Skip to content

BM-1950: Update log lambda to query alarm tags for debugging via chatbot #1338

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 9 commits into from
Nov 21, 2025
Merged

BM-1950: Update log lambda to query alarm tags for debugging via chatbot #1338

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
9e178ce
Add more tags to prover-cluster alarms
ncocchiaro Nov 18, 2025
a3ad3b5
Update the log lambda to look for alarm tags
ncocchiaro Nov 18, 2025
5505e1b
Merge branch 'main' into ncocchiaro/chatbot-lambda-from-tags
ncocchiaro Nov 18, 2025
0b12dee
Add the IAM portions to the lambda
ncocchiaro Nov 19, 2025
26e7875
Refactor loq queries for provers
ncocchiaro Nov 20, 2025
939156f
Merge branch 'main' into ncocchiaro/chatbot-lambda-from-tags
ncocchiaro Nov 20, 2025
3eb768f
Import account numbers
ncocchiaro Nov 21, 2025
d9f95c3
Merge branch 'main' into ncocchiaro/chatbot-lambda-from-tags
ncocchiaro Nov 21, 2025
3f90d9d
Merge branch 'main' into ncocchiaro/chatbot-lambda-from-tags
ncocchiaro Nov 21, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
33 changes: 33 additions & 0 deletions infra/bootstrap/index.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@ import * as vpc from './lib/vpc';
import { getEnvVar } from '../util';

const OPS_ACCOUNT_PIPELINE_ROLE_ARN = "arn:aws:iam::968153779208:role/pipeline-role-3b97f1a";
const OPS_ACCOUNT_LOG_LAMBDA_ROLE_ARN = "arn:aws:iam::968153779208:role/chatbot-log-fetcher-role-4d93cb1"

const stackName = pulumi.getStack();
const isDev = stackName.includes("dev");
Expand Down Expand Up @@ -54,6 +55,38 @@ export = async () => {
}],
});

// Create a role that the log fetcher Lambda can assume to list tags on Cloudwatch alarms in the current account
const alarmTagsRole = new aws.iam.Role(`${prefix}alarmListTagsRole`, {
name: `${prefix}alarmListTagsRole`,
assumeRolePolicy: pulumi.jsonStringify({
Version: "2012-10-17",
Statement: [
{
Action: "sts:AssumeRole",
Principal: {
AWS: OPS_ACCOUNT_LOG_LAMBDA_ROLE_ARN
},
Effect: "Allow",
Sid: ""
}
]
}),
inlinePolicies: [
{
name: 'cloudwatchAlarmListTagsPolicy',
policy: pulumi.jsonStringify({
Version: "2012-10-17",
Statement: [{
Sid: "AllowListTagsAnyAlarm",
Effect: "Allow",
Action: "cloudwatch:ListTagsForResource",
Resource: pulumi.interpolate`arn:aws:cloudwatch:us-west-2:${aws.getCallerIdentityOutput().accountId}:alarm:*`
}],
}),
}
]
});

return {
DEPLOYMENT_ROLE_ARN: deploymentRole.arn,
VPC_ID: services_vpc.vpcx.vpcId,
Expand Down
18 changes: 18 additions & 0 deletions infra/pipelines/components/notifications.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
import * as aws from '@pulumi/aws';
import * as pulumi from '@pulumi/pulumi';
import { BOUNDLESS_PROD_ACCOUNT_ID, BOUNDLESS_STAGING_ACCOUNT_ID } from "../accountConstants";

export class Notifications extends pulumi.ComponentResource {
// Mainnet Beta
Expand Down Expand Up @@ -383,6 +384,23 @@ export class Notifications extends pulumi.ComponentResource {
managedPolicyArns: [
'arn:aws:iam::aws:policy/service-role/AWSLambdaBasicExecutionRole',
],
inlinePolicies: [
{
name: 'cloudwatchAlarmListTagsRolePolicy',
policy: pulumi.jsonStringify({
Version: "2012-10-17",
Statement: [{
Sid: "AllowAlarmListTagsAssumeRole",
Effect: 'Allow',
Action: 'sts:AssumeRole',
Resource: [
`arn:aws:iam::${BOUNDLESS_STAGING_ACCOUNT_ID}:role/alarmListTagsRole`,
`arn:aws:iam::${BOUNDLESS_PROD_ACCOUNT_ID}:role/alarmListTagsRole`
]
}]
})
}
]
});

const chatbotLogFetcher = new aws.lambda.Function("chatbot-debugger", {
Expand Down
Loading
Loading