Build a Secure AWS AI Assistant with Amazon Bedrock and Slack

Imagine streamlining complex AWS tasks, getting instant resource information, or even triggering automated actions, all through simple chat commands in Slack. This guide details how to construct a powerful and secure AI assistant for your AWS environment by integrating Amazon Bedrock Agents with Slack. This integration brings your AWS management capabilities directly into your team’s primary communication hub.

While the idea of creating an AI assistant that interacts with your cloud infrastructure is exciting, security must be the foundation of such a project. This isn’t just about adding features; it’s about building a responsible tool. Throughout this process, we emphasize secure implementation, including precisely scoped IAM permissions, secure API endpoints, robust authentication, and adherence to the principle of least privilege. The goal is to create an assistant that is both powerful and trustworthy.

This walkthrough uses describing EC2 instances as a practical example, but the potential applications are vast, ranging from enhanced monitoring and incident response to automated cost optimization checks, all while maintaining a strong security posture.

Let’s begin building a custom, secure AWS AI assistant powered by Amazon Bedrock and accessible via Slack.

Prerequisites

Before embarking on this integration, ensure the following prerequisites are met:

AWS Prerequisites

• An active AWS account with sufficient permissions.
• Access granted to the Amazon Bedrock service (confirm regional availability).
• IAM permissions necessary to create and manage:
  • AWS Lambda functions
  • Amazon API Gateway resources
  • Amazon Bedrock Agents
  • IAM roles and policies

Slack Prerequisites

• A Slack workspace where app creation is permitted.
• Administrative or equivalent permissions to add applications to the workspace.
• The ability to create or designate channels for the bot’s interactions.

Development Tools

• A foundational understanding of core AWS services.
• Familiarity with JSON data format and REST APIs.
• Access to a code editor suitable for Lambda function development (Python).
• Basic proficiency in Python for writing Lambda function code.

Understanding Amazon Bedrock Agent

Amazon Bedrock Agent serves as the core intelligence engine for the AI assistant. It’s a fully managed AWS service enabling the creation of sophisticated AI assistants powered by various foundation models (FMs). These agents can connect to internal systems and data sources, allowing them to perform actions based on user requests.

Key components include:

1. Foundation Models: The underlying AI models driving the agent’s understanding and generation (e.g., Claude, Llama).
2. Knowledge Bases: Optional connections to data sources (like documents in S3) for the agent to reference when answering questions.
3. Action Groups: Definitions of specific tasks or API calls the agent is authorized to perform.
4. API Schema: An OpenAPI specification defining the structure and parameters for the APIs the agent can call via its Action Groups.
5. Security Controls: Primarily IAM permissions that strictly govern the agent’s capabilities and resource access.

For this guide, the agent will be configured with an action group to perform basic AWS operations, starting with describing EC2 instance status. This foundational example can be readily adapted for more complex requirements.

Architecture Overview

The integration architecture comprises several key AWS and Slack components working in concert:

1. Slack App: The user interface within Slack. Users interact by sending messages (direct messages or mentions) to the bot.
2. Amazon API Gateway: A secure HTTP API endpoint acting as the front door for requests originating from Slack (specifically, Slack Event Subscriptions). It validates incoming requests and triggers the appropriate backend processing.
3. AWS Lambda (Slack Handler): A function (SlackHandlerLambda) that processes incoming webhook events from API Gateway. It verifies the request’s authenticity (Slack signature), extracts the user’s message, invokes the Bedrock Agent, and sends the agent’s response back to Slack via the Slack API.
4. Amazon Bedrock Agent: Processes the user’s request received from the Slack Handler Lambda. It uses its configured foundation model and instructions to understand intent and determines if an action (defined in an Action Group) is needed.
5. AWS Lambda (EC2 Operations): A function (EC2OperationsLambda) triggered by the Bedrock Agent via its Action Group. This function executes the actual AWS API calls (e.g., describing EC2 instances) based on the agent’s request and returns the results back to the agent.

From a security standpoint, this architecture incorporates:

• API Gateway Security: Validates requests using Slack’s signing secret. Can be further enhanced with WAF, throttling, and request validation.
• IAM Role-Based Access Control: Each Lambda function operates under an IAM role with strictly defined, minimal permissions (least privilege).
• Secure Communication: All data transfer between components utilizes HTTPS.
• Input Validation: The Slack Handler Lambda validates incoming Slack requests before invoking the Bedrock Agent.
• Scoped Execution: The EC2 Operations Lambda only possesses permissions for the specific AWS actions it needs to perform (e.g., ec2:DescribeInstances).

With the architecture understood, let’s proceed to build each component, starting with the Amazon Bedrock Agent.

Creating Your Amazon Bedrock Agent

Follow these steps to create the agent within the Amazon Bedrock console:

1. Navigate to the Amazon Bedrock service in the AWS Management Console.
2. Select “Agents” from the left-hand navigation menu.
3. Click the “Create agent” button.
4. Provide a descriptive name (e.g., “AWS-Slack-Assistant”).
5. Choose a suitable foundation model (Anthropic’s Claude models are often a good choice for instruction-following tasks).
6. Configure basic agent settings as prompted and proceed.
7. Crucially, add clear instructions for the Agent. Without instructions, the agent preparation will fail.

Here is an example set of instructions tailored for this use case:

You are an AWS AI Assistant designed to help users manage their AWS environment through Slack.
Your primary functions include:
1. Providing information about AWS resources like EC2 instances, based on configured actions.
2. Performing basic, authorized operations if configured (e.g., restarting EC2 instances - requires additional setup).
3. Responding to requests about AWS resource status and monitoring data if available.

