{"id":13623320,"url":"https://github.com/phzietsman/aws-slack-clickoops-watcher","last_synced_at":"2025-04-15T14:32:42.792Z","repository":{"id":47638327,"uuid":"384417366","full_name":"phzietsman/aws-slack-clickoops-watcher","owner":"phzietsman","description":"Get alerts when people are using the AWS console to modify create or modify resources.","archived":true,"fork":false,"pushed_at":"2022-03-12T13:47:09.000Z","size":38,"stargazers_count":88,"open_issues_count":2,"forks_count":7,"subscribers_count":4,"default_branch":"main","last_synced_at":"2024-11-08T11:52:26.367Z","etag":null,"topics":["aws","clickops","devops","terraform"],"latest_commit_sha":null,"homepage":"","language":"HCL","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/phzietsman.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2021-07-09T11:33:51.000Z","updated_at":"2024-11-07T12:52:32.000Z","dependencies_parsed_at":"2022-09-23T14:49:58.052Z","dependency_job_id":null,"html_url":"https://github.com/phzietsman/aws-slack-clickoops-watcher","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phzietsman%2Faws-slack-clickoops-watcher","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phzietsman%2Faws-slack-clickoops-watcher/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phzietsman%2Faws-slack-clickoops-watcher/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/phzietsman%2Faws-slack-clickoops-watcher/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/phzietsman","download_url":"https://codeload.github.com/phzietsman/aws-slack-clickoops-watcher/tar.gz/refs/heads/main","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249089023,"owners_count":21210903,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["aws","clickops","devops","terraform"],"created_at":"2024-08-01T21:01:30.331Z","updated_at":"2025-04-15T14:32:42.530Z","avatar_url":"https://github.com/phzietsman.png","language":"HCL","funding_links":[],"categories":["HCL"],"sub_categories":[],"readme":"**NOTE** Standalone terraform module [here](https://github.com/cloudandthings/terraform-aws-clickops-notifier)\n\n# AWS ClickOops watcher for Slack\nThis deployment allows you to monitor your AWS accounts for changes being made in the console.\n\n## Prerequisites\n1. The solution has been built to be used in an AWS multi-account environment provisioned using [AWS Control Tower](https://aws.amazon.com/controltower). In Control Tower all CloudTrail logs are shipped to a central Log Archive account which simplifies the processing of these logs.\n\n2. Additionally you will need a [Slack app](https://api.slack.com/apps)  with an incoming webhook configured.\n\n## Post deployment\nAfter deploying the solution you will need to set the SSM parameter containing the Slack Webhook URL manually. This is not set in code for security reasons.\n\n## Terraform\n### Requirements\n\n| Name | Version |\n|------|---------|\n| aws | 3.49.0 |\n\n### Providers\n\n| Name | Version |\n|------|---------|\n| archive | n/a |\n| aws | 3.49.0 |\n| aws.reference | 3.49.0 |\n| null | n/a |\n\n### Inputs\n\n| Name | Description | Type | Default | Required |\n|------|-------------|------|---------|:--------:|\n| application\\_name | Used in naming conventions, expecting an object | \u003cpre\u003eobject({\u003cbr\u003e    short = string\u003cbr\u003e    long  = string\u003cbr\u003e  })\u003c/pre\u003e | n/a | yes |\n| aws\\_account\\_id | Needed for Guards to ensure code is being deployed to the correct account | `string` | n/a | yes |\n| client\\_name | Used in naming conventions, expecting an object | \u003cpre\u003eobject({\u003cbr\u003e    short = string\u003cbr\u003e    long  = string\u003cbr\u003e  })\u003c/pre\u003e | n/a | yes |\n| cloudtrail\\_bucket | Bucket containing the Cloudtrail logs that you want to process. | \u003cpre\u003eobject({\u003cbr\u003e    name   = string\u003cbr\u003e    arn    = string\u003cbr\u003e  })\u003c/pre\u003e | n/a | yes |\n| code\\_repo | Points to the source code used to deploy the resources {{repo}} [{{branch}}] | `string` | n/a | yes |\n| environment | Will this deploy a development (dev) or production (prod) environment | `string` | n/a | yes |\n| event\\_processing\\_timeout | Maximum number of seconds the lambda is allowed to run and number of seconds events should be hidden in SQS after being picked up my Lambda. | `number` | `60` | no |\n| excluded\\_accounts | List of accounts that be excluded for scans on manual actions. | `list(string)` | `[]` | no |\n| included\\_accounts | List of accounts that be scanned to manual actions. | `list(string)` | `[]` | no |\n| log\\_retention\\_in\\_days | Number of days to keep CloudWatch logs | `number` | `30` | no |\n| namespace | Used to identify which part of the application these resources belong to (auth, infra, api, web, data) | `string` | n/a | yes |\n| nukeable | Can these resources be cleaned up. Will be ignored for prod environments | `bool` | n/a | yes |\n| owner | Used to find resources owners, expects an email address | `string` | n/a | yes |\n| purpose | Used for cost allocation purposes | `string` | n/a | yes |\n| region | The default region for the application / deployment | `string` | n/a | yes |\n| tags | Tags added to all resources, this will be added to the list of mandatory tags | `map(string)` | n/a | yes |\n\n### Sample terraform.tfvars\n\n```hcl\ncloudtrail_bucket = {\n  name          = \"aws-controltower-logs-XXX-eu-west-1\"\n  arn           = \"arn:aws:s3:::aws-controltower-logs-XXX-eu-west-1\"\n}\n\nregion           = \"eu-west-1\"\nenvironment      = \"prd\"\ncode_repo        = \"github.com:phzietsman/aws-slack-clickoops-watcher\"\nnamespace        = \"sec\"\napplication_name = { short : \"clkop\", long : \"clickoops\" }\nnukeable         = false\nclient_name      = { short : \"cat\", long : \"cloudandthings\" }\npurpose          = \"self\"\nowner            = \"paul@cloudandthings.io\"\naws_account_id   = \"xxx\"\ntags = {\n  \"description\" : \"Part of the solution to check whether we are using the AWS Console to manage our resourcese.\"\n}\n```\n## Credits\nhttps://arkadiyt.com/2019/11/12/detecting-manual-aws-console-actions/\n\nhttps://towardsdatascience.com/protect-your-infrastructure-with-real-time-notifications-of-aws-console-user-changes-3144fd18c680\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphzietsman%2Faws-slack-clickoops-watcher","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fphzietsman%2Faws-slack-clickoops-watcher","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fphzietsman%2Faws-slack-clickoops-watcher/lists"}