Configuring Applications for the AWS Incident Manager SyncPack

Download this manual as a PDF file 

This section describes how to set up the PowerFlow applications for the "AWS Incident Manager" SyncPack. This section also covers how to configure the "AWS Incident Manager Automation" PowerPack and the "AWS Base"SyncPack.

Workflow for Configuring the SyncPack

The following workflows describe how to configure SL1 and PowerFlow to work with the "AWS Incident Manager" SyncPack.

Configuring SL1

  1. Create a SOAP/XML credential to access PowerFlow
  2. Edit the AWS Incident Manager run book actions
  3. Enable the AWS Incident Manager run book automations

Configuring PowerFlow

  1. Create and align a PowerFlow configuration object
  2. Configure the PowerFlow applications
  3. Schedule the PowerFlow applications

Configuring SL1

The following topics cover how to set up your SL1 instance to work with the "AWS Incident Manager" SyncPack.

Creating a SOAP/XML Credential to Access PowerFlow

You will need to create a SOAP/XML credential in SL1 so that the automation actions included in the PowerPack can access your PowerFlow system.

To create a SOAP/XML credential:

  1. In SL1, go to the Credentials page (Manage > Credentials).
  2. Click Create New and select Create SOAP/XML Credential. The Create Credential window appears.
  3. Complete the following fields:
  • Name. Type a new name for the credential.
  • All Organizations. Toggle on (blue) to align the credential to all organizations, or toggle off (gray) and then select one or more specific organizations from the What organization manages this service? drop-down field to align the credential with those specific organizations.
  • URL. Type the URL for your PowerFlow system.
  • HTTP Auth User. Type the username for your PowerFlow system.
  • HTTP Auth Password. Type the password for your PowerFlow system.
  1. Click Save & Close.
  2. Take note of the SL1-assigned ID number for the new credential on the Credentials page, in the ID column. You will need the ID number when editing the input parameters of the run book actions included in the PowerPack, below.

Editing the AWS Incident Manager Run Book Actions

The "AWS Incident Manager Automation" PowerPack includes run book actions that use the "Run Integration Service Application" action type to trigger the PowerFlow applications that trigger, acknowledge, and resolve incidents and events between SL1 and AWS.

To utilize the run book automation policies included in the PowerPack, you must edit the following run book actions to communicate with your PowerFlow system:

  • "AWS: Create Timeline Event"
  • "AWS: Resolve Incident"
  • "AWS: Trigger Incident"

To edit the run book actions included in the PowerPack:

  1. Go to the Actions page (Registry > Run Book > Actions).
  2. Locate the AWS run book action that you want to use, and then click its wrench icon (). The Editing Action page appears.
  3. In the Input Parameters field, change the values of the following parameters:
  • credential_id. Change the value to the credential ID that you noted in the previous procedure when creating a credential for your PowerFlow system. This field is required.
  • include_event. Leave the value as "true".
  • application_name. Leave the default application value.
  • params. Leave the default parameter value.
  1. Make sure the Action State is set to Enabled, and then click Save.

Enabling the AWS Incident Manager Run Book Automations

The "AWS Incident ManagerPowerPack includes three run book automation policies that you will need to enable:

  • "AWS: Create Timeline Event"
  • "AWS: Resolve Incident"
  • "AWS: Trigger Incident"

To enable the run book automations:

  1. In SL1, go to the Automations page (Registry > Run Book > Automation).
  2. Locate the "AWS: Create Timeline Event" automation policy and click its wrench icon (). The Automation Policy Editor page appears.
  3. Update the following fields:
  • Policy State. Select Enabled.
  • Policy Priority. Select High to ensure that this PowerFlow automation policy is added to the top of the queue.
  • Available Actions. If it is not already selected, select "Run Integration Service Application: Ansible:Command" (or "Ansible:Tower" for the "Ansible:Tower" automation policy) and click the arrows to move it to Aligned Actions.

ScienceLogic highly recommends that you do not make changes to the Policy Type, Repeat Time, or Align With fields or the And event is NOT acknowledged setting.

  1. Click Save.
  2. Repeat steps 2-4 for the "AWS: Resolve Incident" and "AWS: Trigger Incident" run book automation policy.

Configuring PowerFlow

The following topics cover how to set up your PowerFlow instance to work with the "AWS Incident Manager" SyncPack.

Creating a Configuration Object

A configuration object supplies the login credentials and other required information needed to execute the steps for a PowerFlow application. The Configurations page () of the PowerFlow user interface lists all available configuration objects for that system.

You can create as many configuration objects as you need. A PowerFlow application can only use one configuration object at a time, but you can use (or "align") the same configuration object with multiple applications.

To use this SyncPack, you will need to use an existing configuration object in the PowerFlow user interface or create a new configuration object. Next, you need to align that configuration object to the relevant applications.

For this SyncPack, you can make a copy of the "AWS Incidents Base Config" configuration object, which is the sample configuration file that was installed with the "AWS Incident Manager" SyncPack.

The "AWS Incidents Base Config" configuration object contains all of the required variables. Simply update the variables from that object to match your SL1 and AWS settings.

For more information about the AWS terms and concepts in this section, see the AWS documentation.

To create a configuration object based on the "AWS Incidents Base Config" configuration object:

  1. In the PowerFlow user interface, go to the Configurations page ().
  2. Click the Actions button () for the "AWS Incidents Base Config" configuration object and select Edit. The Configuration pane appears.
  3. Click Copy as. The Create Configuration pane appears.
  4. Complete the following fields:
    • Friendly Name. Type a name for the configuration object that will display on the Configurations page.
    • Description. Type a brief description of the configuration object.
    • Author. Type the user or organization that created the configuration object.
    • Version. Type a version of the configuration object.

