AWS Compute Services

Utilizing Lambda Functions to Control Amazon EC2 Instances via Slack

4 min read
Updated June 21, 2025
5,812 characters

This cheat sheet outlines a "ChatOps" architectural pattern that allows you to securely start and stop Amazon EC2 instances directly from a Slack channel using slash commands.

The Problem: Inefficient EC2 Management

Manually logging into the AWS Management Console to start or stop EC2 instances for development, testing, or other routine tasks can be time-consuming. A ChatOps approach provides a quick, convenient, and auditable way to perform these actions from a central communication hub.

Architectural Components

This solution integrates Slack with several AWS services to create a secure control pipeline.

1. Slack (Slash Command)

  • Role: The user interface.
  • Function: A custom "Slash Command" (e.g., /ec2) is created within a Slack App. When a user types this command in a channel, Slack sends the command details in an HTTP POST request to a specified URL.
  • Configuration: The Slash Command is configured with the Request URL provided by Amazon API Gateway. Slack also provides a Signing Secret to secure and verify requests.

2. Amazon API Gateway

  • Role: The secure public endpoint and front door for the entire operation.
  • Function: It receives the POST request from Slack, validates it, and triggers the backend AWS Lambda function.
  • Configuration:
    • A REST API with a POST method is created.
    • The endpoint is configured for Lambda Proxy Integration, which passes the entire request from Slack directly to the Lambda function.
    • For security, it's essential to configure the API Gateway to validate the X-Slack-Signature header sent by Slack to ensure requests are authentic.

3. AWS Lambda Function

  • Role: The core orchestration and business logic.
  • Function:
    1. Triggered: The function is invoked by API Gateway, receiving the request payload from Slack.
    2. Verify Request: The first and most critical step is to verify the Slack Signing Secret to ensure the request is legitimate and not a spoofed attempt.
    3. Parse Command: It parses the text field from the Slack payload to determine the intended action (e.g., start or stop) and the target EC2 instance ID (e.g., i-0123456789abcdef0).
    4. Execute Action: It uses the AWS SDK (Boto3 for Python) to make API calls to the EC2 service (ec2:StartInstances or ec2:StopInstances).
    5. Format Response: It formats a user-friendly response message indicating the success or failure of the operation.
    6. Respond to Slack: It returns this message as the HTTP response. API Gateway forwards this response back to Slack, where it appears as a reply to the user's command.

4. Amazon EC2

  • Role: The target infrastructure.
  • Function: These are the instances that will be started or stopped by the Lambda function's API calls.

5. IAM Role

  • Role: The security permissions for the Lambda function.
  • Function: The Lambda function's execution role must be granted specific, least-privilege permissions:
    • ec2:StartInstances
    • ec2:StopInstances
    • ec2:DescribeInstances (To check the current state of an instance before performing an action)
    • logs:CreateLogGroup, logs:CreateLogStream, logs:PutLogEvents (For writing its own execution logs to CloudWatch)

End-to-End Workflow

  1. User Input: A user types /ec2 start i-0123456789abcdef0 into a Slack channel.
  2. Slack Request: Slack sends an HTTP POST request containing the command details to the configured API Gateway endpoint URL. The request includes a special X-Slack-Signature header.
  3. API Gateway Trigger: API Gateway receives the request and, via proxy integration, triggers the Lambda function, passing the full request payload and headers.
  4. Lambda Execution:
    a. The Lambda function uses the Slack Signing Secret to verify the X-Slack-Signature header. If it's invalid, the function exits with an error.
    b. The function parses the text "start i-0123456789abcdef0" to identify the action and the instance ID.
    c. It calls the EC2 DescribeInstances API to check if the instance is in a "stoppable" or "startable" state.
    d. It calls the EC2 StartInstances API with the target instance ID.
    e. It crafts a response message, such as "Successfully initiated start for instance i-0123456789abcdef0."
  5. Slack Response: The Lambda function returns the success message in its HTTP response. API Gateway passes this response back to Slack.
  6. User Feedback: The message appears as an ephemeral (visible only to the user) or in-channel response in Slack, confirming the action was taken.

📚 Recommended AWS Resources

AWS Certified Solutions Architect Study Guide
Complete preparation for AWS certification exams
AWS Cookbook
Practical recipes for AWS cloud solutions
As an Amazon Associate, we earn from qualifying purchases.
Back to All