DEV Community: Wassim Kallel The latest articles on DEV Community by Wassim Kallel (@wassimkallel). https://dev.to/wassimkallel https://media2.dev.to/dynamic/image/width=90,height=90,fit=cover,gravity=auto,format=auto/https:%2F%2Fdev-to-uploads.s3.amazonaws.com%2Fuploads%2Fuser%2Fprofile_image%2F231334%2F8217ef5b-51f9-4e98-8eae-4505c8570351.jpeg DEV Community: Wassim Kallel https://dev.to/wassimkallel en Setup CodeCommit to Slack bot using AWS CDK Wassim Kallel Sat, 02 May 2020 01:00:26 +0000 https://dev.to/wassimkallel/setup-codecommit-to-slack-bot-using-aws-cdk-43d8 https://dev.to/wassimkallel/setup-codecommit-to-slack-bot-using-aws-cdk-43d8 <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--12I-pOji--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://wassimkallel.github.io/assets/img/posts/codecommit-slack.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--12I-pOji--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://wassimkallel.github.io/assets/img/posts/codecommit-slack.png" alt="overview"></a></p> <p>Originally posted on my blog <a href="https://wassimkallel.github.io/2020/05/01/deploy-codecommit-slack-bot">here</a></p> <h2> Introduction </h2> <p><strong>1. What’s AWS CDK?</strong> ​</p> <p>AWS CDK is an Infrastructure as Code solution, similar to AWS CloudFormation and HashiCorp’s Terraform, Where you can have your infrastructure defined as Code in a project which you can deploy easily, keep track of its changes (Assuming you use a Version Control system like Git for that) and acts as a documentation for your simple or complex solution design. ​</p> <p><strong>2. How does it compare to the others?</strong> ​</p> <div class="table-wrapper-paragraph"><table> <tr> <th></th> <th>Aws Cloudformation</th> <th>Aws CDK</th> <th>Terraform</th> </tr> <tr> <td>Execution</td> <td>Server side execution in aws cloudformation’s service</td> <td>Client side synthesis, Server side execution in CloudFormation’s service</td> <td>Client side execution</td> </tr> <tr> <td>Language</td> <td>YAML or JSON</td> <td>TypeScript, Python, Java or C#</td> <td>HashiCorp Language</td> </tr> <tr> <td>Supported providers</td> <td>AWS only</td> <td>AWS only</td> <td>Plenty of providers <a href="https://www.terraform.io/docs/providers/index.html">see here</a> </td> </tr> </table></div> <p>​</p> <p>​ ​ <strong>3. CDK project lifecycle</strong> ​</p> <p>When you create a project you define your infrastructure in one of the supported languages. Your CDK project gets parsed and a CloudFormation template is generated. The CloudFormation template gets executed in aws Cloudformation’s service and all infrastructure is set up for you.</p> <h2> Let’s get our hands dirty </h2> <p>Here’s what we’re trying to create in this tutorial, we’re going to make any action in our CodeCommit Repository triggers a notification in Slack. ​ Under the hood a Cloudwatch Rule will listen to any actions happening in the repository and triggers a Lambda with the action’s details (commit message, pull request title, etc).</p> <p><strong>1. Installation</strong> ​</p> <p>Assuming you have NPM installed.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>npm <span class="nb">install</span> <span class="nt">-g</span> cdk </code></pre> </div> <ul> <li>Bootstrapping your account ​</li> </ul> <p>AWS CDK creates a stack of resources it needs in your aws account to insure it can deploy your projects later, like an S3 bucket to upload assets.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code>cdk bootstrap </code></pre> </div> <p><strong>2. Creating a project</strong> ​</p> <p>In our case we’re going to use python as our language of choice<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">mkdir </span>codecommit-slack-bot <span class="nb">cd </span>codecommit-slack-bot cdk init <span class="nt">--language</span><span class="o">=</span>python </code></pre> </div> <p>A boilerplate project gets created alongside a virtualenv.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">.</span> ├── .env ├── README.md ├── app.py ├── cdk.json ├── requirements.txt ├── setup.py └── tuto_cdk ├── __init__.py └── tuto_cdk_stack.py </code></pre> </div> <p>To activate the virtualenv and install the requirements.