Automate Tasks with AWS Systems Manager and Opsgenie Actions, A Use Case

opsgenie-actions-blog-1

Opsgenie Actions enable you to automate manual, repetitive tasks so that your resources are freed up to concentrate on higher-value work. This blog post is the first in a series of use cases in which we discuss how Opsgenie works with various third-party automation platforms to automate these traditionally manual tasks—right from the Opsgenie console or mobile app— to reduce interruptions for your on-call responders, and ultimately help your bottom line.

Opsgenie offers a direct integration for running AWS Automation Documents. In this scenario we will discuss automating disabling public access for a security group. You can view the AWS Systems Manager (SSM) document, here.

The AWS-DisablePublicAccessForSecurityGroup document disables default SSH and RDP ports that are opened to all IP addresses. By executing this document, you can easily restrict the public access of any security group. You can also define additional IPv4 addresses to block. Configuring an Opsgenie Action to trigger this document reduces your response time for critical security alerts that require immediate action.

Here’s how it’s done:

Step 1: Action Channel
To execute an AWS SSM document, you need to first define an “action channel”—which includes the connection credentials to your AWS account. Name your channel, then select your region. Next, you need to define an IAM role with the necessary permissions and trust relationships. Use the link provided in the dialogue box to create an IAM role via CloudFormation template. Be sure to confirm that your IAM role includes all the necessary permissions to execute the document. For more information on IAM roles, click here.

Create Action Channel in Opsgenie

Step 2: Manage and Define the Action

Once the action channel is configured, it’s time to define the Opsgenie Action. Click the “Add Action” button and select “AWS Systems Manager”as the “Type”. Then, select the channel you created in Step 1. Next, select “AWS-DisablePublicAccessForSecurityGroup” from the AWS SSM Documents drop down, and click “Next” to configure parameters.

Manage the Opsgenie Action being created

Opsgenie Actions allow you to customize the parameters. You can also configure the parameters to either be “Predefined”, meaning they don’t require live intervention,  or require the user to enter them at run time by selecting the “Prompt User” option. Prompting the user allows you to specify values at  run time using a drop down, check box, or free form text.  Please note, the parameters and their requirement conditions are retrieved from AWS directly.

Define the Parameters to Execute the Action

Step 3: Action Execution

You can add an Opsgenie Action to an alert by using "Alert Policies," simply define an alert policy that adds the “diablePublicAccess” action to alerts that include “Suspicious ip” in the message field. This way, whenever Opsgenie receives an alert containing suspicious activity on a security group, you can quickly execute “disablePublicAccess” restricting access immediately, without wasting time. Knowing the access is automatically restricted, enables you to immediately begin investigating the problem in more detail and work toward a solution, faster. 

Execute Disable Public Access for security group using AWS SSM

This is just one application of Opsgenie Actions that illustrates how using this feature can reduce your MTTR and increase the time and resources available for higher-value work. Be sure to keep an eye out for our other use cases in the coming weeks.

Interested in trying Opsgenie Actions for yourself? Sign up for early access, contact us  through the blue chat bubble on our homepage to enable this feature for you. For more information view our previous blog post on Opsgenie Actions.