DEV Community

Nathan (Nursultan) Bekenov for AWS Community Builders

Posted on • Edited on

Approve AWS CodePipeline Deployments from MS Teams

With increasing number of pipelines running in multiple accounts for different applications it becomes difficult to manage all deployment approvals. The solution provided here enables you to approve CodePipeline stages in a centralized way using Microsoft Teams.

Architecture

Image description

The solution involves several components working together. Firstly, Notification Lambda function is used to send an approval request to an MS Teams channel via message card. This function is triggered by SNS topic configured in a AWS CodePipeline stage that requires manual approval. The Notification Lambda function uses the Microsoft Teams webhook connector to send a message card to the MS Teams channel, which includes a button that the approver can click to approve or reject the pipeline stage. When the approver clicks the approval button, the MS Teams channel sends a POST request to an API Gateway endpoint, which triggers another Lambda function. This second function Approval Lambda uses the AWS CodePipeline API to update the status of the pipeline stage based on the approver's response.

Implementation
The whole solution can be found in my git repository

For IaC I used Terraform but you can choose any other method you prefer. The most important part I believe is the code of Lambda functions. I wrote them using Python.

More about MS Teams message cards here

Notes

  • It's possible to enhance security by adding Lambda Authorizer for Api Gateway to ensure that requests are coming only from MS Teams.
  • Use a dedicated MS Teams channel for approval request to ensure that they are easily visible and distinguishable from other messages.
  • Make sure that people who allowed to trigger pipeline approval are added into channel and granted admin access Use descriptive and informative message card format that includes relevant information such as the pipeline name, stage name and etc.
  • Use appropriate error handling and logging in your Lambda functions to detect and handle errors and exceptions
  • Use monitoring and alerting to track usage and performance of your Lambda functions and other resources, and to alert you about potential issues or anomalies.
  • The same approach/solution can be done with Slack channels. The only difference will be in the part of sending requests to and from Slack.

Top comments (0)