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight shell"><code><span class="nb">source</span> .env/bin/activatepip <span class="nb">install</span> <span class="nt">-r</span> requirements.txt </code></pre> </div> <p><strong>3. Understanding the boilerplate</strong></p> <ul> <li> <em>app.py</em> file ​</li> </ul> <p><em>app.py</em> is the project starting point and it looks like this:<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="c1">#!/usr/bin/env python3 </span> <span class="err">​</span><span class="kn">from</span> <span class="nn">aws_cdk</span> <span class="kn">import</span> <span class="n">core</span> <span class="err">​</span><span class="kn">from</span> <span class="nn">codecommit_slack_bot.codecommit_slack_bot_stack</span> <span class="kn">import</span> <span class="n">CodecommitSlackBotStack</span> <span class="err">​​</span><span class="n">app</span> <span class="o">=</span> <span class="n">core</span><span class="p">.</span><span class="n">App</span><span class="p">()</span> <span class="n">CodecommitSlackBotStack</span><span class="p">(</span><span class="n">app</span><span class="p">,</span> <span class="s">"codecommit-slack-bot"</span><span class="p">)</span><span class="err">​</span> <span class="n">app</span><span class="p">.</span><span class="n">synth</span><span class="p">()</span> </code></pre> </div> <p><code>app = core.App()</code> initializes the CDK.</p> <p><code>CodecommitSlackBotStack(app, "codecommit-slack-bot")</code> creates our only stack, but we can have multiple ones. </p> <p><code>app.synth()</code> this method is what transforms the stacks we defined into cloudformation templates.</p> <ul> <li> <em>codecommit_slack_bot_stack.py</em> file ​</li> </ul> <p>Now let’s have a look at the only stack created for us.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="nn">aws_cdk</span> <span class="kn">import</span> <span class="n">core</span> <span class="err">​​</span><span class="k">class</span> <span class="nc">CodecommitSlackBotStack</span><span class="p">(</span><span class="n">core</span><span class="p">.</span><span class="n">Stack</span><span class="p">):</span> <span class="err">​</span> <span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">scope</span><span class="p">:</span> <span class="n">core</span><span class="p">.</span><span class="n">Construct</span><span class="p">,</span> <span class="nb">id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> <span class="nb">super</span><span class="p">().</span><span class="n">__init__</span><span class="p">(</span><span class="n">scope</span><span class="p">,</span> <span class="nb">id</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="c1"># The code that defines your stack goes here </span></code></pre> </div> <p>​ There’s already a comment in the boilerplate which gives us a hint on where to put our code that defines our stack of resources, all should be in the constructor of our class. </p> <p>This class gets instantiated in the <code>app.py</code> into an object, that’s all what CDK needs to understand that you want to create a stack with all the resources you define in it. ​</p> <p><strong>4. Writing our own code</strong> ​</p> <p>In our stack file called <em>codecommit_slack_bot_stack.py</em> we are going to define the resources we want to add. ​ We started by modifying the constructor of our stack to accept 3 more parameters which are the <code>lambda_path</code> , <code>slack_webhook_url</code> and <code>codecommit_repo_arn</code>.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="k">def</span> <span class="nf">__init__</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">scope</span><span class="p">:</span> <span class="n">core</span><span class="p">.