Watch CloudTrail and send notifications of every action to an slack channel.
- Docker Support
- Support for a couple of extra exlusions:
- Setting the
IGNORE_ELB_SELF_REGISTRATIONSenv variable will ignore ELB registrations and deregistrations coming from servers (something that can be common with certain Kubernetes versions). - Setting the
IGNORE_ELASTICACHE_SNAPSHOTSenv variable will ignore create or copy snapshot commands. - Setting the
UTC_OFFSETenv variable (in minutes) will allow you to have non-utc timestamps in Slack for Event Time.
- Setting the
git clone https://github.com/robscott/cloudtrail-slack
cd cloudtrail-slack
npm install
Configure a daemon that runs the following command:
docker run --env \
webhook="https://hooks.slack.com/services/....." \
--env awsid="..." \
--env awskey="...." \
--env account="awsaccount" cloudtrail
The AWS IAM user you have will need to have cloudtrail:LookupEvents access.
If you have found a bug or if you have a feature request, please report them at this repository issues section. Please do not report security vulnerabilities on the public GitHub issue tracker. The Responsible Disclosure Program details the procedure for disclosing security issues.
Auth0 with some small modifications by Rob Scott.
This project is licensed under the MIT license. See the LICENSE file for more info.