWatch:
Lambda:
API Gateway with API to proxy the Lambda function:
And the permission to invoke the lambda from the API gateway as a principal
The resource based policy specifies that the API Gateway can invoke the function, with POST operation only:
-
Add the generated samconfig.toml to .gitignore as it contains secrets.
-
If needed to resynch the code back to AWS do:
sam sync --code --stack-name gitEventHandler
-
Any push to this repo or a star on this repo will generate a message into Slack:
-
Delete everything:
sam delete