You must be helpful, concise, and prioritize security. Always clarify if a request is ambiguous. If asked to perform an action that modifies resources, confirm understanding before proceeding (if action involves modification). If you cannot fulfill a request due to lack of configured actions or permissions, state that clearly.

Maintain a professional yet approachable tone. Use standard AWS terminology but explain concepts simply when necessary. You can only interact with AWS services defined in your action groups.

These instructions define the agent’s persona, purpose, and operational boundaries.

Creating Action Groups

Action Groups define the specific capabilities of the agent. Let’s create one for EC2 operations:

1. Within the Agent Builder interface, select “Action groups”.
2. Click “Add action group”.
3. Name the action group (e.g., “EC2DescribeOperations”).
4. Define the API schema using the OpenAPI format. This schema tells the agent how to structure requests to the backend Lambda function. Here’s an example for listing EC2 instances:

openapi: "3.0.1"
info:
  title: "EC2 Instance Information API"
  version: "1.0.0"
paths:
  /instances:
    summary: "Operations to list EC2 instances"
    get:
      operationId: listInstances
      summary: "List EC2 instances in a specified region"
      description: "Describe EC2 instances based on region"
      parameters:
        - in: query
          name: region
          required: true
          schema:
            type: string
          description: "The AWS region to query (e.g., us-east-1)"
      responses:
        '200':
          description: "Successful retrieval of instance information"
          content:
            application/json:
              schema:
                type: object
                properties:
                  Instances:
                    type: array
                    items:
                      type: object
                      properties:
                        InstanceId:
                          type: string
                        InstanceType:
                          type: string
                        State:
                          type: string
                        LaunchTime:
                          type: string
                          format: date-time
                        PublicIpAddress:
                          type: string
                        PrivateIpAddress:
                          type: string
                  Count:
                    type: integer
                    description: "Number of instances returned"
                  Region:
                    type: string

This schema defines a GET request to /instances requiring a region query parameter. It specifies the expected successful response structure.

Lambda Functions Implementation

Two AWS Lambda functions are required: one to handle the actual AWS API calls requested by the agent, and another to manage communication with Slack.

Creating the EC2 Operations Lambda

This function executes the AWS tasks requested by the Bedrock Agent.

1. Navigate to the AWS Lambda console.
2. Click “Create function”.
3. Choose “Author from scratch”.
4. Name the function (e.g., “EC2OperationsLambda”).
5. Select Python 3.9 (or a later compatible version) as the runtime.
6. Choose to create a new execution role with basic Lambda permissions (you’ll modify this later).
7. Click “Create function”.

Replace the default code with the following Python script:

import json
import boto3
import os
import traceback
import datetime

def lambda_handler(event, context):
    print(f"Received event: {json.dumps(event)}")

    # Extract required fields from the Bedrock Agent event
    agent = event.get('agent', {})
    actionGroup = event.get('actionGroup', '')
    apiPath = event.get('apiPath', '')
    httpMethod = event.get('httpMethod', '')
    parameters = event.get('parameters', [])
    requestBody = event.get('requestBody', {})
    messageVersion = event.get('messageVersion', '1.0') # Ensure messageVersion is handled

    # Convert list of parameter dicts to a simple dict
    parameters_dict = {param['name']: param['value'] for param in parameters if isinstance(param, dict)}

    print(f"API Path: {apiPath}")
    print(f"Parameters (processed): {json.dumps(parameters_dict)}")

    response_body_content = {}
    http_status_code = 200

    try:
        # Route requests based on API Path and HTTP Method
        if apiPath == '/instances' and httpMethod == 'GET':
            print("Calling describe_instances function")
            result = describe_instances(parameters_dict)
            print(f"describe_instances response: {json.dumps(result)}")
            response_body_content = result
        else:
            print(f"Unsupported API path or method: {httpMethod} {apiPath}")
            http_status_code = 400
            response_body_content = {
                'error': f'Unsupported path or method: {httpMethod} {apiPath}',
                '_source': 'lambda_error_unsupported_path',
                '_warning': 'DO NOT FABRICATE OR MODIFY THIS DATA'
            }

    except Exception as e:
        print(f"Error processing request: {str(e)}")
        print(traceback.format_exc())
        http_status_code = 500
        response_body_content = {
            'error': f'Internal server error: {str(e)}',
            '_source': 'lambda_error_exception',
            '_warning': 'DO NOT FABRICATE OR MODIFY THIS DATA'
        }

    # Format the response body for Bedrock Agent
    responseBody = {
        "application/json": {
            "body": json.dumps(response_body_content) # Body must be a JSON string
        }
    }

    # Construct the final action response
    action_response = {
        'actionGroup': actionGroup,
        'apiPath': apiPath,
        'httpMethod': httpMethod,
        'httpStatusCode': http_status_code,
        'responseBody': responseBody
    }

    # Final API response structure for Bedrock
    api_response = {
        'response': action_response,
        'messageVersion': messageVersion
    }

    print(f"Final Response to Bedrock: {json.dumps(api_response)}")
    return api_response

def describe_instances(parameters):
    # Extract region, provide default if missing
    region = parameters.get('region', 'us-east-1') # Default to us-east-1 if not provided
    if not region:
        raise ValueError("Region parameter is required.")

    print(f"Describing instances in region {region}")

