Slack Integration

Follow

Slack Integration

We integrate with Slack using a Cloud Custodian utility that lets you send Kion compliance notifications through Slack. Integrating with your existing communication platforms helps us support your continuous compliance goals without disrupting your established work flows. Pairing Slack's communication capabilities with Kion's cloud enablement features makes it easy to visualize, manage, and remediate compliance concerns.

The Cloud Custodian utility we use to integrate with Slack is the c7n-mailer, a robust implementation for sending notifications to various tools within your organization. For more information and additional configurations, see Amazon's article c7n-mailer: Custodian Mailer.

Setting Up a Slack Integration

In AWS:

  1. Create a Simple Queue Service (SQS) queue in AWS. We recommend creating it in the account in which Kion is installed. The SQS queue needs to have a queue policy that allows any account in the organization to write to it. For more information, see Amazon's article Creating an Amazon SQS queue.
  2. Create an IAM role with read access to the SQS queue you created.

On your local desktop:

  1. Install c7n-mailer by running:
    pip install c7n-mailer
  2. Create a file named mailer.yml. The mailer.yml file must have two entries:
    • A queue_url entry with the HTTPS URL of the queue you created.
    • A role entry with the Amazon Resource Name (ARN) of the role you created.
  3. Create a folder named templates.
  4. Within the templates folder, create a file named slack.j2. The slack.j2 file is a Jinja template that c7n-mailer will use for formatting your Slack message.
  5. Run the following command locally against the account where Kion is installed:
    c7n-mailer --config mailer.yml --update-lambda -t ./templates/

In Slack:

In Kion:

For each compliance check that you want to send notifications to Slack:

  1. Navigate to Compliance > All Compliance Checks.
  2. Click the name of the compliance check.
  3. Under Compliance Check Details, click View Policy.
  4. Add the following action to the policy. For the queue, enter the URL of your SQS queue. For the region, enter the region the account is in.
    actions:
          - type: notify
            body: |
              {
                “url”: “{{CT::CallbackURL}}“,
                “method”: “POST”,
                “compliance_check_id”: {{CT::CheckId}},
                “findings”: “resources[].{resource_name: GroupId, resource_type: `security_group`}”
              }
            to:
              - custodian
            transport:
              type: sqs
              queue: sqs_queue_URL
              region: your_region