</span><span class="n">Construct</span><span class="p">,</span> <span class="nb">id</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">lambda_path</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">slack_webhook_url</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="n">codecommit_repo_arn</span><span class="p">:</span> <span class="nb">str</span><span class="p">,</span> <span class="o">**</span><span class="n">kwargs</span><span class="p">)</span> <span class="o">-&gt;</span> <span class="bp">None</span><span class="p">:</span> </code></pre> </div> <p>Our goal is to achieve the workflow below:</p> <p><a href="https://res.cloudinary.com/practicaldev/image/fetch/s--_q8b5U2f--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://wassimkallel.github.io/assets/img/posts/codecommit-slack2.png" class="article-body-image-wrapper"><img src="https://res.cloudinary.com/practicaldev/image/fetch/s--_q8b5U2f--/c_limit%2Cf_auto%2Cfl_progressive%2Cq_auto%2Cw_880/https://wassimkallel.github.io/assets/img/posts/codecommit-slack2.png" alt="complete workflow"></a></p> <ul> <li> <strong>IAM Role for our Lambda Function</strong> ​</li> </ul> <p>We start by importing <code>aws_iam</code> from cdk<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="nn">aws_cdk</span> <span class="kn">import</span> <span class="n">core</span><span class="p">,</span> <span class="n">aws_iam</span> </code></pre> </div> <p>​This role should allow us to access codecommit to retrieve details about the repository and the more details about the actions triggered. It also allows our Lambda function to store Logs in Cloudwatch. For That we start by creating our Policy document.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">lambda_role_policy</span> <span class="o">=</span> <span class="n">aws_iam</span><span class="p">.</span><span class="n">PolicyDocument</span><span class="p">(</span> <span class="n">statements</span><span class="o">=</span><span class="p">[</span> <span class="n">aws_iam</span><span class="p">.</span><span class="n">PolicyStatement</span><span class="p">(</span> <span class="n">effect</span><span class="o">=</span><span class="n">aws_iam</span><span class="p">.</span><span class="n">Effect</span><span class="p">.</span><span class="n">ALLOW</span><span class="p">,</span> <span class="n">actions</span><span class="o">=</span><span class="p">[</span><span class="s">'codecommit:*'</span><span class="p">],</span> <span class="n">resources</span><span class="o">=</span><span class="p">[</span><span class="n">codecommit_repo_arn</span><span class="p">]</span> <span class="p">),</span> <span class="n">aws_iam</span><span class="p">.</span><span class="n">PolicyStatement</span><span class="p">(</span> <span class="n">effect</span><span class="o">=</span><span class="n">aws_iam</span><span class="p">.</span><span class="n">Effect</span><span class="p">.</span><span class="n">ALLOW</span><span class="p">,</span> <span class="n">actions</span><span class="o">=</span><span class="p">[</span> <span class="s">'logs:CreateLogGroup'</span><span class="p">,</span> <span class="s">'logs:CreateLogStream'</span><span class="p">,</span> <span class="s">'logs:PutLogEvents'</span> <span class="p">],</span> <span class="n">resources</span><span class="o">=</span><span class="p">[</span><span class="s">'*'</span><span class="p">]</span> <span class="p">)</span> <span class="p">]</span> <span class="p">)</span> </code></pre> </div> <p>​ Now that the policy is ready, we can create our role that can be assumed by aws lambda service and attach the policy document to it. ​<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">lambda_role</span> <span class="o">=</span> <span class="n">aws_iam</span><span class="p">.</span><span class="n">Role</span><span class="p">(</span> <span class="bp">self</span><span class="p">,</span> <span class="nb">id</span><span class="o">=</span><span class="s">'role'</span><span class="p">,</span> <span class="n">assumed_by</span><span class="o">=</span><span class="n">aws_iam</span><span class="p">.</span><span class="n">ServicePrincipal</span><span class="p">(</span><span class="s">'lambda.amazonaws.com'</span><span class="p">),</span> <span class="n">inline_policies</span><span class="o">=</span><span class="p">{</span> <span class="s">'policy'</span><span class="p">:</span> <span class="n">lambda_role_policy</span> <span class="p">}</span> <span class="p">)</span> </code></pre> </div> <ul> <li> <strong>AWS Lambda function</strong> ​</li> </ul> <p>It’s time to create our Lambda function, for that we’re going to add aws_lambda to the import statement.