Slack - Amazon Kendra

Slack

Slack is an enterprise communications app that lets users send messages and attachments through various public and private channels. You can use Amazon Kendra to index your Slack public and private channels, bot and archive messages, files and attachments, direct and group messages. You can also choose specific content to filter.

Note

Amazon Kendra now supports an upgraded Slack connector.

The console has been automatically upgraded for you. Any new connectors you create in the console will use the upgraded architecture. If you use the API, you must now use the TemplateConfiguration object instead of the SlackConfiguration object to configure your connector.

Connectors configured using the older console and API architecture will continue to function as configured. However, you won’t be able to edit or update them. If you want to edit or update your connector configuration, you must create a new connector.

We recommended migrating your connector workflow to the upgraded version. Support for connectors configured using the older architecture is scheduled to end by June 2024.

You can connect Amazon Kendra to your Slack data source using the Amazon Kendra console or the TemplateConfiguration API.

For troubleshooting your Amazon Kendra Slack data source connector, see Troubleshooting data sources.

Supported features

Amazon Kendra Slack data source connector supports the following features:

  • Field mappings

  • User context filtering

  • User identity crawling

  • Inclusion/exclusion filters

  • Full and incremental content syncs

  • Virtual private cloud (VPC)

Prerequisites

Before you can use Amazon Kendra to index your Slack data source, make these changes in your Slack and AWS accounts.

In Slack, make sure you have:

  • Created a Slack Bot User OAuth token or Slack User OAuth token. You can choose either token to connect Amazon Kendra to your Slack data source. See Slack documentation on access tokens for more information.

    Note

    If you use the bot token as part of your Slack credentials, you cannot index direct messages and group messages and you must add the bot token to the channel you want to index.

  • Noted your Slack workspace team ID from your Slack workspace main page URL. For example, https://app.slack.com/client/T0123456789/... where T0123456789 is the team ID.

  • Added the following Oauth scopes/ read permissions:

    User token scope Bot token scope
    • channels:history

    • channels:read

    • channels:write

    • chat:write

    • emoji:read

    • files:read

    • files:write

    • groups:history

    • groups:read

    • groups:write

    • im:history

    • im:read

    • im:write

    • mpim:history

    • mpim:read

    • mpim:write

    • reactions:write

    • team:read

    • usergroups:read

    • usergroups:write

    • users.profile:read

    • users:read

    • users:read.email

    • auditlogs:read

    • team:read

    • channels:history

    • groups:history

    • im:history

    • mpim:history

    • chat:write

    • channels:manage

    • groups:write

    • groups:read

    • im:write

    • im:read

    • files:write

    • files:read

    • users:read

    • links:read

    • channels:read

    • mpim:read

    • chat:write.customize

    • channels:join

    • emoji:read

    • mpim:write

    • usergroups:read

    • usergroups:write

    • users.profile:read

    • users:read.email

    • users:write

  • Checked each document is unique in Slack and across other data sources you plan to use for the same index. Each data source that you want to use for an index must not contain the same document across the data sources. Document IDs are global to an index and must be unique per index.

In your AWS account, make sure you have:

  • Created an Amazon Kendra index and, if using the API, noted the index ID.

  • Created an IAM role for your data source and, if using the API, noted the ARN of the IAM role.

    Note

    If you change your authentication type and credentials, you must update your IAM role to access the correct AWS Secrets Manager secret ID.

  • Stored your Slack authentication credentials in an AWS Secrets Manager secret and, if using the API, noted the ARN of the secret.

    Note

    We recommend that you regularly refresh or rotate your credentials and secret. Provide only the necessary access level for your own security. We do not recommend that you re-use credentials and secrets across data sources, and connector versions 1.0 and 2.0 (where applicable).

If you don’t have an existing IAM role or secret, you can use the console to create a new IAM role and Secrets Manager secret when you connect your Slack data source to Amazon Kendra. If you are using the API, you must provide the ARN of an existing IAM role and Secrets Manager secret, and an index ID.

Connection instructions

To connect Amazon Kendra to your Slack data source, you must provide the necessary details of your Slack data source so that Amazon Kendra can access your data. If you have not yet configured Slack for Amazon Kendra, see Prerequisites.

