The Incident Manager Provider allows you to push incidents from AWS IncidentManager to Keep.

Authentication

This provider requires authentication.

  • region: AWS region (required: True, sensitive: False)
  • response_plan_arn: AWS Response Plan’s arn (required: True, sensitive: False)
  • sns_topic_arn: AWS SNS Topic arn you want to be used/using in response plan (required: True, sensitive: False)
  • access_key: AWS access key (Leave empty if using IAM role at EC2) (required: False, sensitive: True)
  • access_key_secret: AWS access key secret (Leave empty if using IAM role at EC2) (required: False, sensitive: True)

Certain scopes may be required to perform specific actions or queries via the provider. Below is a summary of relevant scopes and their use cases:

  • ssm-incidents:ListIncidentRecords: Required to retrieve incidents. (mandatory) (Documentation)
  • ssm-incidents:GetResponsePlan: Required to get response plan and register keep as webhook (Documentation)
  • ssm-incidents:UpdateResponsePlan: Required to update response plan and register keep as webhook (Documentation)
  • iam:SimulatePrincipalPolicy: Allow Keep to test the scopes of the current user/role without modifying any resource. (Documentation)
  • sns:ListSubscriptionsByTopic: Required to list all subscriptions of a topic, so Keep will be able to add itself as a subscription. (Documentation)

In workflows

This provider can be used in workflows.

As “step” to query data, example:

steps:
    - name: Query incidentmanager
      provider: incidentmanager
      config: "{{ provider.my_provider_name }}"

If you need workflow examples with this provider, please raise a GitHub issue.

Status Map

The Incident Manager Provider maps the following statuses:

  • “OPEN” to AlertStatus.FIRING
  • “RESOLVED” to AlertStatus.RESOLVED

Severities Map

The Incident Manager Provider maps the following severities:

  • 1 to AlertSeverity.CRITICAL
  • 2 to AlertSeverity.HIGH
  • 3 to AlertSeverity.LOW
  • 4 to AlertSeverity.WARNING
  • 5 to AlertSeverity.INFO

Notes

  1. Incident Manager only throws notification when there is chatChannel attached to response plan. Make sure to add chatChannel to response plan before adding webhook