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="nn">aws_cdk</span> <span class="kn">import</span> <span class="n">core</span><span class="p">,</span> <span class="n">aws_iam</span><span class="p">,</span> <span class="n">aws_lambda</span> </code></pre> </div> <p>​ Our Lambda function will get the source code from the lambda_path argument and also will set an environment variable called <code>SLACK_WEBHOOK_URL</code> with the value of the argument <code>slack_webhook_url</code> . We’re also going to attach the role we created earlier to it. ​ ​<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">lambda_function</span> <span class="o">=</span> <span class="n">aws_lambda</span><span class="p">.</span><span class="n">Function</span><span class="p">(</span> <span class="bp">self</span><span class="p">,</span> <span class="nb">id</span><span class="o">=</span><span class="s">'handler'</span><span class="p">,</span> <span class="n">code</span><span class="o">=</span><span class="n">aws_lambda</span><span class="p">.</span><span class="n">Code</span><span class="p">.</span><span class="n">from_asset</span><span class="p">(</span><span class="n">lambda_path</span><span class="p">),</span> <span class="n">handler</span><span class="o">=</span><span class="s">'lambda_function.lambda_handler'</span><span class="p">,</span> <span class="n">timeout</span><span class="o">=</span><span class="n">core</span><span class="p">.</span><span class="n">Duration</span><span class="p">.</span><span class="n">seconds</span><span class="p">(</span><span class="mi">300</span><span class="p">),</span> <span class="n">runtime</span><span class="o">=</span><span class="n">aws_lambda</span><span class="p">.</span><span class="n">Runtime</span><span class="p">.</span><span class="n">PYTHON_3_7</span><span class="p">,</span> <span class="n">role</span><span class="o">=</span><span class="n">lambda_role</span><span class="p">,</span> <span class="n">environment</span><span class="o">=</span><span class="p">{</span> <span class="s">'SLACK_WEBHOOK_URL'</span><span class="p">:</span> <span class="n">slack_webhook_url</span> <span class="p">}</span> <span class="p">)</span> </code></pre> </div> <p>​</p> <ul> <li> <strong>Cloudwatch Rule</strong> ​</li> </ul> <p>Now that we have our lambda defined, the missing part is creating the CloudWatch event rule which will listen to all events in our repository and triggers a lambda every time an event occurs. For that we are going to add both <code>aws_events</code> and <code>aws_events_targets</code> to the import statement.<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="kn">from</span> <span class="nn">aws_cdk</span> <span class="kn">import</span> <span class="n">core</span><span class="p">,</span> <span class="n">aws_iam</span><span class="p">,</span> <span class="n">aws_lambda</span><span class="p">,</span> <span class="n">aws_events</span><span class="p">,</span> <span class="n">aws_events_targets</span> </code></pre> </div> <p>​ Then we define the rule by defining the pattern first, then the actual rule ​<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">pattern</span> <span class="o">=</span> <span class="n">aws_events</span><span class="p">.</span><span class="n">EventPattern</span><span class="p">(</span> <span class="n">resources</span><span class="o">=</span><span class="p">[</span><span class="n">codecommit_repo_arn</span><span class="p">],</span> <span class="n">source</span><span class="o">=</span><span class="p">[</span><span class="s">'aws.codecommit'</span><span class="p">]</span> <span class="p">)</span><span class="err">​</span> <span class="n">aws_events</span><span class="p">.</span><span class="n">Rule</span><span class="p">(</span> <span class="bp">self</span><span class="p">,</span> <span class="nb">id</span><span class="o">=</span><span class="s">'cloudwatch-rule'</span><span class="p">,</span> <span class="n">event_pattern</span><span class="o">=</span><span class="n">pattern</span><span class="p">,</span> <span class="n">targets</span><span class="o">=</span><span class="p">[</span><span class="n">aws_events_targets</span><span class="p">.