AWS Systems Manager Automation Suggested Remediation

The AWS Systems Manager Automation Suggested Remediation field should be set to the JSON string that represents a list of objects (maps) that correspond to the automation documents as remediations, each with the following keys:

documentName: the name of the Systems Manager automation document
description: a description of the remediation to display in Jira; this may be different to the document description in AWS and might explain why it is a good remediation for the issue where this is being set
accountName: the name or alias of the AWS account configured in Jira that should be used to access this resource
region: the Region where AWS Config should be accessed to get information on this resource

For example, the following value would suggest the AWS-DisableS3BucketPublicReadWrite automation document, with a description to show in Jira, to apply in eu-central-1, using the account and end-user credentials that is specified in Jira for the AWS account identified in Jira as MyAccount1:



                               [ { "documentName": "AWS-DisableS3BucketPublicReadWrite", 
        "description": "This will make the bucket private, resolving the issue.", 
        "accountName": "MyAccount1", 
        "region": "eu-central-1" } ]

Scripting Field Creation

As an example, the following bash script using curl links the above-noted resource to an issue and attaches a suggested remediation. The values used below assume Jira is at localhost:2990/jira with login admin:admin, the issue is PRJ-1, and the field IDs are 10011 (AWS Config linked resources) and 10010 (suggested remediation). These should be changed to reflect your environment.

Set the following to correspond to your environment and issue:

JIRA_BASE_URL=http://localhost:2990/jira

JIRA_USER_PASS=admin:admin

ISSUE_KEY=PRJ-1

Set the field ID and edit the JSON record for an AWS Config resource to link.



                          CUSTOM_FIELD_ID=customfield_10011
cat > value.json  EOF
    [ { "resourceId": "my-bucket", 
        "resourceType": "AWS::S3::Bucket", 
        "accountName": "MyAccount1", 
        "region": "eu-central-1" } ]
EOF

Define a helper function to escape the JSON.



                        json_escape () { 
    printf '%s' "$1" | python -c \
      'import json,sys; print(json.dumps(sys.stdin.read()))'
}

Make the REST call to set the AWS Config Linked Resource field.



                        curl -v -D- -X PUT  -H "Content-Type: application/json" \
  --data '{ "update": { "'${CUSTOM_FIELD_ID}'": [ {"set": '"$(
     json_escape "$(cat value.json)")"' } ] } }' \
  -u admin:admin ${JIRA_BASE_URL}/rest/api/2/issue/${ISSUE_KEY}

Set the field ID and edit the JSON record for a suggested remediation to attach.



                        CUSTOM_FIELD_ID=customfield_10010
cat > value.json  EOF
    [ { "documentName": "AWS-DisableS3BucketPublicReadWrite", 
        "description": "This will make the bucket private, resolving the issue.", 
        "accountName": "MyAccount1", 
        "region": "eu-central-1" } ]
EOF

Make the REST call to set the AWS Systems Manager Automation Suggested Remediations field.



                        curl -v -D- -X PUT  -H "Content-Type: application/json" \
  --data '{ "update": { "'${CUSTOM_FIELD_ID}'": [ {"set": '"$(
     json_escape "$(cat value.json)")"' } ] } }' \
  -u ${JIRA_USER_PASS} ${JIRA_BASE_URL}/rest/api/2/issue/${ISSUE_KEY}

The issue should then show AWS Config for the bucket and a suggested remediation to make it private.

Warning Javascript is disabled or is unavailable in your browser.

To use the Amazon Web Services Documentation, Javascript must be enabled. Please refer to your browser's Help pages for instructions.

Document Conventions

AWS Config Linked Resources

Creating issues with suggestions and a linked AWS resource from AWS Systems Manager