Use Python and VMware Cloud on AWS APIs to create logs in a Slack Channel

Gilles Chekroun
Lead NSX Systems Engineer - VMware Europe

--- In this article, I will describe how to use a simple AWS Lambda function to create a logging mechanism using a Slack channel and report the status of my VMware Cloud on AWS SDDC Status every 1 min.
For that, I will use a simple Python function that will call the necessary APIs in VMC and build the output for the Slack channel.
I will also use a CRON job (every 1 mins) to trigger the Lambda function.

Install Python

You can install python 3.6 for Windows here or for Mac here.
In Mac OS X, Python is there by default. My version is:
$ python --version
Python 2.7.10
I really want to use version 3.6.4. For that i will install "virtualenv" to create a virtual environment and install the proper release there without interferences to my Mac setup.
$ virtualenv ~/code/vmc-api --no-site-packages
$ brew install python3
$ virtualenv --python=/usr/local/bin/python3 vmc-api
Once done, you can activate the new environment by doing:
$ cd code/vmc-api/bin
$ source activate
and now check the new version:
(vmc-api) $ which python
(vmc-api) $ python --version
Python 3.6.4
Note the (vmc-api) prompt, telling you that you are working in a virtual environment.

The "SKYSCRAPER" Python script

Built by Matt Dreyer and demo'd at AWS Re:invent 2017, this script is very easy to install and to demo. No knowledge of Python is required.

The script provides data about the VMC SDDC through API Calls.
You can download it from here.
To use that script, we will need a couple of variables from our VMC environment.

1- Refresh Token

Click on OAuth Refresh Token.
Make a note of your Refresh Token, we will need it later.

2 - Org ID and SDDC ID

In the "Support" TAB of your SDDC, make a note of the Org ID and the SDDC ID.
In the same folder where you downloaded the script, create two new files:
Paste the OAuth Refresh Token  and save. The file should only contain the token.
Paste the Org ID and save. The file should only contain the Org ID.
  • pip and python have already been installed.
  • Use homebrew if pip is not available.
  • You have access to a VMC Org, VMC SDDC and have a Refresh Token.

3 - Install packages to import

Open a Terminal Window and navigate to folder where Python script was downloaded and install the following packages:
pip install requests -t . --upgrade
pip install simplejson -t . --upgrade
pip install certifi -t . --upgrade
pip install prettytable -t . --upgrade
pip install colorama -t . --upgrade
Run some scripts:

    python show-sddcs

    python show-users

    python show-orgs (yes, I am part of 3 Orgs)

AWS Lambda, Slack and VMC integration

The Lambda script leverages a combination of AWS CloudWatch Events and AWS Lambda to capture the state of the SDDC and posts the result on a Slack channel as logging mechanism. 

Create a Slack WebHook

During this step, we will configure a Slack webhook.
Incoming Webhooks are a simple way to post messages from external sources into Slack.

1 - Log on to Slack and Create a Channel
Set up the Slack Incoming Webhook here.
Once done, select the channel you want to push the notifications to and you will get the WebHook URL:

Download the Lambda Function and edit some fields

The Python Lambda function is  here:
Make sure it’s renamed to
Edit the following fields in: 
  • slackURL =
tenantID is your OrgID.
strAccessKey is your OAuth Refresh Token. 
SlackURL should be your Slack URL WebHook.

Don't forget to rename to lambda_function.pyThis is how AWS Lambda will execute our code.

Open a Terminal Window and navigate to the folder where the Lambda function was downloaded and install the following packages. The packages will be created in the local directory.
pip install requests -t . --upgrade
pip install simplejson -t . --upgrade
pip install certifi -t . --upgrade
pip install pyvim -t . --upgrade
pip install datetime -t . –upgrade
Zip the Python file and newly created directories into an archive (

Create a new Lambda Function

Log in to AWS console. Go to ”Compute” / “Lambda” / ”Create function”.

Create CloudWatch CRON Rule 

Select "CloudWatch" / "Rules" and create a new rule.

Create an IAM Lambda Role

Go to ”Security” / “IAM” / ”Roles” and create a new role.
Click Next: Permissions. Attach the following “AWSLambdaBasicExecutionRole” policy. Choose a name for the role and create the role. You will need it during the next step.

Go back to the Lambda function definition and configure the trigger (our CRON job)
Click on the "SlackChannelTest" in the center and choose "Upload a .ZIP file". Get the previously saved and save.

Watch the results in your Slack Channel

In the CRON job we used 1 min interval (just for testing) so you should get a Slack Post every minute



Egress VPC and AWS Transit Gateway (Part1)

AWS Transitive routing with Transit Gateways in the same region

Build a VMware Cloud on AWS Content Library using AWS S3