Monitoring resource configurations in a dynamic cloud environment is important, especially in production. One essential aspect of managing AWS resources, such as Amazon EC2 instances, is tracking tag modifications. Tags are not just labels but vital in organizing resources, enabling billing allocation, and enforcing compliance policies. Any unintentional tag modification can disrupt operations or mislead resource management, making timely alerts vital.
This article will guide you through setting up automated Slack notifications to alert your team whenever a tag modification occurs on production EC2 instances. Using a combination of Amazon EventBridge, AWS Lambda, and Slack API, you can create a real-time notification system that will instantly notify your team of changes, allowing immediate review and action. This notification will ensure the production environments stay organized, secure, and aligned with your tagging standards.
Steps to Set up Slack Notifications for Tag Modifications
Step 1: In the AWS Management Console, create a new function in AWS Lambda.
-
Choose “Author from Scratch“
-
Function Name: ” slack-notification-for-EC2-tag-modifications“
- Runtime: “Python 3.12“
Step 2: In the Code Source section, paste the code below and click Deploy.
import json
import urllib.request
SLACK_WEBHOOK_URL = "YOUR_WEBHOOK_URL"
def lambda_handler(event, context):
event_name = event['detail']['eventName']
resources_set = event['detail']['requestParameters'].get('resourcesSet', {}).get('items', [])
tag_set = event['detail']['requestParameters'].get('tagSet', {}).get('items', [])
instance_id = resources_set[0]['resourceId']
user_identity = event['detail']['userIdentity']['userName']
block_message = [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": f"*EC2 Instance Tag modified by {user_identity}*"
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": f"*Instance ID:* `{instance_id}`"
}
},
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*Tag changes:*"
}
}
]
actions = []
if tag_set:
for tag in tag_set:
key = tag.get('key', '')
value = tag.get('value', '')
tag_action = "added" if event_name == 'CreateTags' else "removed"
# action = f"Tag {key} {tag_action} with value {value}"
# actions.append(action)
tag_block_action={
"type": "section",
"text": {
"type": "mrkdwn",
"text": f"Tag `{key}` {tag_action} with value `{value}`"
}
}
block_message.append(tag_block_action)
# Send message to Slack
send_to_slack(blocks=block_message)
def send_to_slack(blocks):
payload = {
'blocks': blocks # Use blocks for formatted messages
}
data = json.dumps(payload).encode('utf-8')
# Make the HTTP request using urllib
req = urllib.request.Request(SLACK_WEBHOOK_URL, data=data, method='POST')
try:
with urllib.request.urlopen(req) as response:
response_data = response.read().decode('utf-8')
if response_data != 'ok':
print(f"Failed to send message to Slack: {response_data}")
except Exception as e:
print(f"Error sending message to Slack: {str(e)}")
This Lambda function monitors tag modifications on EC2 instances and sends notifications to a specific Slack channel. When triggered by an event, it retrieves details such as the creation or deletion of the following; the instance ID, the tags, and the username of the person who modified it. It then structures the data into a Slack message block format, specifying each tag modification (key-value pair and action). Finally, it sends the message to a defined Slack channel via a webhook URL, enabling near real-time tracking of tag changes on EC2 instances in Slack.
Step 3: Go to Amazon EventBridge, under Buses, choose Rules, then click “Create rule“.
- Provide a Name and Description, then click Next.
Step 4: Under Event Pattern :
- AWS Service: “EC2“
- Event type: “AWS API Call via CloudTrail“
- Click Edit pattern and input the JSON as follows:
{
"source": ["aws.ec2"],
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["ec2.amazonaws.com"],
"eventName": ["CreateTags", "DeleteTags"],
"errorCode": [{
"exists": false
}],
"requestParameters": {
"resourcesSet": {
"items": {
"resourceId": [{
"prefix": "i-"
}]
}
}
}
}
}
Step 5: After the input for JSON, click “Next”.Â
- Under Step 3, select a target “Lambda Function “
- For function, target your previously created Lambda function
Step 6: Review your rule settings and create it
Step 7: Go back to your Lambda function and navigate to Configurations.
- Under Triggers, choose “Add triggers”
- Under General Configurations, set the timeout to “5 minutes” then click “Save“.
Testing the Slack Notifications
- In Instances, modify the Name or Manage tags
- A Slack notification should be sent after a few moments.
Final Remarks
We have successfully implemented Slack notifications for EC2 tag changes—a simple yet powerful way to monitor updates in your AWS environment. By adding Amazon EventBridge triggers to the AWS Lambda function, this notification ensures that anytime a tag on an EC2 instance is changed, a notification is sent to your team’s Slack channel that will give everyone a quick heads-up. This is especially helpful in production environments where tracking changes to your resources is important for maintaining organization and staying aligned with tagging policies.
With these notifications, you’ll know right away if something changes and who made the change, allowing you to catch and correct any unintended updates. This setup keeps your team informed in real-time, making it easier to ensure smooth operations and giving everyone visibility over important changes.
Get any AWS Specialty Mock Test for FREE when you Buy 2 AWS Pro-Level Practice Tests – as LOW as $10.49 USD each ONLY!
Learn AWS with our PlayCloud Hands-On Labs
Tutorials Dojo Exam Study Guide eBooks
FREE AWS Exam Readiness Digital Courses
Subscribe to our YouTube Channel
FREE AWS, Azure, GCP Practice Test Samplers
Follow Us On Linkedin
Written by: Irene Bonso