    # Initialize EC2 client for the specified region
    ec2 = boto3.client('ec2', region_name=region)

    instances_details = []
    instance_count_processed = 0
    max_instances_to_return = 50 # Limit response size

    try:
        paginator = ec2.get_paginator('describe_instances')
        # Filter for non-terminated instances to get relevant data
        page_iterator = paginator.paginate(
            Filters=[{'Name': 'instance-state-name', 'Values': ['pending', 'running', 'shutting-down', 'stopping', 'stopped']}],
            PaginationConfig={'MaxItems': 200, 'PageSize': 50} # Adjust page size as needed
        )

        for page in page_iterator:
            print(f"Processing page with {len(page.get('Reservations', []))} reservations.")
            for reservation in page.get('Reservations', []):
                for instance in reservation.get('Instances', []):
                    if instance_count_processed >= max_instances_to_return:
                        break
                    instance_info = {
                        'InstanceId': instance.get('InstanceId'),
                        'InstanceType': instance.get('InstanceType'),
                        'State': instance.get('State', {}).get('Name', 'N/A'),
                        'LaunchTime': instance.get('LaunchTime').isoformat() if instance.get('LaunchTime') else None,
                        'PublicIpAddress': instance.get('PublicIpAddress', 'N/A'),
                        'PrivateIpAddress': instance.get('PrivateIpAddress', 'N/A')
                        # Add more fields as needed, matching the OpenAPI schema
                    }
                    instances_details.append(instance_info)
                    instance_count_processed += 1
                    print(f"Found instance {instance_count_processed}: {instance_info['InstanceId']}")

                if instance_count_processed >= max_instances_to_return:
                    print(f"Reached limit ({max_instances_to_return}) of instances to return.")
                    break
            if instance_count_processed >= max_instances_to_return:
                break

    except Exception as e:
        print(f"Error calling EC2 describe_instances API: {str(e)}")
        # Re-raise the exception to be caught by the main handler for proper error response formatting
        raise Exception(f"Failed to describe EC2 instances: {str(e)}")

    # Prepare the result structure matching the OpenAPI schema (or expected by agent)
    current_time = datetime.datetime.now(datetime.timezone.utc).isoformat()
    result = {
        'Instances': instances_details,
        'Count': len(instances_details),
        'Region': region,
        'DataTimestamp': current_time,
        '_source': 'lambda_ec2_describe_data', # Identifier for data source
        '_warning': 'DO NOT FABRICATE OR MODIFY THIS DATA' # Standard warning for Bedrock
    }

    print(f"Returning {len(instances_details)} instance details for region {region}.")
    return result

Explanation:

• The lambda_handler parses the event from Bedrock Agent, extracts parameters, and routes the request based on apiPath.
• The describe_instances function uses boto3 (the AWS SDK for Python) to call the EC2 describe_instances API for the requested region.
• It uses pagination (get_paginator) to handle potentially large numbers of instances efficiently.
• It filters for non-terminated instances for relevance.
• A limit (max_instances_to_return) is implemented to prevent excessively large responses.
• The response is formatted carefully to match the structure Bedrock Agent expects, including the required responseBody structure containing a JSON string.
• Robust error handling is included at both function levels.

Important Configuration: Increase the Lambda function’s timeout setting. The default of 3 seconds is often too short for API calls like describe_instances. A timeout of 30 seconds or more is recommended for this function.

Creating the Slack Handler Lambda

This function acts as the bridge between Slack and the Bedrock Agent.

1. Create another Lambda function (e.g., “SlackHandlerLambda”) using Python 3.9+.
2. Choose or create a basic execution role (permissions will be added later).

Replace the default code with the following:

import os
import json
import hmac
import hashlib
import boto3
import base64
import time
from datetime import datetime, timedelta, timezone
from botocore.exceptions import ClientError
import urllib.request
import urllib.parse

# Environment Variables - CRITICAL for function operation
BEDROCK_AGENT_ID = os.environ.get("BEDROCK_AGENT_ID")
BEDROCK_AGENT_ALIAS = os.environ.get("BEDROCK_AGENT_ALIAS") # Use the Alias ID (TSTALIASID), not the name
SLACK_BOT_TOKEN = os.environ.get("SLACK_BOT_TOKEN") # Starts with xoxb-
SLACK_SIGNING_SECRET = os.environ.get("SLACK_SIGNING_SECRET")
BEDROCK_REGION = os.environ.get("BEDROCK_REGION", "us-east-1") # Default if not set
ALLOWED_USER_IDS = os.environ.get("ALLOWED_USER_IDS") # Optional: comma-separated list

# Input Validation: Check critical environment variables on cold start
if not all([BEDROCK_AGENT_ID, BEDROCK_AGENT_ALIAS, SLACK_BOT_TOKEN, SLACK_SIGNING_SECRET, BEDROCK_REGION]):
    print("ERROR: Critical environment variables missing (Agent ID/Alias, Slack Token/Secret, Bedrock Region).")
    # Optionally raise an error to prevent execution, or handle gracefully later
    # raise ValueError("Missing critical environment variables")

# Initialize Bedrock Agent Runtime client
try:
    bedrock_agent_runtime_client = boto3.client("bedrock-agent-runtime", region_name=BEDROCK_REGION)
except Exception as e:
    print(f"ERROR: Failed to initialize Boto3 client for Bedrock Agent Runtime in region {BEDROCK_REGION}: {e}")
    bedrock_agent_runtime_client = None # Ensure graceful handling if client fails

