Opsgenie Actions enable you to automate manual, repetitive tasks so that your resources are freed up to concentrate on higher-value work. This blog post is the first in a series of use cases in which we discuss how Opsgenie works with various third-party automation platforms to automate these traditionally manual tasks — right from the Opsgenie console or mobile app— to reduce interruptions for your on-call responders, and ultimately boost your bottom line.
Opsgenie offers a direct integration for running AWS Automation Documents. In this scenario, we will discuss automating the process of disabling public access for a security group.
The AWS-DisablePublicAccessForSecurityGroup document disables default SSH and RDP ports that are opened to all IP addresses. By executing this document, you can easily restrict the public access of any security group. You can also define additional IPv4 addresses to block. Configuring an Opsgenie Action to trigger this document reduces your response time for critical security alerts that require immediate action.
Here’s how it’s done:
Step 1: Action channel
To execute an AWS SSM document, you need to first define an “action channel,” which includes the connection credentials to your AWS account. Name your channel, then select your region. Next, you’ll define an IAM role with the necessary permissions and trust relationships. Use the link provided in the dialogue box to create an IAM role via CloudFormation template. Be sure to confirm that your IAM role includes all the necessary permissions to execute the document.
Step 2: Manage and define the action
Once the action channel is configured, it’s time to define the Opsgenie Action. Click the “Add Action” button and select “AWS Systems Manager”as the Type. Then, select the channel you created in Step 1. Next, select “AWS-DisablePublicAccessForSecurityGroup” from the AWS SSM Documents drop-down, and click “Next” to configure parameters.
Opsgenie Actions allow you to customize the parameters. You can also configure the parameters to either be “Predefined,” meaning they don’t require live intervention, or ask the user to enter them at run time by selecting the “Prompt User” option. Prompting the user allows you to specify values at run time using a drop-down, check box, or free form text. Please note that the parameters and their requirement conditions are retrieved from AWS directly.
Step 3: Action execution
You can add an Opsgenie Action to an alert using “Alert Policies.” Simply define an alert policy that adds the “diablePublicAccess” action to alerts that include “Suspicious ip” in the message field. This way, whenever Opsgenie receives an alert containing suspicious activity on a security group, you can quickly execute “disablePublicAccess,” which will restrict access immediately, enabling you to immediately begin investigating the problem in more detail and work toward a solution faster.
This is just one application of Opsgenie Actions that illustrates how using this feature can reduce your MTTR and increase the time and resources available for higher-value work. Be sure to keep an eye out for our other use cases in the coming weeks.
Interested in trying Opsgenie Actions for yourself? From the app, contact us using the blue chat bubble.
Get stories like this in your inbox