Skip to content

Slack

The serverless CA can be configured to deliver notifications to Slack.

Certificate Issued

Slack notifications are sent by a Lambda function included as part of the Serverless CA module, with the Slack app OAuth token stored as an AWS Secret.

To enable Slack notifications, you need to:

  1. create Slack app
  2. provide list of Slack channels to send notifications to
  3. enter the Slack OAuth token value, either via CI/CD or manually using the console

Each step is detailed below.

1. Create Slack app

Create Slack app

  • press Create new app
  • choose From scratch
  • name App Serverless CA
  • choose Slack Workspace for your organisation

Slack app name and workspace

  • press Create App
  • from Features, select OAuth & Permissions
  • scroll down to Scopes

Slack OAuth initial scopes

  • under Bot Token Scopes, click "Add an OAuth Scope" to add chat:write chat:write.customize chat:write.public

Slack OAuth scopes

  • scroll up to the top of OAuth & Permissions

Install to workspace

  • press Install to workspace

Approve app install

  • press Allow
  • a Bot User OAuth token will now be generated

Slack OAuth Token

  • record the token value which you'll need later
  • at Basic Information, scroll down to Display Information
  • at description, add Private cloud Certificate Authority
  • add the Serverless CA Slack App Icon from this repository
  • for background color enter #2c2d30

Slack app display information

  • save changes

2. Slack channels

Enter the names of Slack channels you want to send notifications to, e.g.

slack_channels = ["ca-notifications"]
  • apply Terraform
  • the Notify Lambda function and AWS Secret for Slack will be created

3. Slack OAuth token

The Slack app OAuth token is stored as an AWS Secret. There are two options for adding the token value to the secret:

  • manual using AWS console (default)
  • uploaded via CI/CD

3.1. Manual using AWS console

  • open the AWS console for the Serverless CA account
  • In AWS Secrets Manager, select the Serverless CA Slack OAuth Secret
  • overwrite the dummy-value Secret value
  • press Save

3.2. Upload via CI/CD

  • create a CI/CD secret, e.g. a GitHub Actions Secret SLACK_TOKEN
  • add the token value to the GitHub Actions secret
  • pass through to the Terraform module using the slack_token variable

See RSA Public CRL example