# Simple in-memory cache for event deduplication (limited scope in Lambda)
processed_events = {}
CACHE_EXPIRY_MINUTES = 10 # How long to remember event IDs

def lambda_handler(event, context):
    print("Lambda execution started.")
    # Log Headers for debugging signature issues
    # print(f"Incoming Headers: {json.dumps(event.get('headers', {}))}")

    raw_body = event.get('body', '{}')
    headers = event.get('headers', {})

    # 1. Verify Slack Request Signature (Security Critical)
    if SLACK_SIGNING_SECRET:
        timestamp = headers.get('x-slack-request-timestamp') or headers.get('X-Slack-Request-Timestamp')
        signature = headers.get('x-slack-signature') or headers.get('X-Slack-Signature')

        if not verify_slack_signature(SLACK_SIGNING_SECRET, raw_body, timestamp, signature):
            print("ERROR: Invalid Slack signature.")
            return {"statusCode": 401, "body": "Invalid signature"}
        print("Slack signature verified successfully.")
    else:
        print("WARNING: Slack signing secret not configured. Skipping signature verification.")
        # In production, verification should be mandatory.

    # 2. Parse Slack Event Payload
    try:
        # Slack sends body as JSON string for events API
        slack_payload = json.loads(raw_body)
    except json.JSONDecodeError:
        print("ERROR: Failed to decode JSON body.")
        return {"statusCode": 400, "body": "Could not parse request body"}

    # 3. Handle Slack's URL Verification Challenge
    if slack_payload.get("type") == "url_verification":
        challenge = slack_payload.get("challenge", "")
        print("Responding to Slack URL verification challenge.")
        return {
            "statusCode": 200,
            "headers": {"Content-Type": "text/plain"},
            "body": challenge
        }

    # 4. Process Event Callback
    if slack_payload.get("type") == "event_callback":
        event_info = slack_payload.get("event", {})
        event_type = event_info.get("type")
        event_id = slack_payload.get("event_id") # Use Slack's event ID for deduplication

        print(f"Processing event callback type: {event_type}, ID: {event_id}")

        # 4a. Event Deduplication
        if not event_id:
             print("WARNING: No event_id found in payload for deduplication.")
        elif is_event_processed(event_id):
             print(f"Event {event_id} already processed. Skipping.")
             return {"statusCode": 200, "body": "Event already processed"}
        else:
             mark_event_as_processed(event_id)
             cleanup_processed_events() # Periodically clean the cache


        # 4b. Check if it's a message event we should handle (app_mention or direct message)
        if event_type == "app_mention" or (event_type == "message" and event_info.get("channel_type") == "im"):

            # Ignore messages from bots (including self) or without user text
            if event_info.get("bot_id") or "text" not in event_info:
                print("Ignoring bot message or message without text.")
                return {"statusCode": 200, "body": "Ignored bot message or no text"}

            user_id = event_info.get("user")
            text = event_info.get("text", "").strip()
            channel_id = event_info.get("channel")

            # Remove bot mention from text if it's an app_mention event
            if event_type == "app_mention":
                 # Basic removal, might need refinement for complex mentions
                 bot_user_id = slack_payload.get("authorizations", [{}])[0].get("user_id", "")
                 if bot_user_id:
                     text = text.replace(f"<@{bot_user_id}>", "").strip()

            print(f"User '{user_id}' in channel '{channel_id}' sent text: '{text}'")

            # 4c. Optional User Authorization Check
            if ALLOWED_USER_IDS:
                allowed_list = {uid.strip() for uid in ALLOWED_USER_IDS.split(',')}
                if user_id not in allowed_list:
                    print(f"User {user_id} is not authorized.")
                    send_slack_message(channel_id, f"Sorry <@{user_id}>, you are not authorized to use this assistant.")
                    return {"statusCode": 200, "body": "User unauthorized"} # Acknowledge Slack, but don't proceed

            # 4d. Validate Bedrock Client and Config before invoking
            if not bedrock_agent_runtime_client:
                 print("ERROR: Bedrock client not initialized.")
                 send_slack_message(channel_id, "Sorry, there's an internal configuration issue (Bedrock client). Please contact support.")
                 return {"statusCode": 500, "body": "Bedrock client unavailable"}

            if not all([BEDROCK_AGENT_ID, BEDROCK_AGENT_ALIAS]):
                print("ERROR: Bedrock Agent ID or Alias is missing in configuration.")
                send_slack_message(channel_id, "Sorry, the assistant configuration is incomplete. Please contact support.")
                return {"statusCode": 500, "body": "Missing Bedrock config"}

            # 4e. Invoke Bedrock Agent
            session_id = f"slack-{channel_id}-{user_id}" # Create a unique session ID for conversation context
            try:
                print(f"Invoking Bedrock Agent: ID={BEDROCK_AGENT_ID}, Alias={BEDROCK_AGENT_ALIAS}, Session={session_id}")
                response = bedrock_agent_runtime_client.invoke_agent(
                    agentId=BEDROCK_AGENT_ID,
                    agentAliasId=BEDROCK_AGENT_ALIAS, # Use the Alias ID here
                    sessionId=session_id,
                    inputText=text,
                    enableTrace=False # Set to True for detailed Bedrock traces (adds cost)
                )