  1. In the Configuration Data field, update the default variable definitions to match your PowerFlow configuration:

    • sl1_host. Type the hostname or IP address of the SL1 system the alerts will synchronize to.
    • sl1_user. Type the username for your SL1 system.
    • sl1_password. Type the password for your SL1 system.
    • aws_region_name. Type the region of your AWS system.
    • aws_access_key_id. Type the access key ID of your AWS system.
    • aws_secret_access_key. Type the secret access key ID of your AWS system.
    • aws_service. Keep the default value.
    • aws_default_response_plan_arn_1. Type the ARN for the default AWS response plan for PowerFlow to use when creating an incident in AWS.
    • add_template. Toggle the JSON editor to define the template to translate SL1 event information to an AWS incident.
    • summary_template. Toggle the JSON editor to define the summary format to translate an SL1 event to an AWS incident.
    • event_response_plan_map. You can configure specific SL1 event criteria to trigger alternative response plans in AWS. To define an alternative response plan, toggle the JSON editor and enter an event property, search key to match to the event, and the ARN for the alternative AWS response plan. For example, if you want to trigger an alternative response plan for an SL1 event that contains "database" in the event message, enter the JSON code as follows:

      2. {

      "event_property": "%M",

      "response_plan": "arn:aws:ssm-incidents::XXXXXXXX:response-plan/XXXXXXXXX",

      "search_key": "database"

      }

       

    • resolve_from_aws. When enabled, this parameter resolves SL1 events from AWS incidents. The default value is 'enabled'. To disable this parameter, change this value to 'disabled'.
    • populate_external_url. The option to add an AWS incident URL to the corresponding SL1 event. The default value is 'enabled'.
    • time_delta. Type the time configuration in days to synchronize your AWS incidents and SL1 events. The "Bulk Resolve SL1 Events from AWS" application will only collect incidents that have been updated within the number of days defined in this parameter.
  1. Click Save. You can now align this configuration object with one or more applications.

Aligning a Configuration Object and Configuring PowerFlow Applications

With this SyncPack, any status changes made to an SL1 event are sent to AWS to update the corresponding incident. Any status changes to the AWS incident are synced back to the corresponding SL1 event. You will need to align the AWS Incident Manager applications with the relevant configuration object in PowerFlow, and, if needed, update any other fields on the Configuration pane for the applications.

To run this SyncPack, you must "align" the configuration object to run with the following PowerFlow applications:

  • "Bulk Resolve SL1 Events From AWS"
  • "Create Timeline Event In AWS Incident Manager"
  • "Resolve AWS Incident"
  • "Send SL1 Event to AWS Incident Manager"

To align the configuration object with the relevant PowerFlow applications:

  1. On the Applications page of the PowerFlow user interface, open one of the PowerFlow applications listed above and click Configure (). The Configurations pane for that application appears.
  2. From the Configurations drop-down, select the configuration object you want to use.

The values for sl1_hostname and the other parameters that appear in the Configuration pane with a padlock icon () are populated either by the configuration object you aligned with the application or by the run book action. Do not modify these values. If you encounter an error, make sure your run book action is configured properly.

  1. Click Save to align that configuration with the application.
  2. Repeat this process for the other PowerFlow applications.

Scheduling PowerFlow Applications

To trigger the "Bulk Resolve SL1 Events From AWS" application, you must schedule the application so it runs on a regular basis.

You can create one or more schedules for a single application in the PowerFlow user interface. When creating each schedule, you can specify the queue and the configuration file for that application.

To create a schedule:

  1. On the Applications page (), click the Schedule button for the application you want to schedule. The Scheduler window appears.
  2. In the Schedule List pane, click the down arrow icon () next to an existing schedule to view the details for that schedule.
  3. In the Schedule Creator pane, complete the following fields for the default Frequency setting:
  • Schedule Name. Type a name for the schedule.
  • Frequency in seconds. Type the number of seconds per interval that you want to run the application.
  • Custom Parameters. Type any JSON parameters you want to use for this schedule, such as information about a configuration file or mappings.
  1. To use a cron expression, click the Switch to Cron Expression toggle to turn it blue. If you select this option, you can create complicated schedules based on minutes, hours, the day of the month, the month, and the day of the week:

As you update the cron expression, the Schedule window displays the results of the expression in more readable language, such as Runs app: "Every 0 and 30th minute past every hour on Sat", based on 0,30 in the Minutes field and 6 in the Day of Week field.

  1. Click Save Schedule. The schedule is added to the Schedule List pane. Also, on the Applications page, the Schedule button now displays with a dark blue background:

After you create a schedule, it continues to run until you delete it. Also, you cannot edit an existing schedule, but you can delete it and create a similar schedule if needed.

To view or delete an existing schedule:

  1. On the Applications page, click the Schedule button for the application that contains a schedule you want to delete. The Scheduler window appears.
  2. Click the down arrow icon () to view the details of an existing schedule.
  3. To delete the selected schedule, click the Actions icon () and selectDelete.

On the Scheduler window for a PowerFlow application, you can click the Copy as button from the Schedule List pane to make a copy of an existing schedule.

When either multiple SL1 instances or multiple AWS instances are involved with PowerFlow, you should create an individual configuration object for each SL1 or AWS instance. Next, create an individual schedule for each configuration object. Each schedule should use a configuration object that is specific to that single SL1 or AWS instance. Creating copies of a PowerFlow application from a SyncPack for the purpose of distinguishing between domains is not supported, and will result in issues on upgrades.