</span><span class="n">LambdaFunction</span><span class="p">(</span><span class="n">lambda_function</span><span class="p">)]</span> <span class="p">)</span> </code></pre> </div> <p>Now that our stack is fully defined, we can start working on the other files. ​</p> <p>First of all, we’re going to put some configuration in the <em>cdk.json</em> file, notably the <code>repository arn</code> and the <code>slack webhook url</code> using the <a href="https://docs.aws.amazon.com/cdk/latest/guide/context.html">context</a> mechanism offered by CDK<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight json"><code><span class="p">{</span><span class="w"> </span><span class="nl">"app"</span><span class="p">:</span><span class="w"> </span><span class="s2">"python3 app.py"</span><span class="p">,</span><span class="w"> </span><span class="nl">"context"</span><span class="p">:</span><span class="w"> </span><span class="p">{</span><span class="w"> </span><span class="nl">"codecommit_repo_arn"</span><span class="p">:</span><span class="w"> </span><span class="s2">"arn:aws:codecommit:&lt;region&gt;:&lt;account&gt;:&lt;repository_name&gt;"</span><span class="p">,</span><span class="w"> </span><span class="nl">"slack_webhook_url"</span><span class="p">:</span><span class="w"> </span><span class="s2">"&lt;slack_webhook_url&gt;"</span><span class="w"> </span><span class="p">}</span><span class="w"> </span><span class="p">}</span><span class="w"> </span></code></pre> </div> <p>Then we’re going to try to access those from the <code>app.py</code> and extract information in there<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>codecommit_repo_arn = app.node.try_get_context('codecommit_repo_arn') slack_webhook_url = app.node.try_get_context('slack_webhook_url') ​repository_details = core.Arn.parse(codecommit_repo_arn) account = repository_details.account region = repository_details.region repository_name = repository_details.resource </code></pre> </div> <p>​ And we’re also going to define the path of our aws lambda’s source code<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight plaintext"><code>import osproject_root_path = path.dirname(path.realpath(__file__)) lambda_source_code_path = path.join(project_root_path, 'lambda_handler') </code></pre> </div> <p>The source code of our lambda function can be found <a href="https://github.com/Think-iT-Labs/CodeCommit-Slackbot/tree/master/lambda_handler">here</a>.​</p> <p>Finally, we’re going to modify the instantiation of our stack to pass all new arguments needed for it. ​<br> </p> <div class="highlight js-code-highlight"> <pre class="highlight python"><code><span class="n">env</span> <span class="o">=</span> <span class="n">core</span><span class="p">.</span><span class="n">Environment</span><span class="p">(</span><span class="n">account</span><span class="o">=</span><span class="n">account</span><span class="p">,</span> <span class="n">region</span><span class="o">=</span><span class="n">region</span><span class="p">)</span> <span class="err">​</span><span class="n">CodecommitSlackBotStack</span><span class="p">(</span> <span class="n">app</span><span class="p">,</span> <span class="nb">id</span><span class="o">=</span><span class="sa">f</span><span class="s">'codecommit-slack-bot-</span><span class="si">{</span><span class="n">repository_name</span><span class="si">}</span><span class="s">'</span><span class="p">,</span> <span class="n">lambda_path</span><span class="o">=</span><span class="n">lambda_source_code_path</span><span class="p">,</span> <span class="n">slack_webhook_url</span><span class="o">=</span><span class="n">slack_webhook_url</span><span class="p">,</span> <span class="n">codecommit_repo_arn</span><span class="o">=</span><span class="n">codecommit_repo_arn</span><span class="p">,</span> <span class="n">env</span><span class="o">=</span><span class="n">env</span> <span class="p">)</span> <span class="err">​</span><span class="n">app</span><span class="p">.</span><span class="n">synth</span><span class="p">()</span> </code></pre> </div> <p>The source code for the project can be found <a href="https://github.com/Think-iT-Labs/CodeCommit-Slackbot">here</a></p> <h2> Conclusion </h2> <p>Infrastructure as Code (IaC) is powerful, it is capable of keeping track of your infrastructure. With more than one single language, CDK gives developers the ability to define their stacks of infrastructure using their preferred programming language, saving time invested for learning purposes required for using other solutions.</p> aws codecommit slack cdk