                # Process the streamed response from Bedrock Agent
                agent_response_text = ""
                for event_chunk in response.get('completion', []):
                    chunk = event_chunk.get('chunk', {})
                    if 'bytes' in chunk:
                         decoded_chunk = chunk['bytes'].decode('utf-8', errors='ignore')
                         agent_response_text += decoded_chunk
                         # print(f"Received chunk: {decoded_chunk}") # Debugging

                print(f"Full agent response: {agent_response_text}")

                # 4f. Send Agent Response back to Slack
                if agent_response_text:
                    send_slack_message(channel_id, agent_response_text)
                else:
                    print("Agent returned an empty response.")
                    send_slack_message(channel_id, "Sorry, I received an empty response from the AI agent.")

            except ClientError as e:
                error_code = e.response.get('Error', {}).get('Code')
                error_message = e.response.get('Error', {}).get('Message', str(e))
                print(f"ERROR: AWS ClientError invoking Bedrock Agent: {error_code} - {error_message}")
                if error_code == 'ResourceNotFoundException':
                    send_slack_message(channel_id, "Sorry, I couldn't find the specified AI agent configuration. Please contact support.")
                elif error_code == 'ValidationException':
                     send_slack_message(channel_id, f"Sorry, there was an issue with the request: {error_message}. Please check your input or contact support.")
                else:
                    send_slack_message(channel_id, f"Sorry, an AWS error occurred while processing your request ({error_code}). Please try again later.")
                # Do not return 500 here, acknowledge Slack with 200
            except Exception as e:
                print(f"ERROR: Unexpected error invoking Bedrock Agent: {str(e)}")
                traceback.print_exc()
                send_slack_message(channel_id, "Sorry, an unexpected error occurred while processing your request. Please try again later.")
                # Do not return 500 here, acknowledge Slack with 200

    # 5. Acknowledge Receipt to Slack
    # Slack expects a quick 200 OK to know the event was received.
    # Actual processing happens asynchronously.
    print("Lambda execution finished. Returning 200 OK to Slack.")
    return {"statusCode": 200, "body": "Event received"}


# --- Helper Functions ---

def verify_slack_signature(signing_secret, request_body, timestamp, signature):
    """Verifies the authenticity of a request from Slack."""
    if not signature or not timestamp:
        print("Signature or timestamp missing.")
        return False

    # Check if timestamp is too old (e.g., > 5 minutes) to prevent replay attacks
    try:
        request_time = datetime.fromtimestamp(int(timestamp), timezone.utc)
        current_time = datetime.now(timezone.utc)
        if current_time - request_time > timedelta(minutes=5):
            print(f"Timestamp is too old: {timestamp}")
            return False
    except (ValueError, TypeError):
        print(f"Invalid timestamp format: {timestamp}")
        return False

    basestring = f"v0:{timestamp}:{request_body}".encode('utf-8')
    secret = signing_secret.encode('utf-8')
    expected_signature = 'v0=' + hmac.new(secret, basestring, hashlib.sha256).hexdigest()

    # Use secure comparison
    return hmac.compare_digest(expected_signature, signature)

def send_slack_message(channel_id, text):
    """Sends a message to a Slack channel using urllib."""
    if not SLACK_BOT_TOKEN:
        print("ERROR: SLACK_BOT_TOKEN is not set. Cannot send message.")
        return

    slack_url = "https://slack.com/api/chat.postMessage"
    payload = json.dumps({
        "channel": channel_id,
        "text": text
    }).encode('utf-8')

    headers = {
        "Content-Type": "application/json; charset=utf-8",
        "Authorization": f"Bearer {SLACK_BOT_TOKEN}"
    }

    try:
        req = urllib.request.Request(slack_url, data=payload, headers=headers, method='POST')
        with urllib.request.urlopen(req) as response:
            response_body = response.read().decode('utf-8')
            response_json = json.loads(response_body)
            if not response_json.get("ok"):
                print(f"ERROR sending message to Slack: {response_json.get('error', 'Unknown error')}")
            else:
                print(f"Successfully sent message to channel {channel_id}")
    except urllib.error.URLError as e:
        print(f"ERROR: URLError sending message to Slack: {e.reason}")
    except Exception as e:
        print(f"ERROR: Unexpected error sending message to Slack: {str(e)}")
        traceback.print_exc()


# --- Deduplication Helpers (Simple In-Memory) ---

def is_event_processed(event_id):
    """Check if event_id is in our recent cache."""
    if event_id in processed_events:
        event_time = processed_events[event_id]
        if datetime.now(timezone.utc) - event_time < timedelta(minutes=CACHE_EXPIRY_MINUTES):
            return True
        else:
            # Expired entry, remove it
            del processed_events[event_id]
            return False
    return False

def mark_event_as_processed(event_id):
    """Add event_id to the cache with current timestamp."""
    processed_events[event_id] = datetime.now(timezone.utc)

def cleanup_processed_events():
    """Remove expired event IDs from the cache."""
    now = datetime.now(timezone.utc)
    expiry_limit = timedelta(minutes=CACHE_EXPIRY_MINUTES)
    # Create a list of keys to delete to avoid modifying dict during iteration
    keys_to_delete = [event_id for event_id, timestamp in processed_events.items() if now - timestamp > expiry_limit]
    for key in keys_to_delete:
        del processed_events[key]
    # print(f"Cleaned up {len(keys_to_delete)} expired event IDs. Cache size: {len(processed_events)}") # Optional debug log

Explanation:

