Introduction to the AWS Incident Manager SyncPack

Download this manual as a PDF file 

This section describes how you can use the "AWS Incident Manger" SyncPack to automatically synchronize SL1 events and Amazon Web Services (AWS) incidents between your AWS and SL1 systems.

This SyncPack uses the "AWS Incident Manager Automation" PowerPack and the "AWS Base"SyncPack.

What Can I Do with this SyncPack?

The "AWS Incident Manager" SyncPack lets you configure PowerFlow to automatically synchronize SL1 events and incidents generated with AWS Incident Manager. The integration is bidirectional between AWS Incident Manager and SL1 systems.

This SyncPack includes the following PowerFlow applications:

  • Send SL1 Event to AWS Incident Manager. Sends SL1 event information to the AWS console. The application takes SL1 event data as input and makes a request to the AWS Incident Manager. Based on the input parameters, the request to the AWS API does one of the following:
    • Sends event details to AWS incident manager
    • Incident Manager contact channels will be created and send email/message
    • All the target actions in AWS services to be validated for each use case
  • Bulk Resolve SL1 Events From AWS. Receives input from a user action in the AWS Console, such as "resolving" an incident, and shares the action being performed, the SL1 instance information and the Event ID. This application clears the SL1 event in the specified SL1 instance based on the resolution on AWS incident manager.

Contents of the SyncPack

This section lists the contents of the "AWS Incident Manager" SyncPack.

PowerFlow Applications

  • Bulk Resolve SL1 Events From AWS. This application collects resolution state data from AWS and resolves corresponding SL1 events.
  • Create Timeline Event In AWS Incident Manager. This application collects acknowledged event data from SL1 and creates a timeline event in AWS.
  • Resolve AWS Incident. This application resolves an AWS incident that was resolved by a corresponding SL1 event.
  • Send SL1 Event to AWS Incident Manager. This application collects event details from SL1 and creates an incident in AWS.

For more information about how to configure these applications, see Configuring and Aligning the AWS Incident Manager Applications.

Configuration Object

  • AWS Incidents Base Config. This configuration object can be used as a template after the SyncPack is installed on the PowerFlow system. The configuration object includes the following:
    • Details for connecting to SL1, including the host, username, and password.
    • Details for connecting to AWS, including the region name, access key ID, secret access key ID, and service.
    • Details for event and incident response including templates, maps, time, external URL population, and response plans.

Steps

The following steps are included in this SyncPack:

  • CreateSL1Payload
  • Create Timeline Event In AWS Incident Manager
  • Get Event Details From SL1 Start AWS Incident
  • Get Resolved Incidents And Pass To SL1
  • PostUpdateToSL1
  • Resolve Incident In AWS Incident Manager