Console

To connect Amazon Kendra to Slack

  1. Sign in to the AWS Management Console and open the Amazon Kendra console.

  2. From the left navigation pane, choose Indexes and then choose the index you want to use from the list of indexes.

    Note

    You can choose to configure or edit your User access control settings under Index settings.

  3. On the Getting started page, choose Add data source.

  4. On the Add data source page, choose Slack connector, and then choose Add connector.

  5. On the Specify data source details page, enter the following information:

    1. In Name and description, for Data source name—Enter a name for your data source. You can include hyphens but not spaces.

    2. (Optional) Description—Enter an optional description for your data source.

    3. In Default language—Choose a language to filter your documents for the index. Unless you specify otherwise, the language defaults to English. Language specified in the document metadata overrides the selected language.

    4. In Tags, for Add new tag—Include optional tags to search and filter your resources or track your AWS costs.

    5. Choose Next.

  6. On the Define access and security page, enter the following information:

    1. In Source, for Slack workspace team ID—The team ID of your Slack workspace.

    2. AWS Secrets Manager secret—Choose an existing secret or create a new Secrets Manager secret to store your Slack authentication credentials. If you choose to create a new secret an AWS Secrets Manager secret window opens.

      1. Enter following information in the Create an AWS Secrets Manager secret window:

        1. Secret name—A name for your secret. The prefix ‘AmazonKendra-Slack-’ is automatically added to your secret name.

        2. For Slack token—Enter the authentication credential values you created in your Slack account.

      2. Choose Save.

    3. Virtual Private Cloud (VPC)—You can choose to use a VPC. If so, you must add Subnets and VPC security groups.

    4. Identity crawler—Specify whether to turn on Amazon Kendra’s identity crawler. The identity crawler uses the access control list (ACL) information for your documents to filter search results based on the user or their group access to documents. If you have an ACL for your documents and choose to use your ACL, you can then also choose to turn on Amazon Kendra’s identity crawler to configure user context filtering of search results. Otherwise, if identity crawler is turned off, all documents can be publicly searched. If you want to use access control for your documents and identity crawler is turned off, you can alternatively use the PutPrincipalMapping API to upload user and group access information for user context filtering.

    5. IAM role—Choose an existing IAM role or create a new IAM role to access your repository credentials and index content.

      Note

      IAM roles used for indexes cannot be used for data sources. If you are unsure if an existing role is used for an index or FAQ, choose Create a new role to avoid errors.

    6. Choose Next.

  7. On the Configure sync settings page, enter the following information:

    1. Select type of content to crawl—The Slack entities or content types you want to crawl. You can choose from All channels, Public channels, Private channels, Group messages, and Private messages.

    2. Select crawl start date—Enter the date from which Amazon Kendra is going to crawl your Slack content.

    3. For Additional configuration – optional enter the following information:

      • (Optional)Channel ID/Name—If you've chosen to sync content from channels, you can include content to sync from specific channels by providing channel IDs and channel names.

      • Messages—Choose whether to include bot messages, or archived messages, or both bot and archived messages.

        Note

        If you choose to configure filters for both Channel ID and Channel Name, the Amazon Kendra Slack connector will prioritize channel IDs over channel names.

        If you choose to configure filters for either Channel ID or Channel Name, the Amazon Kendra Slack connector will ignore Private and Group messages even if you've chosen to crawl private and group messages in Sync scope.

      • Regex patterns—Regular expression patterns to include or exclude certain files. You can add up to 100 patterns. Examples of regex patterns include:

        • File type – .pdf, .docx

        • File name – Hello*.txt, TestFile.*

    4. For Sync mode choose how you want to update your index when your data source content changes. When you sync your data source with Amazon Kendra for the first time, all content is synced by default.

      • Full sync—Sync all content regardless of the previous sync status.

      • New, modified, or deleted documents sync—Sync only new, modified, and deleted documents.

    5. In Sync run schedule, for Frequency—How often Amazon Kendra will sync with your data source.

    6. Choose Next.

  8. On the Set field mappings page, enter the following information:

    1. For Slack field mappings—Select from the Amazon Kendra generated default data source fields you want to map to your index.

