AWS for SAP
Start/Stop SAP systems with Slack using AWS Chatbot
Spending hours and hours starting and stopping SAP systems for maintenance windows, profile parameter changes, and other required activities? AWS Professional Services’ SAP Start/Stop Automation automates the start and stop of your SAP Systems with less human intervention and increased reliability, consistency, and control.
Let’s assume there are hundreds of SAP systems spread across multiple accounts to start and stop. If we also include the EC2 instance restart, this planned maintenance activity becomes more time-consuming. To address this, AWS Professional Services’ SAP Start/Stop Automation solution identifies EC2 instances using tags and starts/stops the SAP components installed (ASCS, SCS, ERS, APP, DB, DAA) in a sequenced manner including the underlying EC2 instances. This automation can also be enhanced easily for OS patching, AWS CLI updates, SAP kernel updates, and any maintenance that requires an interruption of SAP service.
To make this more convenient for SAP Basis administrators, we have now integrated this automation with Slack using AWS Chatbot. With this new feature, SAP Basis administrators can stop/start SAP applications from Slack. In this blog, we are going to walk you through the configuration steps to set up AWS Chatbot in a Slack channel and show how to start/stop SAP applications using the bot.
Architecture
The solution described here uses AWS Chatbot, AWS Lambda, AWS Systems Manager, Amazon CloudWatch, and Slack incoming webhooks. To perform the operations, administrative users do not need to access AWS Console or login to the operating system level. They can connect to their Slack channel and simply type commands to execute. Administrators will invoke a Lambda function from the Slack channel. This function will trigger a Systems Manager document that executes the tasks and returns the execution results to Amazon CloudWatch Log Groups. As soon as these log groups are updated with new results, the Lambda function is triggered which relays these results back to the Slack channel.
As more and more features are added in AWS Chatbot, this architecture can be easily redesigned and adapted to include those new functionalities.
The sequence of steps performed
- The user sends a message to AWS Chatbot app on the Slack channel to invoke a Lambda function.
- AWS Chatbot app on the Slack channel relays this request to AWS Chatbot in the respective AWS Account.
- AWS Chatbot invokes the Lambda function.
- Lambda function triggers Systems Manager document.
- Based on the inputs provided, the Systems Manager document performs the required operation on the set of SAP systems.
- The results of this operation are written in the AWS CloudWatch Log Group.
- As soon as AWS CloudWatch Log Groups are updated, another Lambda function is triggered.
- Lambda function relays the results to the Slack channel.
- The user reads the latest execution status on the Slack channel.
Prerequisites
Before deploying this solution, make sure you have –
- SSM document for start/stop SAP systems. You can refer this blog for more details.
- A slack channel dedicated to AWS Chatbot. This channel will be used to send AWS API commands to your Enterprise account hosting SAP workloads. Please ensure that a Private channel is created with access to only the responsible individuals e.g. Systems Administrators, Cloud Operations Team, etc.
- Access to add Integrations to this Slack channel. In certain cases, your Workspace Administrator may have disabled certain apps. In such a situation, you will have to contact them and get the App authorized for use.
- Create an incoming webhook for your Slack channel. This webhook will be used by the Lambda function to report execution results back to the Slack channel.
- You must have access to these services: AWS Chatbot – to configure a chat client, AWS Lambda – to create a Lambda function, AWS Systems Manager – to create an automation document, and Amazon CloudWatch – to create and manage log groups.
- You must have IAM Roles ready, to assign to the 3 services mentioned in the previous step. When creating the IAM policies, make sure to grant only the permissions required to perform a specific task. You may refer to IAM security best practices for this.
Walkthrough
In this post, we will walk you through the configuration steps to setup AWS Chatbot in a Slack channel and show you how to invoke the Lambda function to start/stop the SAP system.
- Configure AWS Chatbot in a Slack channel
- Add an incoming webhook to the Slack channel
- Create a Lambda function to invoke the Systems Manager SAP Start/Stop automation document.
- Executing slack commands to invoke Lambda function
1. Configure AWS Chatbot in a Slack channel
In the AWS Chatbot console’s home page, choose Slack in the Chat client dropdown and choose Configure client.
The setup wizard redirects you to the Slack OAuth 2.0 page. Select the Slack workspace to configure and choose “Allow”.
Slack redirects you from here to the Configure Slack Channel page. Select the channel in which you want to run commands. You can either select a public channel from the dropdown list or paste the URL or ID of a private channel.
For private Slack channels, find the URL of the channel by opening the context (right-click) menu on the channel name in the left sidebar in Slack, and choosing the Copy link
After you choose the Slack channel, under Permissions, choose to Create an IAM role using a template. Enter a role name in the Role name textbox. In the Policy templates dropdown, choose Read-only command permissions, Lambda-invoke command permissions, and AWS Support command permissions. AWS Chatbot will create an IAM role that it will assume to run commands from the selected Slack channel. You can see the permissions granted to AWS Chatbot or modify them in the IAM console. Learn more about permissions in AWS Chatbot documentation.
After you choose Configure, the configuration completes.
2. Add an incoming webhook to the Slack channel
Before adding incoming webhook to Slack channel, invite AWS Chatbot to slack channel by typing/invite @aws
.
Type@aws help
to get help on using AWS Chatbot.
Now go to thehttps://<yourslackworkspaceurl>/home
and Add Applications in the Recently Added Applications section
Search for Incoming Webhooks → Select Incoming Webhooks and Add to Slack
Select your channel name from the dropdown and Add Incoming Webhooks integration. You will now see the Webhook URL. You need this URL, which is used by Lambda or Systems Manager documents to send a response back to the Slack channel
3. Create a Lambda function to invoke Systems Manager automation document
Input parameters to start/stop SSM document needs to be created as environmental variables for Lambda and pass these values while invoking Lambda function through slack. Create Lambda function with python as runtime handler as below:
import boto3
import urllib
ssm = boto3.client('ssm')
def Lambda_handler(event, context):
http = urllib3.PoolManager()
ssm_document_name = 'start-stop-ssm-document'
response = ssm.start_automation_execution(
DocumentName=''start-stop-ssm-document',
DocumentVersion='$DEFAULT',
Parameters={
"Operation": [event['L_Operation']],
"SID" : [event['L_sid']],
"SIDTagKey": ["sid"],
"RoleTagKey": ["Role"]
}
)
Optionally you can add triggers to the Lambda function as shown below so that the status of start/stop is sent back to the Slack channel.
4. Executing slack commands to invoke Lambda function
In the Slack channel, users can execute AWS API commands by directing a message to the AWS bot. As an example to invoke a Lambda function, we will run a command as below:
@aws Lambda invoke —function-name MyLambdaFunction —invocation-type Event —payload "[JSON string here]"
In the screenshot below, we are invoking Lambda function sap-start-stop with Start operation for SAP System with SID AK1. You can also see the response once SAP is started successfully.
In the screenshot below, we are invoking Lambda function sap-start-stop in with Stop operation for SAP System with SID AK1. You can also see the response once SAP is stopped successfully.
Conclusion
Running AWS commands from Slack using AWS Chatbot expands the toolkit your team uses to respond to operational events and interact with AWS.
In this post, we walked you through the configuration steps to set up AWS Chatbot in a Slack channel and show how to start/stop SAP applications using the bot.
AWS users can use a similar approach to integrate SSM documents, Lambda functions all with Slack using AWS Chatbot. If you are looking for expert guidance and project support for this integration or another SAP project, the AWS Professional Services Global SAP Specialty Practice helps SAP customers realize their desired business outcomes on AWS. If you’d like to learn more, please contact us here.