Summary
AWS Support App in Slack is a new AWS feature that allows users to manage AWS support case in Slack. This is pretty useful for teams that are heavily on Slack.
Here are a quick summary of what I have found so far:
- User can create/search/resolve cases with AWS support app (Type
/awssupport helpin the integrated channel for details). - Users that are in the integrated channel inherit the IAM permissions that the AWS support app has, so the integrate channel should be a private channel for security concerns.
- Notifications will be sent to Slack whenever there is an update on the case (this is configurable).
- A new private channel (naming convention
awscase-<case_id>)will be automatically created if user choosesLive Chatsupport type. AWS agent will join the private channel whenever they are available. As in other Slack channels, user can invite other Slack users into this private channel. - AWS support agent does not use native Slack client, so many Slack features are not supported (e.g thread, reaction emoji, edited message…) when chatting with them.
- The cases that are created in AWS support app are also visible in AWS console
- Cloudformation supports adding channel and configuring account name.
- My recommendation is that each team should only have one private channel where holds the AWS support app for ALL their AWS accounts. e.g ABC team can create support cases for all of our accounts inside the private channel abc_aws_cases channel. For XYZ team, they can manage all their AWS cases in xyz_aws_cases private channel.
How To
There are 3 steps to configure AWS support app in Slack:
Step 1: Onboard account to Slack workspace
Onboarding an AWS account to Slack workspace grants the associated Slack permissions to the app (for this specific AWS account) to perform certain actions. There are two ways to onboard an account:
- Use the Authorize Workspace button in AWS console (AWS Support > Support App in Slack > Slack Configuration > Workspaces). This requires the user has both permissions in AWS and Slack to complete it.
2. Raise a AWS support case to onboard more accounts in the following format:
The account IDs that you already added: a,b,c
The account IDs that you want to add: x,y,z
The Slack workspace IDs to add for these accounts: TXXXXXXXX
Step 2: Name the AWS account
Naming an AWS account (AWS Support > Support App in Slack > Slack Configuration > Account name) is optional, but it is highly recommended in multiple accounts environments. As it makes your life easier when you raise a case from the Slack app (/awssupport create-case).
Step 3: Add support Slack channel
Adding Slack channel is where you integrate the app (for this specific AWS account) with Slack.
Warning: Users in the integrated channel automatically inherit the IAM permissions that the AWS support app has, so for security concerns the integrated channel should always be a private channel.
Before adding a Slack channel, a IAM role needs to be created for the app.
- Use AWS managed Policy: arn:aws:iam::aws:policy/AWSSupportAppFullAccess
- Trust AWS Support App service (supportapp.amazonaws.com)
After the role has been created, you can start to add the channel.
Last but not least, add AWS Support app into the above channel.
Now you can start to enjoy the app.
Type /awssupport help, and you will see the help info.
Type /awssupport create-case, and fill the information to create a support case (same experience as doing it in the AWS console).
If choose Live Chat in Slack support type, a new private channel will be automatically created, and the requestor will be added into the channel.
Jackie Chen's IT Workshop 