1. Environment Variables: Reads essential configuration like Bedrock Agent details and Slack credentials. Includes checks for their presence.
2. Signature Verification: Implements verify_slack_signature using hmac and hashlib to authenticate incoming Slack requests. This is crucial for security.
3. Request Parsing: Parses the JSON payload from Slack.
4. URL Verification Handling: Responds correctly to Slack’s initial endpoint verification challenge.
5. Event Callback Processing: Handles event_callback types.
6. Deduplication: Uses a simple in-memory dictionary (processed_events) to track recently processed event IDs, preventing duplicate processing during Slack retries. Includes cache cleanup.
7. Event Filtering: Processes only relevant messages (app_mention or direct messages (im)) and ignores messages from bots or those without text.
8. Text Cleaning: Removes the bot’s mention from the text in app_mention events.
9. User Authorization (Optional): Checks if the user ID is in the ALLOWED_USER_IDS list if configured.
10. Bedrock Invocation: Calls the bedrock_agent_runtime_client.invoke_agent method with the user’s text and a generated sessionId.
11. Response Streaming: Iterates through the completion stream from Bedrock to assemble the full response text.
12. Slack Response: Uses the send_slack_message helper function (using Python’s built-in urllib to avoid external dependencies in Lambda) to post the agent’s response back to the originating Slack channel.
13. Error Handling: Includes try...except blocks for AWS ClientError and general exceptions during Bedrock invocation, sending informative error messages back to Slack.
14. Acknowledgement: Returns a 200 OK status code quickly to Slack to acknowledge receipt, even if background processing takes longer.

Important Configuration:
* Set the following Environment Variables in the Lambda configuration:
* BEDROCK_AGENT_ID: The unique ID of your Bedrock Agent.
* BEDROCK_AGENT_ALIAS: The Alias ID (e.g., TSTALIASID) for the agent version you want to use (usually the one automatically created or one you explicitly create and associate). Do not use the alias name.
* SLACK_BOT_TOKEN: Your Slack App’s Bot User OAuth Token (starts xoxb-).
* SLACK_SIGNING_SECRET: Your Slack App’s Signing Secret.
* BEDROCK_REGION: The AWS region where your Bedrock service and agent are deployed (e.g., us-east-1).
* ALLOWED_USER_IDS (Optional): A comma-separated string of Slack User IDs permitted to interact with the bot (e.g., U123ABC,U456DEF).
* Increase the Lambda function’s Timeout. Invoking Bedrock can take time. Set this to at least 30-60 seconds.

Connecting the Lambda Function to the Action Group

Link the EC2OperationsLambda to the Action Group created earlier in Bedrock:

1. Return to the Amazon Bedrock console and edit your agent’s action group (“EC2DescribeOperations”).
2. In the “Action group invocation” section, choose “Select an existing Lambda function”.
3. Select the EC2OperationsLambda function from the dropdown list.
4. Choose the appropriate function version (typically $LATEST during development).
5. Save the action group configuration.

Grant Invocation Permission: Bedrock needs explicit permission to invoke your Lambda function.

1. Go to the EC2OperationsLambda function in the AWS Lambda console.
2. Navigate to the “Configuration” tab and select “Permissions”.
3. Under “Resource-based policy”, click “Add permissions”.
4. Select “AWS service” as the Principal type.
5. Choose “Other” in the service dropdown and type bedrock.amazonaws.com in the principal field (or select Bedrock if it appears).
6. In the “Source ARN” field, enter the ARN of your Bedrock Agent Action Group. You can find this ARN in the Bedrock console for your agent’s action group details. Restricting by Source ARN is more secure than allowing any Bedrock service invocation.
7. For “Action”, select lambda:InvokeFunction.
8. Provide a unique “Statement ID” (e.g., bedrock-invoke-ec2operationslambda).
9. Click “Save”.

(Note: If you use the “Quick create” option in Bedrock to create the Lambda, this permission is often added automatically.)

Setting Up IAM Permissions

Strict IAM permissions are vital for security.

EC2 Operations Lambda Role:

Modify the execution role created for EC2OperationsLambda. Attach a policy granting only the necessary permissions. For describing instances:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "ec2:DescribeInstances"
      ],
      "Resource": "*"
    },
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/EC2OperationsLambda*:*"
    }
  ]
}

(Adjust the log group ARN pattern based on your function name). Granting ec2:DescribeInstances on * resources is generally acceptable for read-only actions across regions. For modification actions (like Start/StopInstances), you would restrict the Resource to specific instance ARNs or use condition keys if possible.

Slack Handler Lambda Role:

Modify the execution role for SlackHandlerLambda. It needs permission to invoke the Bedrock Agent and write logs:

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "bedrock:InvokeAgent"
      ],
      "Resource": "arn:aws:bedrock:<REGION>:<ACCOUNT_ID>:agent-alias/<AGENT_ID>/<ALIAS_ID>"
    },
    {
      "Effect": "Allow",
      "Action": [
        "logs:CreateLogGroup",
        "logs:CreateLogStream",
        "logs:PutLogEvents"
      ],
      "Resource": "arn:aws:logs:*:*:log-group:/aws/lambda/SlackHandlerLambda*:*"
    }
  ]
}

Replace <REGION>, <ACCOUNT_ID>, <AGENT_ID>, and <ALIAS_ID> with your specific values. Using the specific agent alias ARN provides tighter security than arn:aws:bedrock:*:*:agent/*.

API Gateway Setup

An API Gateway endpoint is needed to receive webhook events from Slack securely.

Creating the API Gateway

1. Navigate to the Amazon API Gateway console.
2. Click “Create API”.
3. Choose “HTTP API” and click “Build”.
4. Under “Integrations”, select “Lambda”.
5. In the “Lambda function” dropdown, select your SlackHandlerLambda.
6. Give your API a name (e.g., Slack-Bedrock-Integration-API).
7. Click “Next”.

Configuring Routes

1. On the “Configure routes” page, the default integration should already be selected.
2. Set the Method to POST.
3. Keep the Resource path as /.
4. Ensure the Integration target points to your SlackHandlerLambda.
5. Click “Next”.

Configuring Stages

1. Keep the default stage name $default.
2. Ensure “Auto-deploy” is enabled for simplicity during setup.
3. Click “Next”.

Reviewing and Creating

1. Review the configuration.
2. Click “Create”.
3. Once deployed, note the Invoke URL displayed on the API details page. This URL is required for Slack configuration.

Enhancing API Gateway Security (Recommended)

For production or sensitive environments, enhance API Gateway security:

• AWS WAF Integration: Associate an AWS Web Application Firewall (WAF) Web ACL with rules to block common attacks (SQL injection, XSS) and potentially rate-limit requests.
• Throttling: Configure throttling limits (rate and burst) on the stage settings to prevent abuse and ensure availability.
• Logging: Enable access logging (CloudWatch Logs) for monitoring and troubleshooting. Configure an appropriate log format and level.
• Request Validation: While less critical for Slack’s specific payload structure if signature verification is robust, consider adding basic validation if needed.

Testing the API Gateway

Before connecting Slack, you can perform a basic test using curl or Postman. Send a POST request to the Invoke URL with a simple JSON body. Check the CloudWatch Logs for SlackHandlerLambda to confirm it was invoked (it will likely log signature verification failure or JSON parsing errors, which is expected without a valid Slack payload, but proves the connection works).

Slack Integration

Now, connect the AWS backend to Slack.

Creating a Slack App

1. Go to the Slack API website (`https://api.slack.com/apps`).
2. Click “Create New App”.
3. Choose “From scratch”.
4. Name your app (e.g., “AWS Assistant Bot”).
5. Select the target Slack workspace.
6. Click “Create App”.

Configuring Bot Token Scopes

Grant the necessary permissions for the bot to operate:

1. In the app’s settings sidebar, navigate to “OAuth & Permissions”.
2. Scroll to the “Scopes” section.
3. Under “Bot Token Scopes”, click “Add an OAuth Scope”.
4. Add the following essential scopes:
   • app_mentions:read: To see messages mentioning the bot in channels it’s invited to.
   • chat:write: To send messages as the bot.
   • im:history: To read messages in direct message conversations with the bot.
   • im:read: Basic info about direct messages.
   • im:write: To initiate direct messages (needed for some interactions).

Activating Messages Tab in App Home

Allow users to easily find and DM the bot:

1. In the sidebar, go to “App Home”.
2. Scroll to “Show Tabs”.
3. Enable the “Messages Tab”. Ensure “Allow users to send Slash commands and messages from the messages tab” is checked.

Setting Up Event Subscriptions

Configure Slack to send events (like messages) to your API Gateway:

1. In the sidebar, click “Event Subscriptions”.
2. Toggle “Enable Events” to On.
3. In the “Request URL” field, paste the Invoke URL of your API Gateway created earlier. Slack will attempt to verify the URL by sending a url_verification challenge. If your SlackHandlerLambda is deployed correctly, it should handle this challenge, and the URL will show as “Verified”.
4. Expand “Subscribe to bot events”.
5. Click “Add Bot User Event”.
6. Add the following events:
   • app_mention: Triggered when your bot is @mentioned in a channel.
   • message.im: Triggered when a user sends a direct message to your bot.
7. Click “Save Changes”. Slack may prompt you to reinstall the app.

Installing the App to Your Workspace

1. Go back to “OAuth & Permissions” or navigate to “Install App” in the sidebar.
2. Click “Install to Workspace”.
3. Review the permissions and click “Allow”.
4. Crucially, copy the “Bot User OAuth Token” (starting with xoxb-). This is needed for the SLACK_BOT_TOKEN environment variable in your SlackHandlerLambda.
5. Also, go to “Basic Information” and copy the “Signing Secret” for the SLACK_SIGNING_SECRET environment variable.

Updating the SlackHandlerLambda Environment Variables

Ensure your SlackHandlerLambda has the correct values obtained from the Slack App configuration:

1. Go to the SlackHandlerLambda in the AWS Lambda console.
2. Under “Configuration” -> “Environment variables”, click “Edit”.
3. Add or update the following variables:
   • SLACK_BOT_TOKEN: Paste the Bot User OAuth Token.
   • SLACK_SIGNING_SECRET: Paste the Signing Secret.
   • (Ensure BEDROCK_AGENT_ID, BEDROCK_AGENT_ALIAS, and BEDROCK_REGION are also correctly set).
4. Click “Save”.

Testing the Integration

Time for the “It’s alive!” moment:

1. In Slack:
   • Find your bot under “Apps” in your Slack workspace or send it a direct message.
   • Send a message like: @YourBotName show me ec2 instances in us-east-1 (if in a channel) or just show me ec2 instances in us-east-1 (in a direct message).
2. Expected Outcome: The SlackHandlerLambda should receive the event via API Gateway, verify it, invoke the Bedrock Agent, which in turn triggers the EC2OperationsLambda. The result (list of EC2 instances or a relevant message) should be posted back to the Slack channel or DM by the bot.

