Send slack notification if aws-nuke fails

[kierdavis]

Order of operations to land this (I think?):

• Review
• Create SSM parameter /sandbox-nuke/slack-webhook (not managed by terraform, but required by it)
• terraform apply in one account
• Check that an aws-nuke dry run won't remove any of the new resources (i.e. did I specify the filters correctly)
• Final review
• Merge
• terraform apply for realsies
• Confirm we get a slack message from the usual Friday run
• Once we're happy everything's working, disable success notifications to reduce noise.
• Clean up testing stuff (git repo, slack channel)

[alexlescionok]

Could we restrict the resources further if we know the pattern?

[WillGibson]

This looks nice.

I would be interested to know the reasoning for choosing the SNS + Lambda route over just using curl or similar to post the notification direct from success or failed steps in the pipeline.

[alexlescionok]

This looks nice.

I would be interested to know the reasoning for choosing the SNS + Lambda route over just using curl or similar to post the notification direct from success or failed steps in the pipeline.

We started this a little while back, so I can't remember if there was further reasoning behind this - we wanted to decouple the failure handling logic away from the CodeBuild project's buildspec.yaml code, and the SNS + Lambda option presented a native solution that was low cost, decoupled, and could be extended and tested easily without additional CodeBuild changes.

[kierdavis]

To be honest I'm not the biggest fan of the amount of moving parts in the current SNS+Lambda solution. curl from buildspec.yaml is elegant, I'll give that a try.