    2. Add field—To add custom data source fields to create an index field name to map to and the field data type.

    3. Choose Next.

  9. On the Review and create page, check that the information you have entered is correct and then select Add data source. You can also choose to edit your information from this page. Your data source will appear on the Data sources page after the data source has been added successfully.

API

To connect Amazon Kendra to Slack

You must specify a JSON of the data source schema using the TemplateConfiguration API. You must provide the following information:

  • Data source—Specify the data source type as SLACK when you use the TemplateConfiguration JSON schema. Also specify the data source as TEMPLATE when you call the CreateDataSource API.

  • Slack workspace team ID—The Slack team ID you copied from your Slack main page URL.

  • Since date—The date to start crawling your data from your Slack workspace team. The date must follow this format: yyyy-mm-dd.

  • Sync mode—Specify whether Amazon Kendra should update your index by syncing all documents or only new, modified, and deleted documents. You can choose between the following options:

    • FORCED_FULL_CRAWL to freshly re-crawl all content and replace existing content each time your data source syncs with your index.

    • FULL_CRAWL to incrementally crawl only new, modified, and deleted content each time your data source syncs with your index.

    • CHANGE_LOG to incrementally crawl only new and modified content each time your data source syncs with your index.

  • Identity crawler—Specify whether to turn on Amazon Kendra’s identity crawler. The identity crawler uses the access control list (ACL) information for your documents to filter search results based on the user or their group access to documents. If you have an ACL for your documents and choose to use your ACL, you can then also choose to turn on Amazon Kendra’s identity crawler to configure user context filtering of search results. Otherwise, if identity crawler is turned off, all documents can be publicly searched. If you want to use access control for your documents and identity crawler is turned off, you can alternatively use the PutPrincipalMapping API to upload user and group access information for user context filtering.

  • Secret Amazon Resource Name (ARN)—Provide the Amazon Resource Name (ARN) of an Secrets Manager secret that contains the authentication credentials for your Slack account. The secret is stored in a JSON structure with the following keys:

    { "slackToken": "token" }
    Note

    We recommend that you regularly refresh or rotate your credentials and secret. Provide only the necessary access level for your own security. We do not recommend that you re-use credentials and secrets across data sources, and connector versions 1.0 and 2.0 (where applicable).

  • IAM role—Specify RoleArn when you call CreateDataSource to provide an IAM role with permissions to access your Secrets Manager secret and to call the required public APIs for the Slack connector and Amazon Kendra. For more information, see IAM roles for Slack data sources.

You can also add the following optional features:

  • Virtual Private Cloud (VPC)—Specify VpcConfiguration when you call CreateDataSource. For more information, see Configuring Amazon Kendra to use an Amazon VPC.

  • Specific channels—Filter by public or private channels, and specify certain channels by their ID.

  • Types of channels and messages—Whether Amazon Kendra should index your public and private channels, your group and direct messages, and your bot and archived messages. If you use a bot token as part of your Slack authentication credentials, you must add the bot token to the channel you want to index. You cannot index direct messages and group messages using a bot token.

  • Look back—You can choose to configure a lookBack parameter so that the Slack connector crawls updated or deleted content up to a specified number of hours before your last connector sync.

  • Inclusion and exclusion filters—Specify whether to include or exclude certain Slack content. If you use a bot token as part of your Slack authentication credentials, you must add the bot token to the channel you want to index. You cannot index direct messages and group messages using a bot token.

    Note

    Most data sources use regular expression patterns, which are inclusion or exclusion patterns referred to as filters. If you specify an inclusion filter, only content that matches the inclusion filter is indexed. Any document that doesn’t match the inclusion filter isn’t indexed. If you specify an inclusion and exclusion filter, documents that match the exclusion filter are not indexed, even if they match the inclusion filter.

  • Field mappings—Choose to map your Slack data source fields to your Amazon Kendra index fields. For more information, see Mapping data source fields.

    Note

    The document body field or the document body equivalent for your documents is required in order for Amazon Kendra to search your documents. You must map your document body field name in your data source to the index field name _document_body. All other fields are optional.

For a list of other important JSON keys to configure, see Slack template schema.

Learn more

To learn more about integrating Amazon Kendra with your Slack data source, see: