End of support notice: On March 31, 2027, AWS will end support for AWS Service Management Connector. After March 31, 2027, you will no longer be able to access the AWS Service Management Connector console or AWS Service Management Connector resources. For more information, see [AWS Service Management Connector end of support](https://docs.aws.amazon.com/smc/latest/ag/smc-end-of-support.html).
# AWS Service Management Connector for Jira Service Management Cloud
The AWS Service Management Connector (SMC) streamlines cloud operations of AWS resources with your existing operational IT Service Management (ITSM) tooling. The AWS Service Management Connector for Atlassian's [ Jira Service Management Cloud](https://www.atlassian.com/software/jira/service-management) enables internal customers and Jira agents to provision, manage, and operate AWS resources natively through Atlassian's Jira Service Management. Using the Connector for Jira Service Management Cloud improves the efficiency of Service Management governance and oversight for AWS resources and services.
The Connector for Jira Service Management Cloud enables role-specific tasks for Jira internal customers and Jira agents.
Jira Service Management **administrators** can
+ Provide pre-approved, secured, and governed AWS resources to Jira agents and internal customers through AWS Service Catalog.
+ Configure synchronization and associate Jira projects for AWS Security Hub CSPM integration.
+ Configure incident resolution behavior and associate Jira projects for AWS Systems Manager Incident Manager.
+ Configure synchronization and associate Jira projects for Support integration.
+ Provide access to Jira agents to execute AWS Systems Manager Automation Documents.
Jira Service Management **internal customers and Jira agents** can
+ Browse, request, and provide pre-secured AWS solutions.
+ View, update, and resolve AWS Security Hub CSPM findings as Jira issues.
+ View and resolve incidents affecting AWS-hosted applications through AWS Systems Manager Incident Manager.
+ View, create, add correspondences, and resolve Support cases from Jira Service Management (including AMS Accelerate support cases).
+ View and execute AWS Systems Manager Automation Documents.
These features minimize direct AWS console access and simplify AWS product requests and operational actions for Jira Service Management Cloud internal customers and Jira agents. This ensures efficient service management governance and oversight over AWS resources and services.
AWS Service Management Connector is built using [Forge](https://developer.atlassian.com/platform/forge/) for Atlassian's Jira Service Management and is available at no charge in the [Atlassian Marketplace](https://marketplace.atlassian.com/apps/1221283/aws-service-management-connector-for-jsm-cloud). This feature is generally available in all AWS Regions where AWS Service Catalog, AWS Security Hub CSPM, AWS Systems Manager Incident Manager Support, and AWS Systems Manager Automation services are available.
The following AWS services are integrated with this Connector:
[AWS Service Catalog](https://aws.amazon.com/servicecatalog/) provides a way to manage commonly deployed AWS services and provisioned software. It can help your organization establish consistent governance and compliance requirements while limiting users to deploying only approved AWS services.
[AWS Security Hub CSPM](https://aws.amazon.com/security-hub/) provides a comprehensive view of security alerts and security posture across your AWS accounts. Security Hub CSPM provides a single location that aggregates, organizes, and prioritizes alerts (findings).
[AWS Systems Manager Incident Manager](https://aws.amazon.com/incident-manager/) helps you mitigate and recover from incidents that affect AWS applications. It improves incident resolutions by notifying responders of the impact, highlighting relevant troubleshooting data, and providing collaboration tools.
[AWS Systems Manager Automation](https://aws.amazon.com/systems-manager/) provides a way to automate common and repetitive IT operations and management tasks. You can use predefined or custom playbooks to configure AWS resources across multiple accounts and AWS Regions.
[Support](https://aws.amazon.com/premiumsupport/) provides multiple tools, people, and programs to help you optimize performance, lower costs, and innovate faster. It addresses best practices, configuration details, and fixes.
[AWS Health](https://docs.aws.amazon.com/health/) provides personalized information about events that affect your AWS infrastructure. It can also guide you through scheduled changes and help you troubleshoot issues that affect AWS resources and accounts.
[AWS Systems Manager OpsCenter](https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html) provides a central location for operations engineers and IT professionals to manage work items (OpsItems) related to AWS resources.
[Atlassian's Jira Service Management](https://www.atlassian.com/software/jira/service-management/features) is an IT service management tool that places developers, IT personnel, and business teams on the same platform so they can deliver services together. Jira Service Management has request types that provide self-service options and Jira agents that can deliver IT services like fulfillment approvals and workflows.
# Service management alignment
This Connector aligns with industry best practices, such as ITIL service management areas, and addresses a baseline set of service management practices you can use in existing tools:
| Service management area | AWS service(s) integration |
| --- | --- |
| Service Catalog deployment management (provisioning) | AWS Service Catalog or AWS CloudFormation: Requesting and provisioning vetted or predictable products and performing post-provisioning actions. AWS Systems Manager Automation: Allows users to safely automate common and repetitive tasks using a predefined or custom-built automated runbacks. |
| Incident management (ticketing) | AWS Systems Manager Incident Manager: Generating incidents according to response plans. Support (AWS incidents, service requests, and support cases). |
| Security event and incident management | AWS Security Hub CSPM: Managing incidents resulting from security findings. |
# Pricing
The AWS Service Management Connector for Atlassian's Jira Service Management Cloud is available for no-cost download and use from your Atlassian site. You may still incur costs related to the use of AWS services integrated with the connector, and any licensing for Information Technology Service Management (ITSM) tools.
The certified version of AWS Service Management Connector is available for no-cost install from the [ Atlassian Marketplace](https://marketplace.atlassian.com/apps/1221283/aws-service-management-connector-for-jsm-cloud).
**AWS**
AWS Service Management Connector for Jira Service Management Cloud uses security-approved public APIs of AWS services that support Jira Service Management Cloud integration. For pricing details, review the individual product pages of each supported AWS service below. Contact your account manager or an AWS Sales representative for more information.
+ [AWS Service Catalog](https://aws.amazon.com/servicecatalog/pricing/)
+ [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/pricing/)
+ [AWS Systems Manager Incident Manager](https://aws.amazon.com/systems-manager/pricing/)
+ [AWS Systems Manager Automation](https://aws.amazon.com/systems-manager/pricing/)
+ [Support](https://aws.amazon.com/premiumsupport/pricing/)
+ [AWS Systems Manager](https://aws.amazon.com/premiumsupport/pricing/)
+ [AWS Health](https://aws.amazon.com/premiumsupport/pricing/)
**Atlassian**
An *Atlassian’s Jira Service Management Cloud* license is required to use the AWS Service Management Connector app. Visit [ Atlassian](https://www.atlassian.com/software/jira/service-management)for more information. For licensing costs, contact your Atlassian account manager.
# Prerequisites for AWS Service Management Connector for Jira Service Management Cloud
Before installing the AWS Service Management Connector for Atlassian's Jira Service Management Cloud, you must have an AWS account and an Atlassian site with [Jira Service Management pre-installed](https://support.atlassian.com/jira-service-management-cloud/). You must also verify that you have the necessary permissions in your AWS account and on the Jira Service Management website.
## AWS prerequisites
To start, use the following integrations:
+ **Service Catalog**
You need an AWS account to configure your AWS portfolios and products. For details, refer to [Setting up for Service Catalog](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/setup.html).
+ **AWS Security Hub CSPM**
You must enable the service in all Regions and accounts where you want to sync Findings. For details, refer to [Setting up Security Hub](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html). We recommend you connect Jira Service Management with the primary (main) AWS account for AWS Security Hub CSPM. For more information, refer to [Managing administrator and member accounts](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-accounts.html).
+ **AWS Systems Manager Incident Manager**
You must enable Incident Manager in all AWS Regions and accounts from which you want to sync incidents. For more information, refer to [AWS Systems Manager Incident Manager](https://docs.aws.amazon.com/systems-manager/latest/userguide/incident-manager.html).
+ **AWS Systems Manager Automation with the Connector**
This feature requires no setup in AWS. AWS provides a number of automation documents (runbooks). If you want additional runbooks, you can retrieve them in the Connector. For more information, see [Creating your own runbooks](https://docs.aws.amazon.com/systems-manager/latest/userguide/automation-documents.html) in the *AWS Systems Manager user guide*.
+ **Support with the Connector**
Your account must have a Business or Enterprise Support plan to use support integration with the Connector.
## Jira Service Management Cloud prerequisites
In addition to the AWS account, you must have an existing Jira Project, or create a new Project. The initial installation should occur in either an enterprise sandbox or a [Atlassian Jira Service Management](https://www.atlassian.com/software/jira/service-management) site, depending on your organization’s technology governance requirements.
The Jira administrator must have the Admin role to install the Connector for Jira Service Management Cloud.
For details about Jira Service Management agent onboarding, refer to the [Quick Start Guide](https://www.atlassian.com/software/jira/service-management/product-guide/getting-started/service-request-management).
# Configuring baseline permissions for Jira Service Management Cloud
This section describes how to configure AWS Identity and Access Management (IAM) permissions, AWS Service Catalog, and other AWS services to use AWS Service Management Connector for Jira Service Management Cloud.
**Note**
To align with best practices, AWS recommends periodically rotating IAM user access keys. For more information, refer to [Manage access keys for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#securing_access-keys).
**Topics**
+ [Available template for baseline permissions](#baseline-permissions-template)
+ [Creating AWS Service Management Connector Sync user](jsmcloud-scsyncuser.md)
+ [Creating AWS Service Management Connector end user](jsmcloud-scenduser.md)
+ [Creating SCConnectLaunch role](jsmcloud-scconnectlaunch.md)
## Available template for baseline permissions
For an CloudFormation template to configure Jira Service Management, refer to [AWS commercial Regions ](https://servicecatalogconnector.s3.amazonaws.com/SMC_ConnectorforJSMCloud-AWS_Configurations_Commercialv7.0.0.json) and [AWS GovCloud (US) Regions](https://servicecatalogconnector.s3.amazonaws.com/SMC_ConnectorforJSMCloud-AWS_Configurations_GovCloudv7.0.0.json). For each AWS account, the connector for Jira Service Management requires two IAM users:
+ **AWS Sync User**: An IAM user to sync AWS resources (such as portfolios, products, Incident Manager Incidents, security Findings, and Automation Documents) to Jira.
+ **AWS End User**: An IAM user who can provision products and execute automation documents as an end user. This role includes any required roles to provision and execute.
These can be the same user, and can be an existing user. Service Management Connector recommends that you assign two new users for the Connector.
**Note**
The baseline CloudFormation template creates the **Sync User** and **End User** with required permissions and configures the AWS account for all available integrations.
# Creating AWS Service Management Connector Sync user
This section describes how to create the AWS Sync user and associate the appropriate IAM permission. To perform this task, you must have IAM permissions to create new users. The following steps to create a Sync user and End user are not required if you use the CloudFormation template to deploy the permissions. Refer to the AWS configurations for Connector for Jira Service Management [AWS Commercial Regions](https://servicecatalogconnector.s3.amazonaws.com/SM_ConnectorForServiceNowv-AWS_Configurations_Commercialv4.7.5.json) and [AWS GovCloud Regions](https://servicecatalogconnector.s3.amazonaws.com/SM_ConnectorForServiceNowv-AWS_Configurations_GovCloudv4.7.5.json).
**To create AWS Service Management Connector sync user**
1. Follow the instructions in [Creating an IAM user in your AWS account](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html) to create a sync user (SMSyncUser). This user needs programmatic and AWS Management Console access to follow the Connector for Jira installation instructions.
1. Set permissions for your sync user (SMSyncUser). Choose **Attach existing policies directly** and select:
**`AWSServiceCatalogAdminReadOnlyAccess`** (AWS managed policy)
1. Create this policy: `AWSSecurityHubPolicy`. Then follow the instructions in [Creating IAM Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html), and add this code in the JSON editor:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{"Action": [
"sqs:ReceiveMessage",
"sqs:DeleteMessage"
],
"Resource": "arn:aws:sqs:us-east-1:111122223333:QueueName",
"Effect": "Allow"
},
{"Action": [
"securityhub:BatchUpdateFindings"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
```
------
1. Create this policy: `ConfigHealthSQSBaseline`. Then follow the instructions in [Creating IAM Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html), and add this code in the JSON editor:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{"Action": [
"sqs:ReceiveMessage",
"sqs:DeleteMessage"
],
"Resource": "arn:aws:sqs:us-east-1:111122223333:QueueName",
"Effect": "Allow"
}
]
}
```
------
1. Create this policy: `OpsCenterExecutionPolicy`. Then follow the instructions in [Creating IAM Policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html), and add this code in the JSON editor:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{"Effect": "Allow",
"Action": [
"ssm:CreateOpsItem",
"ssm:GetOpsItem",
"ssm:UpdateOpsItem",
"ssm:DescribeOpsItems"
],
"Resource": "*"
}
]
}
```
------
1. Create this policy: `AWSIncidentBaselinePolicy`. Then follow the instructions in [Creating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html), and add this code in the JSON editor:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{"Action": [
"ssm-incidents:ListIncidentRecords",
"ssm-incidents:GetIncidentRecord",
"ssm-incidents:UpdateRelatedItems",
"ssm-incidents:ListTimelineEvents",
"ssm-incidents:GetTimelineEvent",
"ssm-incidents:UpdateIncidentRecord",
"ssm-incidents:ListRelatedItems",
"ssm:ListOpsItemRelatedItems",
"ssm-incidents:ListRelatedItems",
"ssm-incidents:ListResponsePlans",
"ssm-incidents:StartIncident"
],
"Resource": "*",
"Effect": "Allow"
}
]
}
```
------
1. Choose **Attach existing policies directly** and then select the following policies:
+ **AmazonSSMReadOnlyAccess** (AWS managed policy)
+ **AWSSupportAccess** (AWS managed policy)
1. Add a policy that allows `budgets:ViewBudget` on all resources (\$1).
1. Review and then choose **Create User**. Note the access and secret access information, and then download the .csv file containing the user credential information.
**Note**
To align with best practices, AWS recommends periodically rotating IAM user access keys. For more information, refer to [Manage access keys for IAM users](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_access-keys.html#securing_access-keys).
# Creating AWS Service Management Connector end user
This section describes how to create the AWS Service Management Connector end user and associates the appropriate IAM permission. To perform this task, you need IAM permissions to create new users.
****To create AWS Service Management Connector end user****
1. Follow the instructions in [Creating an IAM user in your AWS account](https://docs.aws.amazon.com/IAM/latest/UserGuide/id_users_create.html) to create a user (EndUser). The user needs programmatic and AWS Management Console access to follow the Connector for Jira installation instructions.
For products using CloudFormation StackSets, you need to create a StackSet inline policy. With CloudFormation StackSets, you are able to create products across multiple accounts and Regions.
Using an administrator account, you define and manage a Service Catalog product. You also use this account to provision stacks into selected target accounts across specified Regions. You need to have the necessary permissions defined in your AWS accounts.
To set up the necessary permissions, see [Granting Permissions for Stack Set Operations](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/stacksets-prereqs.html). Follow the instructions to create an `AWSCloudFormationStackSetAdministrationRole` and an `AWSCloudFormationStackSetExecutionRole`.
1. Add the following permissions (policies) to the user:
+ `AWSServiceCatalogEndUserFullAccess` (AWS managed policy)
+ `StackSet` (inline policy) - For Service Catalog products with stack sets, you need to modify the EndUser to include the Read Only permissions for the services you want to provision. For example, to provision an Amazon S3 bucket, include the `AmazonS3ReadOnlyAccess` policy to the `EndUser`.
+ `AmazonEC2ReadOnlyAccess` (AWS managed policy)
+ `AmazonS3ReadOnlyAccess` (AWS managed policy)
# Creating SCConnectLaunch role
This section describes how to create the `SCConnectLaunch` role. This role places baseline AWS service permissions in the AWS Service Catalog launch constraints. For more information, refer to [AWS Service Catalog launch constraints](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/constraints-launch.html).
The `SCConnectLaunch` role is an IAM role that places baseline AWS service permissions into the AWS Service Catalog launch constraints. Configuring this role enables segregation of duty through provisioning product resources for Jira internal customers, Jira agents, and end users.
The `SCConnectLaunch` role baseline contains permissions to Amazon EC2 and Amazon S3 services. If your products contain additional AWS services, you must either include those services in the `SCConnectLaunch` role or create a new launch role.
****To create SCConnectLaunch role****
1. Create this policy: `AWSCloudFormationFullAccess` policy and then follow the instructions in [Creating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html). Choose **create policy** and add this code in the JSON editor:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Action": [
"cloudformation:DescribeStackResource",
"cloudformation:DescribeStackResources",
"cloudformation:GetTemplate",
"cloudformation:List*",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStacks",
"cloudformation:CreateStack",
"cloudformation:DeleteStack",
"cloudformation:DescribeStackEvents",
"cloudformation:DescribeStacks",
"cloudformation:GetTemplateSummary",
"cloudformation:SetStackPolicy",
"cloudformation:ValidateTemplate",
"cloudformation:UpdateStack",
"cloudformation:CreateChangeSet",
"cloudformation:DescribeChangeSet",
"cloudformation:ExecuteChangeSet",
"cloudformation:DeleteChangeSet",
"s3:GetObject"
],
"Effect": "Allow",
"Resource": "*"
}
]
}
```
------
**Note**
`AWSCloudFormationFullAccess` includes additional permissions for ChangeSets.
1. Create this policy: `ServicecodeCatalogSSMActionsBaseline` policy and then follow the instructions in [Creating IAM policies](https://docs.aws.amazon.com/IAM/latest/UserGuide/access_policies_create.html). Choose **create policy** and add this code in the JSON editor:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "Stmt1536341175150",
"Action": [
"servicecatalog:AssociateResource",
"servicecatalog:DisassociateResource",
"servicecatalog:ListServiceActionsForProvisioningArtifact",
"servicecatalog:ExecuteprovisionedProductServiceAction",
"ssm:DescribeDocument",
"ssm:GetAutomationExecution",
"ssm:StartAutomationExecution",
"ssm:StopAutomationExecution",
"ssm:StartChangeRequestExecution",
"cloudformation:ListStackResources",
"ec2:DescribeInstanceStatus",
"ec2:StartInstances",
"ec2:StopInstances"
],
"Effect": "Allow",
"Resource": "*"
},
{
"Effect": "Allow",
"Action": "iam:PassRole",
"Resource": "*",
"Condition": {
"StringEquals": {
"iam:PassedToService": "ssm.amazonaws.com"
}
}
}
]
}
```
------
1. Create the `SCConnectLaunch` role. Then assign the trust relationship to AWS Service Catalog using this code in the JSON editor:
------
#### [ JSON ]
****
```
{
"Version":"2012-10-17",
"Statement": [
{
"Sid": "",
"Effect": "Allow",
"Principal": {
"Service": "servicecatalog.amazonaws.com"
},
"Action": "sts:AssumeRole"
}
]
}
```
------
1. Attach the relevant policies to the `SCConnectLaunch` role.
Service Management Connector recommends that you customize and scope your launch policies to the specific AWS services, which are in the associated CloudFormation template for the given Service Catalog product.
For example, to provision Amazon EC2 and Amazon S3 products, the recommended policies are as follows:
+ `AmazonEC2FullAccess` (AWS managed policy)
+ `AmazonS3FullAccess` (AWS managed policy)
+ `AWSCloudFormationFullAccess` (custom managed policy)
+ `ServiceCatalogSSMActionsBaseline` (custom managed policy)
# Configuring Jira Service Management Cloud
AWS Service Management Connector for Jira Service Management is based on [Forge](https://developer.atlassian.com/platform/forge/). Download the connector from [Atlassian Marketplace](https://marketplace.atlassian.com/apps/1221283/aws-service-catalog-connector-for-jsd).
After configuring IAM and AWS Service Catalog, clear browser cache, and then configure Jira Service Management. Installation tasks within Jira Service Management include the following:
**Topics**
+ [Installing AWS Service Management Connector](install-jsm-connector.md)
+ [Configuring AWS Accounts and Regions](jsm-configure-accounts-regions.md)
+ [Configuring Service Catalog Portfolios in Jira](configure-SC-portfolios-in-jira.md)
+ [Enabling the AWS Service Catalog request type in the Jira Customer Portal](customer-portal.md)
+ [Enabling the Support request type in the Jira Customer Portal](customer-portal-sup.md)
# Installing AWS Service Management Connector
Learn how to install Service Management Connector in the Atlassian site.
1. Log in to your Atlassian site as an administrator.
1. Navigate to the **Settings** menu, and then choose **Apps**.
1. In the **Atlassian Marketplace menu**, choose **Find new Apps**.
1. Select **AWS Service Management Connector for Jira Service Management**, and then choose **Get App**.
# Configuring AWS Accounts and Regions
After installing the AWS Service Management Connector, you must configure AWS accounts and Regions in the connector.
**Configure AWS accounts and Regions in the connector**
1. Navigate to the **Settings** menu, and then choose **Apps**.
1. In the **Apps** menu, navigate to **AWS Service Management Connector**, and then choose **AWS accounts**.
1. Choose **Connect new account**.
1. Enter the account alias (used to identify the AWS accounts in the connector).
1. Enter the credentials for an SC-sync-user. It is the access key identity and credentials for a sync user saved from the AWS configuration. SC-sync-user credentials can retrieve portfolios and products to make them available through Jira Service Management. You can set the allowed groups that can access them.
1. Enter the credentials for a SC-end-user. It is the access key identity and credentials for the end user saved from the AWS configuration. The SC-end-user credentials provision products on behalf of a Jira user.
1. Add an **AWS Regions**. The region contains the Service Catalog products and portfolios that you also want available in Jira Service Management.
1. Choose **Test Connectivity**.
1. Upon successful connection status, choose **Connect**.
**Note**
Service Management Connector recommend the Sync user and End user be new users in AWS, used only with AWS Service Management Connector. These users should have minimum required privileges. You can use the available AWS CloudFormation templates for your sandbox and development AWS accounts to configure and enable available integrations. For more information, see [Setting baseline permissions for AWS Service Management Connector for ServiceNow](sn-base-perms.md).
# Configuring Service Catalog Portfolios in Jira
This section describes how to configure AWS Service Catalog portfolios within Jira.
**AWS product access**
Once your account or accounts are set up and connectivity is successful, use the **AWS Account** page to manage, for each account, which groups can access each portfolio in each Region. You can expand and collapse each Region and edit and add groups for each portfolio. Only internal customers and Jira agents in the designated groups have access to those products. By default, no groups have access.
**Note**
At least one group must be associated to a Service Catalog portfolio for Jira Service Management internal customers and Jira agents to request AWS products.
**To provision products and portfolios**
1. Choose **AWS Accounts**.
1. Choose **Manage** for the AWS account in which you want to configure portfolios.
1. Under **Portfolios**, expand the Region associated with the account. Portfolios display under each Region.
1. In the **Permission to request** column, choose **Add groups** for the portfolios that you want to make visible in Jira Service Management. Select the group you want to see and request Service Catalog products.
**Note**
Because the AWS Service Management Connector for Jira Service Management allows Jira internal customers and Jira agents to provision AWS products in the portfolios their groups have access to, and to control those provisioned products, internal customers and Jira agents should maintain security in their Jira accounts.
1. If products in this portfolio do not require approvals, choose **Save**.
## Configuring Jira Service Management approvals for products in Service Catalog Portfolios
The AWS Service Management Connector for Jira Service Management enables administrators to configure approvals for products at the portfolio level. All products in a portfolio that contain approval permissions require approval, so AWS and Jira administrators might need to collaborate on the Service Catalog portfolio structure.
**To configure the approval process**
1. Choose **AWS Accounts**.
1. Choose **Manage** on the AWS account for which you want to configure portfolio approvals.
1. In the **Permission to approve** column, choose **Add groups** for the portfolios that require product approvals.
1. Select **Require approval for provisioning**.
1. Under **Permission to approve**, choose **Add group**.
1. Choose **Save**.
**Note**
If a portfolio only has a group associated with **Permissions to request**, products in the portfolio immediately provision when you submit the product request.
## Viewing products and budgets
The **Available Products** tab lists the products in the portfolio and budgetary information on each. The **Budgets** tab gives overall budgetary information on the portfolio.
**Note**
Find details about additional configurations for the AWS Service Catalog request form and Automated Tags in the next section Configuring Connector Settings.
## Configuring Connector Settings (Jira Project Enablement and Request Type)
In addition to configuring AWS accounts, the AWS Service Management Connector contains AWS services and UI settings for enabling and associating Jira projects and configuring integration behavior.
**Note**
There is no project-account association for AWS Service Catalog. Project-account visibility is determined by the permissions groups that are granted permission to provision.
## Connector Features Enabled by Default
**To configure the default Connector features for specific AWS services**
For a new installation of Connector, Service Management Connector enables the default project configuration for all Connector features (AWS Service Catalog, AWS Systems Manager Incident Manager, and AWS Security Hub CSPM). If you are upgrading an existing installation, Service Management Connector does not initially enable new features.
1. In the left navigation menu, under **AWS Service Management**, select **Connector settings.**
1. At the top, under **Connector features enabled by default**, select each feature depending whether you want projects using the default configuration to be able to use them or not.
1. Choose **Save**.
## UI Settings (AWS Service Catalog)
Configure the AWS Service Catalog product widget components to make them viewable to internal customers and Jira agents.
To address the varying personas of internal customers and Jira agents requesting AWS products, the Connector for Jira Service Management includes an add-on app setting to enable or disable components of the AWS product widget. By default, we enable AWS product components.
**To modify the AWS product view**
1. Navigate to the **Settings** menu, and then choose **Apps**.
1. Choose **AWS Service Management Connector**, and then navigate to **Connector settings**.
1. In the **UI settings** (Service Catalog) section, deselect any AWS product component such as:
1. Allow the product name to be edited. (If unchecked, we provide an autogenerated name the user cannot edit.)
1. Allows internal customers and Jira agents to select a launch option. (If unchecked, we select the default launch option and hide it.)
1. Allows internal customers and Jira agents to select a product version. (If unchecked, we select the default product version and hide it.)
1. Allows internal customers and Jira agents to add or edit tags. (If unchecked, we select the default values for tag options and hide it.)
1. Allows internal customers and Jira agents to create a plan for creation or update of a provisioned product. (If unchecked, we hide the plans section.)
1. Choose **Save**.
## Configuring AWS TagOptions for Provisioned Products
The AWS Service Management Connector enables Jira administrators to add tags (metadata) to provisioned products globally across the connector application, or granularly at the portfolio level. These tags are not visible to internal customers and Jira agents.
Two tag types are available
+ Generic tags where the administrator can enter the **Key** and **Value**.
+ Jira issues metadata tags where the administrator can enter the syntax for the **Key** and **Value** in the table below.
**Note**
Generic tags from administrators are not visible to internal customers or Jira agents during provisioning, but are available in the provisioned product in Service Catalog.
| Key | Value |
| --- | --- |
| Requester name | \$1\$1OPENED\$1BY\$1 |
| Requester user name | \$1\$1USERNAME\$1 |
| Issue ID | \$1\$1ISSUE\$1ID\$1 |
| Project name | \$1\$1PROJECT\$1NAME\$1 |
| Project code | \$1\$1PROJECT\$1CODE\$1 |
**To add TagOptions to Service Catalog integration in Jira Service Management**
1. Navigate to the **Settings** menu, and then choose **Apps**.
1. Choose **AWS Service Management Connector**, and then navigate to **Automated Tags**.
1. Enter the **Key** and **Value** fields.
1. Select a portfolio option.
1. **Glocal** if the tag should be available in all synced portfolios, or
1. **Portfolio** to restrict tags to only the specified portfolio.
1. Choose **Add**.
## Projects Enabled for the Connector
The AWS Service Management Connector for Jira Service Management must be associated with one or more Jira projects and Jira Service Management request types. You can configure which features are enabled for each Jira project.
**Configure Jira projects for AWS Service Catalog,AWS Systems Manager Incident Manager, AWS Security Hub CSPM, Support, AWS Systems Manager Automation, AWS Systems Manager OpsCenter and AWS Health**
**To configure the Jira projects for AWS Service Catalog, AWS Systems Manager Incident Manager, AWS Security Hub CSPM, Support, and AWS Systems Manager Automation**
1. Navigate to the **Settings** menu, and then choose **Apps**.
1. Choose **AWS Service Management Connector**, and then navigate to **Connector settings**.
1. Under **Projects enabled for Connector**, you must enable at least one Jira project. You can [create a new Jira Service Management project](https://support.atlassian.com/jira-service-management-cloud/docs/set-up-your-first-jira-service-management-project/) or add an existing one. Only Jira internal customers and Jira agents with access to the associated project can access the Connector. When you apply this update, the Connector adds the necessary issue types and other Jira items for AWS Service Catalog products to be available in those projects. You can return to this screen and add or remove projects at any time.
1. Projects initially take the default configuration for which Connector features are enabled. Choose **Edit** in a project row to change the configuration for individual projects. We permit projects to use more features than the default.
1. Choose **Save.**
**Note**
For internal customers and Jira agents to be able to request AWS Service Catalog products, one or more projects must be enabled. Internal customers and Jira agents must have Jira permissions to create issues in the Jira project and Permission to Request in the Jira settings for the AWS Account for at least one portfolio with products.
**AWS Security Hub CSPM configuration**
1. Navigate to the **Settings** menu, and then choose **Apps**.
1. Choose **AWS Service Management Connector**, and then navigate to **Connector settings**.
1. Under **Security Hub CSPM configuration**, choose **CRITICAL**, **HIGH**, **MEDIUM**, **LOW**, or **INFORMATIONAL** to configure the findings synched to Jira Service Management.
**SQS queue name** is the queue from which Security Hub CSPM findings are synched. The default value is `AwsSmcJsmCloudForgeSecurityHubQueue`. The configured queue is available in all AWS accounts and regions and where you have configured the integration.
1. (optional) Enable **Recreate Jira Issues** to indicate if Jira Issues will be created for updated findings where the original Jira Issue deleted.
1. Assign onboarded AWS accounts to Jira projects.
1. Choose **Save**.
**AWS Systems Manager Incident Manager configuration**
1. Configure incident resolution behavior between AWS and Jira Service Management. The default value is **Bidirectional**.
1. Assign onboarded AWS accounts to Jira projects.
1. Choose **Save**.
**Support configuraiton**
1. Navigate to the **Settings** menu, and then choose **Apps**.
1. Choose **AWS Service Management Connector**, and then navigate to **Connector settings**.
1. In the **Support configuration** pane, choose **SQS gueue name** from where you want to sync the Support case. The default value is **AwsSmcJsmCloudForgeSupportQueue**. The queue must be available in `us-east-1` for commercial and `us-gov-west-1` for GovCloud accounts.
1. Assign onboarded AWS accounts to Jira projects.
1. Choose **Save**.
**AWS Systems Manager Automation configuraiton**
1. Navigate to the **Settings** menu, and then choose **Apps**.
1. Choose **AWS Service Management Connector**, and then navigate to **Connector settings**.
1. In the **AWS Systems Manager Automation configuration** pane, select the **Jira groups that can request automation** execution.
1. Choose **Save**.
**AWS Systems Manager OpsCenter configuration**
1. Navigate to the **Settings** menu, and then choose **Apps**.
1. Choose **AWS Service Management Connector**, and then navigate to **Connector settings**.
1. Under **Systems Manager OpsCenter configuration**, assign onboarded AWS accounts to Jira projects.
1. Choose **Save**.
**AWS Health configuration**
1. Navigate to the **Settings** menu, and then choose **Apps**.
1. Choose **AWS Service Management Connector**, and then navigate to **Connector settings**.
1. Under **AWS Health configuration**, provide the SQS queue name from where you want to sync health events. The default name is **AwsSmcJsmCloudForgeHealthQueue**.
1. Choose default severity levels for Jira issues for health event types (**Issue**, **Account Notification**, **Scheduled Change**).
1. Assign onboarded AWS accounts to Jira projects.
1. Choose **Save**.
# Enabling the AWS Service Catalog request type in the Jira Customer Portal
The Jira Customer Portal enables registered Atlassian site internal customers and Jira agents to provision resources using the Jira Service Management (JSM) AWS Service Catalog integration. The Customer Portal does not require Jira Agent permissions.
**To enable the AWS Service Catalog Request Type in Jira Customer Portal**
1. Log in to your Atlassian site as an administrator.
1. For **Projects**, choose the desired Project.
1. In the navigation pane, choose **Project Settings**.
1. On the Portal Settings page, choose the **Portal groups** tab.
1. Choose **Create group**, and then enter the group name. For example, *AWS Service Catalog products*.
1. Choose **Add request form** and then select **AWS Service Catalog** from the available options.
1. Choose **Save**.
# Enabling the Support request type in the Jira Customer Portal
The connector enables registered Atlassian site internal customers and Jira agents to create and manage Support cases using the Jira Service Management (JSM) Customer portal. The Customer Portal does not require Jira Agent permissions.
**To enable the Support case request type in Jira Customer Portal**
1. Log in to your Atlassian site as an administrator.
1. Select the desired **Project**.
1. In the navigation panel, choose **Project Settings**.
1. On the **Portal Settings** page, choose the **Portal groups** tab.
1.
+ To use an existing group, choose **Add request** from within the existing group, and then choose **Support Case** from the available options.
+ To create a new group, choose **Create group** and then enter the **Group name**. For example, **Support Requests**. Then, choose **Add request form** and choose **Support Case** from the available options.
1. (Optional) Add a **CC email address** to the case.
1. Navigate to the **Project Settings** page and then choose the **Request types** tab.
1. Choose the **Unassigned** tab and then choose **Support Case**.
1. Choose the **Support Case CC Emails** field and move it from the right side panel into the **Request type** fields list.
1. (Optional) Organize the field order as desired.
1. Choose **Save**.
# Integrating AWS Service Catalog in Jira Service Management Cloud
After you create two IAM users with baseline permissions in each account, the next step is to configure Service Catalog.
This section describes how to configure Service Catalog to have a portfolio with an Amazon S3 bucket product.
Use the Amazon S3 template in [Creating an Amazon S3 Bucket for Website Hosting for your preliminary product](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/quickref-s3.html#scenario-s3-bucket-website). Copy and save the Amazon S3 template to your device.
# Configuring AWS Service Catalog integration
This section provides the configurations you need to integrate AWS services in Jira Service Management Cloud.
**To configure Service Catalog**
1. Follow the steps to [create a Service Catalog portfolio](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/portfoliomgmt-create.html) to create a portfolio.
1. To add the Amazon S3 bucket product to the portfolio you created in Step 1, go to the Service Catalog console. In the **Upload new product** page, enter the product details.
1. For **Select template**, choose the Amazon S3 bucket CloudFormation template you saved to your device.
1. Set **Constraint type** to **Launch** for the product that you created now with the `SCConnectLaunch` role in the baseline permissions. For additional launch constraint instructions, see [AWS Service Catalog Launch Constraints](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/constraints-launch.html).
**Note**
The AWS configuration design requires each Service Catalog product to have a launch constraint. Failure to follow this step could result in an *Unable to Retrieve Parameter* message in the ServiceNow Service Catalog.
1. Add the *SMEndUser* IAM user to the Service Catalog portfolio. For additional user access instructions, see [Granting Access to Users](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/catalogs_portfolios_users.html).
**Note**
The AWS configuration design requires each Service Catalog product to have either a launch constraint or a stack set constraint. Failure to follow this step could result in an *Unable to Retrieve Parameter* error in the ServiceNow Service Catalog.
# Creating stack set constraints
CloudFormation StackSets enable users to create and deploy products across multiple accounts and Regions.
****To apply a stack set constraint to a Service Catalog product****
1. As a catalog admin in Service Catalog, choose the portfolio that contains the product.
1. Expand **Constraints** and choose **Add constraints**.
1. Choose the product from **Product** and set **Constraint type ** to **Stack Set**. Choose **Continue**.
1. On the StackSet constraint page, enter a description.
1. Choose the account(s) in which you want to create products.
1. Choose the Region(s) in which you want to deploy products. Products deploy in these Regions in the order you specify.
1. Choose the following:
**`AWSCloudFormationStackSetAdministrationRole`** to manage your target accounts.
**`AWSCloudFormationStackSetExecutionRole`** for the role the Administrator will assume.
1. Choose **Submit**.
**Note**
The available template for baseline permissions creates the permissions as well as the outputs needed for stack set constraints.
Example stack set outputs
```
SCStackSetAdministratorRoleARN
arn:aws:iam::123456789123:role/AWSCloudFormationStackSetAdministrationRole
SCIAMStackSetExecutionRoleName
AWSCloudFormationStackSetExecutionRole
SCIAMAdminRoleARN
arn:aws:iam::123456789123:role/AWSCloudFormationStackSetAdministrationRole
```
The AWS Service Catalog products can have either a set set or a launch constraint, but not both.
# Relating budgets to products and portfolios
The Connector for Jira Service Management enables Jira administrators to view budgets related to Service Catalog products and portfolios. Service Catalog administrators can create or associate existing budgets to products and portfolios.
For more information on creating and associating budgets, see [Managing Budgets.](https://docs.aws.amazon.com/servicecatalog/latest/adminguide/catalogs_budgets.html)
# Validating AWS Service Catalog integration in Jira Service Management Cloud
This section describes how you can use service integration features to validate AWS Service Management Connector for Jira Service Management Cloud installation.
****To order a Service Catalog product using the Jira Customer Portal****
**Note**
You can only order a Service Catalog product using the Jira Customer Portal if you have enabled Jira projects for the connector and added the Service Catalog request form to the portal. For more information about the Service Catalog request form, review [Enable the AWS Service Catalog Request Type in Jira Customer Portal](customer-portal.md).
1. Log in to your Jira Service Management Customer Portal.
1. Select the portal group that corresponds with the Service Catalog request form.
1. Select the product you want to provision.
1. Enter the product request details, including the **product reference name**, **parameters**, and **tags**.
1. Choose **Send** to submit the JSM request and provision the Service Catalog product.
When the product is ready to provision, users receive a notification that the product is launching.
****To view provisioned products using the Jira Customer Portal****
1. Log in to your Jira Service Management Customer Portal.
1. Choose **Requests** at the top right corner.
1. Select the desired provisioned product to open the issue.
1. Review the provisioned product details, including the **Status** of the product request, **Product events**, **Activities**, and any available **Self-service actions**.
**To perform post-provisioning actions**
1. Log in to your Jira Service Management Customer Portal.
1. Choose **Requests** at the top right corner.
1. Select a **service action** from the Self-service actions list, and then choose **Execute**.
When the product is in the `Available` status, internal customers and Jira agents can request post-provision operations, including **Request update** and **Request termination** from the **Actions** menu at the top right corner of the Issues page.
****To order a Service Catalog product using the Jira Agent view****
1. Log in to the Jira Service Management agent view as the internal customer or Jira agent.
1. Open the Jira project and navigate to apps **AWS Service Catalog - Order Product**.
1. Select a product to provision.
1. Fill in the product request details, including the product reference name, parameters, and tags.
1. Choose **Order** to submit the Jira Service Management request and provision the AWS Service Catalog product
1. After the request processes, a message appears indicating that your request was created. When the product is ready to provision, the internal customers or Jira agents receives a notification that the product is launching.
****To view provisioned products using the Jira Agent view****
1. Log in to your Jira Service Management Agent View as the internal customer or Jira agent.
1. Use [Jira filters](https://support.atlassian.com/jira-service-management-cloud/docs/save-your-search-as-a-filter/) to show only issues with the Issue Type **AWS Service Catalog Request**.
1. Open a Jira issue.
1. Choose the **AWS Service Catalog** panel.
1. Review the AWS provisioned product details, including the status of the product request, product events, activities, and available Self-Service Actions.
1. If Self-Service Actions are available, you can select a service action from the list, and then choose **Execute**.
1. After the product is in the `Available` status, internal customers and Jira agents can request post-provision operations including **Request update** and **Request termination** from the **Actions** menu at the top right corner of the issue page.
# Integrating AWS Security Hub CSPM in Jira Service Management Cloud
AWS Security Hub CSPM enables users to view security Findings from AWS services such as Amazon Guard Duty and Amazon Inspector, as well as AWS Partner solutions.
If you use both [AWS Security Hub CSPM](https://aws.amazon.com/security-hub/?aws-security-hub-blogs.sort-by=item.additionalFields.createdDate&aws-security-hub-blogs.sort-order=desc) and [ Jira Service Management](https://www.atlassian.com/software/jira/service-management), the AWS Service Management Connector for Jira Service Management allows you to create an automated, bidirectional integration between Security Hub and Jira Service Management. This two-way integration synchronizes your Security Hub CSPM Findings and Jira Issues.
Specifically, as a Jira administrator, you can use this integration to automatically create Jira Issues from AWS Security Hub CSPM Findings. When you update those tickets in Jira, the changes are automatically replicated back to the original Security Hub CSPM Findings. For example, when you resolve the issue in Jira, the workflow status of the Security Hub finding also changes to `RESOLVED`. This action ensures that Security Hub CSPM always has up-to-date information about your security posture.
**Note**
If you are aggregating your Security Hub CSPM findings to a single management AWS account and have onboarded management to the connector, internal customers and Jira agents updates on the Finding issue will **not** be synched to the finding in Security Hub CSPM.
# Configuring AWS Security Hub CSPM integration
This section describes how to configure your AWS services in Jira Service Management Cloud.
**To configure AWS Security Hub CSPM integration features**
1. Enable AWS Security Hub CSPM. For more information, refer to [Setting up AWS Security Hub CSPM](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-settingup.html) with the Console.
1. Set up an SQS queue to receive updated Findings. Name the queue, `AwsSmcJsmCloudForgeSecurityHubQueue`, to align with the default name in the Jira Service Management Connector Settings for the AWS Security Hub CSPM integration. For more information, refer to [Getting started with Amazon SQS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-getting-started.html).
1. Set up an Amazon EventBridge rule to detect changes to Findings and push these to the queue. For more information, refer to [Getting started with Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-get-started.html).
The CloudWatch rule should have this event pattern and point to the SQS queue created in Step 2.
```
"EventPattern": {"source": [
"aws.securityhub"
]
}
```
1. You can also customize this CloudWatch Events rule to only pull in Security Hub CSPM Findings that have specific Finding types, severity labels, workflow statuses, or compliance statuses. For details about how to filter the event pattern, refer to [Configuring an EventBridge rule for automatically sent findings](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cwe-all-findings.html) in the *AWS Security Hub CSPM User Guide*.
**Note**
You can use the AWS CloudFormation templates for the Connector for Jira Service Management to automate the AWS Config custom resource and AWS Security Hub CSPM integration features. For more information, refer to [Setting baseline permissions for AWS Service Management Connector for ServiceNow](sn-base-perms.md).
# Validating AWS Security Hub CSPM integration in Jira Service Management Cloud
This section describes how to validate AWS Security Hub CSPM Findings, update AWS Systems Manager OpsItems, and view AWS related resources in Jira Service Management.
**To view AWS Security Hub CSPM Findings in Jira Service Management from AWS Systems Manager**
1. Log in to your **Jira Agent** view as an internal customer or Jira agent.
1. In the **Jira Service Management Jira Agent** view, choose the Jira project associated with the AWS Security Hub CSPM Finding.
1. Use [Jira filters](https://support.atlassian.com/jira-service-management-cloud/docs/save-your-search-as-a-filter/) to show only issues with the Issue Type **AWS Security Hub CSPM Finding**.
**To update AWS Security Hub CSPM Findings in Jira Service Management**
1. Log in to your **Jira Agent** view as an internal customer or Jira agent.
1. In the **Jira Service Management Jira Agent** view, choose the Jira project associated to the AWS Security Hub CSPM Finding.
1. Use [Jira filters](https://support.atlassian.com/jira-service-management-cloud/docs/save-your-search-as-a-filter/) to show only issues with the Issue Type **AWS Security Hub CSPM Finding**.
1. Choose **Edit Issue**.
1. Update the available fields, including **Severity**, **Priority**, and **Criticality**.
1. Choose **Update** to save the details.
**Note**
Updates to Security Hub CSPM Finding fields from Jira Service Management display in the AWS account view of Findings on the next sync between AWS and Jira Service Management. Only the fields Severity, Priority, and Criticality update in the AWS account from Jira Service Management.
**To view AWS related resources in AWS Security Hub CSPM Findings through Jira Service Management**
1. Log in to your **Jira Agent** view as an internal customer or Jira agent.
1. In the **Jira Service Management Jira Agent** view, choose the Jira project associated to the AWS Security Hub CSPM Finding.
1. Use [Jira filters](https://support.atlassian.com/jira-service-management-cloud/docs/save-your-search-as-a-filter/) to show only issues with the Issue Type **AWS Security Hub CSPM Finding**.
1. Choose the **Security Hub CSPM Findings** panel.
1. In the selected AWS resources section of the AWS Security Hub CSPM Finding, you can review the related resource details. If the resources relate and the AWS Config integration is active in the Connector, you can filter on the AWS Config-specific resource details and relationships. The section remains empty if AWS resources do not relate in AWS Security Hub CSPM. Security Hub CSPM Findings follow the [AWS Security Finding format](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-findings-format.html) (ASFF). Review the following mapping of fields from AWS Security Hub CSPM Findings to Jira Service Management Incident records.
| Jira Issue field | Security Hub CSPM ASFF field |
| --- | --- |
| Created | CreatedAt |
| Updated | UpdatedAt |
| Summary | Title |
| Priority | Severity.Label |
| Status | Workflow.Status |
# Integrating AWS Systems Manager Incident Manager
To allow the Connector to synchronize Incidents from AWS Systems Manager Incident Manager for a specific Region, you must enable Incident Manager in that account and Region.
For more information, refer to [What is AWS Systems Manager Incident Manager](https://docs.aws.amazon.com/incident-manager/latest/userguide/what-is-incident-manager.html).
# Configuring AWS Systems Manager Incident Manager integration
To allow the connector to synchronize Incidents from AWS Systems Manager Incident Manager for a specific AWS Region, you must first enable Incident Manager in that AWS account and Region. For information about enabling Incident Manager, refer to [What is AWS Systems Manager Incident Manager](https://docs.aws.amazon.com/incident-manager/latest/userguide/what-is-incident-manager).
# Validating AWS Systems Manager Incident Manager integration
This section describes how to validate AWS Systems Manager Incident Manager integration in Jira.
**To view Incident Manager incidents**
1. Log in to your **Jira Agent** view as a Jira agent.
1. In the **Jira Service Management Jira Agent** view, choose the Jira Project associated to AWS Systems Manager Incident Manager.
1. Use [Jira filters](https://support.atlassian.com/jira-service-management-cloud/docs/save-your-search-as-a-filter/) to show only Issues with the Issue Type **AWS Incident**.
The resulting list displays all synced Incidents.
**To view Incident Manager incident details**
1. Log in to your **Jira Agent** view as a Jira agent.
1. In the **Jira Service Management Jira Agent** view, choose the Jira Project associated to AWS Systems Manager Incident Manager.
1. Use [Jira filters](https://support.atlassian.com/jira-service-management-cloud/docs/save-your-search-as-a-filter/) to show only Issues with the Issue Type **AWS Incident**.
1. Choose **Issue ID (key)** to open the AWS Incident.
1. Review the details of the AWS Incident from the issue.
1. (Optional) Choose the AWS Incident URL to open the incident in the Incident Manager console.
If AWS Systems Manager integration is enabled, an OpsItem is linked to the AWS Incident.
**To resolve an Incident Manager Incident**
1. Log in to your **Jira Agent** view as a Jira agent.
1. In the **Jira Service Management Jira Agent** view, choose the Jira Project associated to AWS Systems Manager Incident Manager.
1. Use [Jira filters](https://support.atlassian.com/jira-service-management-cloud/docs/save-your-search-as-a-filter/) to show only Issues with the Issue Type **AWS Incident**.
1. Choose **Issue ID (key)**to open the AWS Incident.
1. Choose **Resolve**.
**Fields mapped from Incident Manager Incidents to Jira Issue records**
The following table displays the mapping between Incident Manager Incidents and Jira Issues.
| AWS Systems Manager Incident status | Jira AWS Issue Status |
| --- | --- |
| Open | OPEN |
| Resolved | RESOLVED |
Jira Service Management Connector maps **Priority - Impact** of an AWS Incident to the priority of the corresponding Jira Issue.
| AWS Systems Manager Incident Manager Incident impact | Jira AWS Issue priority |
| --- | --- |
| Critical | Blocker |
| High | High |
| Medium | Medium |
| Low | Low |
| No impact | Minor |
# Integrating Support in Jira Service Management Cloud
To allow the Connector to synchronize Support tickets, the account must have a Business or Enterprise Support plan. For more information, review [Getting started with Support](https://docs.aws.amazon.com/awssupport/latest/user/getting-started.html).
**Note**
AWS Service Management Connector allows AWS Managed Services (AMS) Accelerate users to create Incidents and Service Requests through JSM Cloud. To ensure that your account has the required permissions to create AMS Accelerate support cases, you must first onboard your account to AMS Accelerate. For more information, review [Getting Started with AMS Accelerate](https://docs.aws.amazon.com/managedservices/latest/accelerate-guide/getting-started-acc.html).
# Configuring Support integration
This section describes how to configure Support in Jira Service Management Cloud.
**To configure Support integration features**
1. Set up an Amazon SQS queue in us-east-1 for Commercial regions and AWS GovCloud (US-West) for AWS GovCloud (US) to sync Support cases.
1. Enter **AwsSmcJsmCloudForgeSupportQueue** for the queue name, which aligns with the default name in the JSM Cloud connector settings for the Support integration. For more information, review [Getting started with Amazon SQS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-getting-started.html).
1. Create an Amazon EventBridge rule to detect changes to Support cases and push those changes to the queue. For more information, review [Getting started with Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-get-started.html).
1. The rule you created must have the following event pattern and point to the Amazon SQS queue you created in step 1:
```
"EventPattern":{
{
"detail-type":[
"Support Case Update"
],
"source":[
"aws.support"
]
}
}
```
**Note**
You can use baseline AWS CloudFormation templates for the Connector for JSM Cloud to automate the Support integration features. For more information, see [Setting baseline permissions for AWS Service Management Connector for ServiceNow](sn-base-perms.md).
To create the required Amazon SQS queue and EventBridge rule, use Connector for JSM Cloud - [AWS Support Commercial Regions](https://servicecatalogconnector.s3.amazonaws.com/SMC_ConnectorforJSMCloud-AWS_Support_Commercial.json) and Connector for Service Management - [AWS Support for GovCloud West Region](https://servicecatalogconnector.s3.amazonaws.com/SMC_ConnectorforJSMCloud-AWS_Support_Gov.json).
# Validating Support integration in Jira Service Management Cloud
This section describes how to create, view, and manage integration features of Support.
****To view Cases from Support****
1. Log in to your Jira Agent view.
1. In the Jira Service Management Jira Agent view, choose the **Jira Project** associated to Support.
1. Use the Jira filters to only view Issues with the **Support Case** Issue Type.
****To create a general Support case as a Jira Incident****
1. Log in to your Jira Agent view.
1. Choose **Requests** at the top right corner.
1. In the Jira Service Management Jira Agent view, choose the **Jira Project** associated to Support.
1. Choose **Create** from the list header and then select the **Support Case** Issue Type.
1. Complete the following mandatory fields in the form:
+ **Summary**— A brief summary of the question or issue
+ **Description**— A detailed summary of the question or issue
+ **Priority**— The severity of the Support case
+ **Support Service and Category**— The AWS service and category of the Support case
+ **AWS Account**— The account to create the Support case
+ (optional)**AWS CC Email Addresses**— Additional email addresses for the Support case
1. Choose **Create**.
1. Choose the Incident you created from the list. Service Management Connector displays the **AWS Case ID** and the **AWS Case Status**.
****To create AMS Accelerate report incidents in Jira (for AMS Accelerate customers)****
1. Log in to the Jira Agent view.
1. In the Jira Service Management Jira Agent view, choose the **Jira Project** associated to Support.
1. Choose **Create** from the list header and then select the **Support Case** Issue Type.
1. Complete the following mandatory fields in the form:
+ **Summary**— A brief summary of the question or issue
+ **Description**— A detailed summary of the question or issue
+ **Priority**— The severity of the Support case
+ **Support Service and Category**— AMS Operations - Report Incident and the chosen category
+ **AWS Account**— The account to create the Support case
+ (optional)**AWS CC Email Addresses**— Additional email addresses for the Support case
1. Choose **Create**.
1. Choose the Incident you created from the list. Service Management Connector displays the **AWS Case ID** and the **AWS Case Status**.
****To create AMS Accelerate service requests in Jira (for AMS Accelerate customers)****
1. Log in to the Jira Agent view.
1. In the Jira Service Management Jira Agent view, choose the **Jira Project** associated to Support.
1. Choose **Create** from the list header and then select the **Support Case** Issue Type.
1. Complete the following mandatory fields in the form:
+ **Summary**— A brief summary of the question or issue
+ **Description**— A detailed summary of the question or issue
+ **Priority**— The severity of the Support case
+ **Support Service and Category**— AMS Operations - Service Request and the chosen category
+ **AWS Account**— The account to create the Support case
+ (optional)**AWS CC Email Addresses**— Additional email addresses for the Support case
1. Choose **Create**.
1. Choose the Incident you created from the list. Service Management Connector displays the **AWS Case ID** and the **AWS Case Status**.
****To add a correspondence and attach it to an existing Support case in Jira incident****
1. Log in to the Jira Agent view.
1. In the Jira Service Management Jira Agent view, choose the **Jira Project** associated to Support.
1. Choose **Create** from the list header and then select the **Support Case** Issue Type.
1. Open the required **Support case**.
1. At the bottom of the form, choose **Reply to customer** to add a correspondence. You can attach a maximum of three attachments, with a size limit of 5MB per attachment per correspondence.
1. Choose **Save**.
****To resolve an Support case in Jira****
1. Log in to the Jira Agent view.
1. In the Jira Service Management Jira Agent view, choose the **Jira Project** associated to Support.
1. Use Jira filters to display only issues with the **Support Case** Issue Type.
1. Open the required Support case.
1. Choose **Issue status** and then choose **Mark as Resolved**.
**Note**
AWS Service Management Connector also enables Jira internal customers without an Agent license to create Support cases. The validation steps above are applicable and valid for interactions with the **Support Case** issue type through the Jira customer portal.
# Validating AWS Systems Manager Automation in Jira Service Management Cloud
To allow the Connector to execute Automation Documents, you must ensure that the Connector's sync user and end user have the required permissions. For more information, review [Setting up Automation](https://docs.aws.amazon.com/systems-manager/latest/userguide/automation-setup.html) in the *AWS Systems Manager user guide*.
****To execute a AWS Systems Manager Automation Document from Jira agent view****
1. Log in to your Jira Agent view.
1. Open the desired **Jira project** and then navigate to the **AWS Service Management Connector** app.
1. Choose the **Systems Manager Automation** tab.
1. Enter the required **automation execution parameters** and add optional **Tags**.
1. Choose **Execute** to submit the Jira Service Management request and execute the automation document.
After Jira processes the request, Jira displays a message indicating that the request was created. When the automation document execution starts, you are able to view the details in the Automation panel within the Jira issue.
****To view provisioned products using the Jira Agent view****
1. Log in to your Jira Agent view.
1. Use Jira filters to display only issues with the **Support Automation Request** Issue Type.
1. Open the Jira issue.
1. Choose the **Automation Details** panel.
Review the Automation Execution details, including the status of the execution, parameters, and step functions.
When the execution is complete, the issue moves to the **Execution complete** status.
# AWS Systems Manager OpsCenter
To allow the Connector to synchronize AWS Systems Manager OpsCenter data for a specific Region, you must enable OpsCenter in that account and Region. For more information, refer to [AWS Systems Manager OpsCenter](https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html).
**Topics**
+ [Configuring AWS Systems Manager OpsCenter integration](systems-manager-opscenter-configure.md)
+ [Validating AWS Systems Manager OpsCenter integration](systems-manager-opscenter-validate.md)
# Configuring AWS Systems Manager OpsCenter integration
This section describes how to configure the AWS Systems Manager OpsCenter integration in Jira Service Management. For the connector to synchronize AWS Systems Manager OpsCenter data in a specific Region, you must enable OpsCenter in that account and Region. For more information, refer to [AWS Systems Manager OpsCenter](https://docs.aws.amazon.com/systems-manager/latest/userguide/OpsCenter.html).
**Configuring AWS Systems Manager OpsCenter integration**
This section describes how to validate the AWS Systems Manager OpsCenter integration in Jira.
**Note**
To view an AWS OpsItem, you must have access to the relevant Jira projects.
