Add instructions for setting up Slack notifications

Author: clareliguori

ci_tools/slack_notifications.js

@@ -4,6 +4,42 @@ const AWS = require('aws-sdk');
 const url = require('url');
 const https = require('https');
 
+/*
+This code is intended to be used in an AWS Lambda function triggered by an Amazon CloudWatch Event rule with CodeBuild as source. This was written for demo purposes, and is probably not production ready.
+
+Follow these steps to configure the webhook in Slack:
+
+    Navigate to https://.slack.com/services/new
+    Search for and select "Incoming WebHooks".
+    Choose the default channel where messages will be sent and click "Add Incoming WebHooks Integration".
+    Copy the webhook URL from the setup instructions and use it in the next section.
+
+To encrypt your secrets use the following steps:
+
+    Create or use an existing KMS Key - http://docs.aws.amazon.com/kms/latest/developerguide/create-keys.html
+    Click the "Enable Encryption Helpers" checkbox
+    Paste <SLACK_HOOK_URL> into the kmsEncryptedHookUrl environment variable and click encrypt Note: You must exclude the protocol from the URL (e.g. "hooks.slack.com/services/abc123").
+    Give your function's role permission for the kms:Decrypt action.
+
+Example:
+
+{
+    "Version": "2012-10-17",
+    "Statement": [
+        {
+            "Sid": "Stmt1443036478000",
+            "Effect": "Allow",
+            "Action": [
+                "kms:Decrypt"
+            ],
+            "Resource": [
+                "<your KMS key ARN>"
+            ]
+        }
+    ]
+}
+*/
+
 // The base-64 encoded, encrypted key (CiphertextBlob) stored in the kmsEncryptedHookUrl environment variable
 const kmsEncryptedHookUrl = process.env.kmsEncryptedHookUrl;
 // The Slack channel to send a message to stored in the slackChannel environment variable