Integrations with other systems

Integration with AWS Systems Manager Automation

CloudWatch investigations is integrated with Automation, a capability of AWS Systems Manager. You don't need to configure integration, but you might need to update AWS Identity and Access Management (IAM) permissions so you can use Automation runbooks.

What is AWS Systems Manager?

Systems Manager helps you centrally view, manage, and operate managed nodes at scale in AWS, on-premises, and multicloud environments. In Systems Manager, a managed node is any machine configured for use with Systems Manager. For information, see the AWS Systems Manager User Guide.

What is Systems Manager Automation?

Automation performs common maintenance, deployment, troubleshooting, and remediation tasks through the use of runbooks. Each runbook defines a number of steps for performing tasks. Each step is associated with a particular action. The action determines the inputs, behavior, and outputs of the step. For descriptions of the nearly two dozen actions that are supported for runbooks, see the Systems Manager Automation actions reference in the AWS Systems Manager User Guide.

Automation provides over 400 AWS managed runbooks. For details about each runbook, including a step-by-step description of the actions performed when executed, see the Systems Manager Automation runbook reference. Customers can also design their own runbooks to address specific scenarios in their environments. For information, see Creating your own runbooks in the AWS Systems Manager User Guide.

For information about working with runbooks in an investigation, see Reviewing and executing suggested runbook remediations for CloudWatch investigations.

Integration with third-party chat systems

By integrating CloudWatch investigations with CloudWatch investigations in chat applications, you can have updates from investigations sent to third-party chat services, including Slack, and Microsoft Teams. The integration is facilitated by Amazon Simple Notification Service.

To integrate with CloudWatch investigations in chat applications, you must complete three steps. We recommend completing the steps in the following order.

Create and configure the Amazon SNS topic

Create an Amazon SNS topic in US East (N. Virginia) to use for the integration. For more information, see Creating an Amazon Simple Notification Service topic.

To enable CloudWatch investigations to send notifications, you must add an the following access policy to the Amazon SNS topic

{
    "Sid": "AIOPS-CHAT-PUBLISH",
    "Effect": "Allow",
    "Principal": {
        "Service": "aiops.amazonaws.com"
    },
    "Action": "sns:Publish",
    "Resource": "SNS-TOPIC-ARN",
    "Condition": {
        "StringEquals": {
            "aws:SourceAccount": "account-Id"
        }
    }
}

Configure CloudWatch investigations in chat applications

To configure CloudWatch investigations in chat applications for communication with a third-party chat service, follow the instructions in one of the following links:

Then, to support using AI assistant actions within chat channels you must provide the CloudWatch investigations in chat applications role with appropriate permissions. When you create a new IAM channel role for the channel, select the Notifications and Amazon Q operations assistant permissions policy templates.

Attach the AIOpsOperatorAccess managed IAM policy to the guardrail policies in CloudWatch investigations in chat applications. This grants permissions to CloudWatch investigations in chat applications to interact with CloudWatch investigations and perform required actions on your behalf.

In the channel configuration, you must also subscribe to the Amazon SNS topic that you created in the previous step.

Amazon SNS

You must use the CloudWatch console to configure CloudWatch investigations to integrate with Amazon SNS. You can do this while you create the investigation group in your account, or later.

If you have already created an investigation group and want to add chat integration, follow these steps.