Troubleshooting Common Issues

• Bot Not Responding:
  • Verify API Gateway Invoke URL is correct and verified in Slack Event Subscriptions.
  • Check SlackHandlerLambda CloudWatch Logs for errors (signature verification, JSON parsing, Bedrock invocation errors).
  • Ensure all required environment variables (SLACK_*, BEDROCK_*) are correctly set in SlackHandlerLambda.
  • Confirm the bot has the necessary chat:write scope and has been added to the channel (if testing via mention).
  • Check if the “Messages Tab” is enabled in Slack App Home for DMs.
• Lambda Timeout Errors: Increase the timeout settings for both Lambda functions (SlackHandler: 30-60s, EC2Operations: 30s+).
• Permission Errors: Double-check IAM policies attached to both Lambda roles. Ensure the Bedrock Agent Alias ARN is correct in the SlackHandlerLambda policy and the resource-based policy on EC2OperationsLambda allows invocation from Bedrock. Check Slack app scopes.
• Bedrock Agent Errors: Test the agent directly in the Bedrock console. Ensure the Action Group schema matches the Lambda implementation and agent instructions are clear. Verify the correct Agent Alias ID is used. Check Bedrock CloudWatch logs if enabled.
• Signature Verification Fails: Ensure the SLACK_SIGNING_SECRET environment variable exactly matches the one in Slack’s “Basic Information” page. Check that the raw request body is being used for verification in the Lambda code.

Security Considerations Revisited

Security cannot be overstated. Let’s reinforce key points:

• IAM Least Privilege: Always grant the absolute minimum permissions required. For the EC2OperationsLambda, grant only ec2:DescribeInstances initially. If adding functionality (e.g., start/stop), add only ec2:StartInstances and ec2:StopInstances, ideally restricted to specific resource ARNs or using condition keys where feasible. Avoid wildcards like ec2:*. For the SlackHandlerLambda, restrict bedrock:InvokeAgent to the specific agent alias ARN.
• Slack App Security:
  • Signature Verification: Always verify Slack request signatures using the signing secret. Treat failure as an unauthorized request.
  • Token Security: Store SLACK_BOT_TOKEN and SLACK_SIGNING_SECRET securely (e.g., AWS Secrets Manager in production, environment variables for simplicity here). Never hardcode them.
  • Scoped Permissions: Only request the Slack scopes truly needed. Review periodically.
  • User Authorization: Implement user allow-lists (ALLOWED_USER_IDS) or more sophisticated role-based access control within the Lambda if needed.
• API Gateway Security: Use WAF, throttling, and detailed logging as appropriate for your security requirements. Ensure only POST requests are accepted.
• Data Handling: Be mindful of sensitive information. Avoid logging secrets. Sanitize data returned to Slack, redacting or summarizing sensitive details if necessary. Ensure HTTPS is used throughout. Limit data retention in logs.

Additional Use Cases

Beyond describing EC2 instances, this framework enables many possibilities:

• Resource Monitoring: “Show CloudWatch alarms in critical state.” / “What’s the CPU utilization for RDS instance ‘my-db’?”
• Cost Management: “Find unattached EBS volumes older than 30 days.” / “List EC2 instances tagged with ‘Project:Temp’.”
• Security Posture Checks: “Are there any security groups allowing 0.0.0.0/0 on port 22?” / “List IAM users without MFA enabled.”
• Simple Remediation (Use with Extreme Caution!): Define actions to stop/start tagged dev instances, or perhaps clean up specific temporary resources after user confirmation. This requires careful schema design and robust IAM controls.
• Information Retrieval: Connect a Bedrock Knowledge Base (RAG) to query internal documentation stored in S3. “What is the procedure for deploying service X?”

Each new use case requires defining a corresponding action in the Bedrock Agent Action Group (with its API schema) and implementing the logic in the backend Lambda (EC2OperationsLambda or a new dedicated function), always following the principle of least privilege for IAM permissions.

Conclusion

This guide has demonstrated how to construct a secure and functional AWS AI assistant by integrating Amazon Bedrock Agents with Slack via API Gateway and Lambda. This powerful combination allows teams to interact with their AWS environment using natural language directly within their collaboration tools, potentially boosting productivity and simplifying common operational tasks.

The key takeaway is that while building such integrations is increasingly accessible, prioritizing security through meticulous IAM configuration, request validation, and adherence to the least privilege principle is non-negotiable. The example of describing EC2 instances serves as a solid foundation upon which more complex and valuable capabilities can be built, always with security as the guiding principle.

By carefully designing agent instructions, action groups, backend logic, and security controls, you can create an invaluable, custom AI assistant tailored to your specific AWS management needs.

---

Innovative Software Technology is adept at harnessing the power of cloud services and AI to create bespoke solutions that drive efficiency and innovation. Building secure, intelligent assistants like the AWS AI assistant detailed here requires deep expertise in cloud architecture, serverless computing with AWS Lambda, API integration via API Gateway, AI/ML services like Amazon Bedrock, and robust security practices. We can partner with your business to design, implement, and manage custom cloud automation tools and AI-driven assistants integrated seamlessly into your workflows, such as Slack. Let us help you leverage Amazon Bedrock integration and secure AWS solutions to optimize your operations and unlock new levels of productivity. Contact Innovative Software Technology to explore how custom AI assistants can transform your cloud management.