Incident Manager Provider

The Incident Manager Provider allows you to push incidents from AWS IncidentManager to Keep.

Authentication Configuration

To authenticate with the Incident Manager Provider, you need to provide the following configuration parameters:

  • access_key: AWS access key (required, sensitive)
  • access_key_secret: AWS access key secret (required, sensitive)
  • region: AWS region (required)
  • response_plan_arn: AWS Response Plan’s ARN (required, hint: Default response plan ARN to use when interacting with incidents, if not provided, we won’t be able to register web hook for the incidents)
  • sns_topic_arn: AWS SNS Topic ARN you want to be used/using in response plan (required, hint: Default SNS topic to use when creating incidents, if not provided, we won’t be able to register web hook for the incidents)

Provider Scopes

The Incident Manager Provider requires the following provider scopes:

  • ssm-incidents:ListIncidentRecords: Required to retrieve incidents. Documentation (mandatory, alias: Describe Incidents)
  • ssm-incidents:GetResponsePlan: Required to get response plan and register Keep as webhook. Documentation (optional, alias: Update Response Plan)
  • ssm-incidents:UpdateResponsePlan: Required to update response plan and register Keep as webhook. Documentation (optional, alias: Update Response Plan)
  • iam:SimulatePrincipalPolicy: Allow Keep to test the scopes of the current user/role without modifying any resource. Documentation (optional, alias: Simulate IAM Policy)
  • sns:ListSubscriptionsByTopic: Required to list all subscriptions of a topic, so Keep will be able to add itself as a subscription. Documentation (optional, alias: List Subscriptions)

Status Map

The Incident Manager Provider maps the following statuses:

  • “OPEN” to AlertStatus.FIRING
  • “RESOLVED” to AlertStatus.RESOLVED

Severities Map

The Incident Manager Provider maps the following severities:

  • 1 to AlertSeverity.CRITICAL
  • 2 to AlertSeverity.HIGH
  • 3 to AlertSeverity.LOW
  • 4 to AlertSeverity.WARNING
  • 5 to AlertSeverity.INFO

Notes

  1. Incident Manager only throws notification when there is chatChannel attached to response plan. Make sure to add chatChannel to response plan before adding webhook