1. Log in to your Jira Agent as an internal customer or Jira agent.
1. In the Jira Service Management (Agent) view, choose the Jira project associated with the AWS OpsCenter OpsItem.
1. Use Jira filters to show only issues with type *AWS OpsCenter OpsItem*.
# Validating AWS Systems Manager OpsCenter integration
This section describes how to validate the AWS Systems Manager OpsCenter integration in Jira.
**Run an AWS Systems Manager automation document from an AWS OpsItems associated with a Jira incident**
To view or execute automation documents (runbooks), the user must belong to the Jira permissions group assigned to the AWS Systems Manager automation integration. This group can be set on the **Connector Settings** page.
**Note**
To enable this feature, you must activate AWS Systems Manager automation in the AWS account and opt in to the connector.
1. Log in to your Jira Agent view.
1. Open your Jira project, and choose an **OpsItem** issue.
1. From the **Actions** menu at the top-right of the **Issues** page, choose **Request runbook execution**.
1. Choose your automation document.
**Create a Jira Incident from AWS OpsItems**
1. Log in to your Jira Agent view.
1. Open the desired Jira project, and choose an OpsItem issue.
1. From the **Actions** menu at the top-right corner of the **Issues** page, choose **Create** Incident
1. Choose a response plan, and then choose **Confirm**.
**View related OpsItems or AWS Incidents from an AWS OpsItems**
**Note**
There isn’t a field for **RelatedOpsItems** because Jira already offers a native feature that can link Jira issues. Upon synchronization from AWS, AWS Service Management Connector looks up any Jira issues that correspond to the related OpsItems and links them. Similarly, if an end user in Jira links an issue of type *AWS OpsItem* to another issue of type *AWS OpsItem*, then AWS Service Management Connector marks the corresponding AWS OpsItems as related.
1. Log in to Jira Agent view.
1. Open your Jira project, and choose an OpsItem issue.
1. View related OpsItems at the bottom of the form.
# Integrating AWS Health
This section describes how you can use [AWS Health](https://docs.aws.amazon.com/health/latest/ug/what-is-aws-health.html) for Jira Service Management.
**Note**
To allow the connector to synchronize AWS Health events and resource information, the account should have a [business](https://aws.amazon.com/premiumsupport/plans/business/) or [enterprise support plan](https://aws.amazon.com/premiumsupport/plans/enterprise/). For more information, refer to [What is AWS Health?](https://docs.aws.amazon.com/health/latest/ug/what-is-aws-health.html)
**Topics**
+ [Configuring AWS Health integration](cloud-sys-health-configure.md)
+ [Validating AWS Health integration](cloud-sys-health-validate.md)
# Configuring AWS Health integration
This section describes how to configure AWS Health integration in Jira Service Management.
**Note**
To allow the connector to synchronize AWS Health data for a specific Region, you must enable AWS Health in that account and Region. For more information, refer to [What is AWS Health?](https://docs.aws.amazon.com/health/latest/ug/what-is-aws-health.html)
**Configuring AWS Health integration**
1. Set up an SQS queue to sync AWS Health events. Name the queue **AwsSmcJsmCloudForgeHealthQueue** to align it with the default name in the connector settings. For more information, refer to [Getting started with Amazon SQS](https://docs.aws.amazon.com/AWSSimpleQueueService/latest/SQSDeveloperGuide/sqs-getting-started.html).
1. Set up an Amazon EventBridge rule to detect changes to findings and push them to the queue. For more information, refer to [Getting started with Amazon EventBridge](https://docs.aws.amazon.com/eventbridge/latest/userguide/eb-get-started.html). The rule should have the following event pattern and point to the SQS queue from step 1.
```
"EventPattern": {
"source": ["aws.health"]
}
```
**Note**
A queue with this name must exist in all Regions defined by the AWS account that has the AWS Health integration enabled. The default value is **AwsSmcJsmCloudForgeHealthQueue**.
**Configuring AWS Health**
1. Navigate to the **Settings** menu, and then choose **Apps**.
1. Choose **AWS Service Management Connector**, and then navigate to **Connector** settings.
1. In the **AWS Health** section, enter the SQS queue name from where you want to sync the AWS Health. The default value is **AwsSmcJsmCloudForgeHealthQueue**. The configured queue is available in all AWS accounts and Regions where the integration is configured.
1. Assign onboarded AWS accounts to Jira projects.
1. Choose **Save**.
# Validating AWS Health integration
This section describes how to validate the AWS Health integration in Jira Service Management.
**Validating AWS Health integration**
1. Log in to your Jira Agent view.
1. Open your Jira project, and choose a Jira issue with type *AWS Health Event*.
1. Select the **AWS Health Affected Resources** panel to view event resources.
# Reference: AWS API calls for the AWS Service Management Connector
The following provides the reference AWS API calls for AWS Service Management Connector.
+ `AWSBudgets.describeBudget`
+ `AWSCloudFormation.registerType`
+ `AWSCloudFormation.deregisterType `
+ `AWSCloudFormation.describeTypeRegistration `
+ `AWSSecurityHub.batchUpdateFindings `
+ `AWSSecurityTokenService.getCallerIdentity `
+ `AWSServiceCatalog.createProvisionedProductPlan`
+ `AWSServiceCatalog.deleteProvisionedProductPlan `
+ `AWSServiceCatalog.describePortfolio `
+ `AWSServiceCatalog.describeProduct `
+ `AWSServiceCatalog.describeProductAsAdmin `
+ `AWSServiceCatalog.describeProductView `
+ `AWSServiceCatalog.describeProvisionedProduct `
+ `AWSServiceCatalog.describeProvisionedProductPlan`
+ `AWSServiceCatalog.describeProvisioningParameters`
+ `AWSServiceCatalog.describeRecord`
+ `AWSServiceCatalog.executeProvisionedProductPlan`
+ `AWSServiceCatalog.executeProvisionedProductServiceAction`
+ `AWSServiceCatalog.listBudgetsForResource`
+ `AWSServiceCatalog.listLaunchPaths`
+ `AWSServiceCatalog.listPortfolioAccess`
+ `AWSServiceCatalog.listPortfolios`
+ `AWSServiceCatalog.listProvisionedProductPlans`
+ `AWSServiceCatalog.listServiceActionsForProvisioningArtifact`
+ `AWSServiceCatalog.listStackInstancesForProvisionedProduct`
+ `AWSServiceCatalog.provisionProduct`
+ `AWSServiceCatalog.searchProducts`
+ `AWSServiceCatalog.searchProductsAsAdmin`
+ `AWSServiceCatalog.terminateProvisionedProduct`
+ `AWSServiceCatalog.updateProvisionedProduct`
+ `AWSSimpleQueueService.DeleteMessage`
+ `AWSSimpleQueueService.DeleteMessageBatch`
+ `AWSSimpleQueueService.ReceiveMessage`
+ `AWSSimpleSystemsManagementIncident:ListIncidentRecords`
+ `AWSSimpleSystemsManagementIncident:GetIncidentRecord`
+ `AWSSimpleSystemsManagementIncident:UpdateRelatedItems`
+ `AWSSimpleSystemsManagementIncident:ListTimelineEvents`
+ `AWSSimpleSystemsManagementIncident:GetTimelineEvent`
+ `AWSSimpleSystemsManagementIncident:UpdateIncidentRecord`
+ `AWSSimpleSystemsManagement:ListOpsItemRelatedItems`
+ `AWSSimpleSystemsManagement:ListRelateditems`
# Contacting the Service Management Connector specialist team
You can contact the AWS Service Management Connector (SMC) specialist team directly from the connector using an Support case.
**To create a support case with the SMC specialist team from Support console**
1. In the console, choose **Technical Support**.
1. Complete the form's required fields:
+ Service - `Service Catalog`
+ Category - `Service Management Connectors`
+ Severity - `General Guidence` or `System Impaired` (based on your need).
+ Subject - A brief summary of the question or issue; include the name of the Connector in use.
+ Description - A detailed account of the question or issue.
1. In **Console Options**, choose **Web**.
1. Choose **Submit**. A SMC specialist team member will contact you through the support case.
# Jira approvals and access controls
This section describes approvals and access controls that are available in Jira.
**Approvals**
The approval agent has access to a screen with the options to approve or reject the product request. For a rejection, the agent can add a comment explaining the rejection of the request. The requester can view the status of the request, which includes **Waiting for Approval**, **Scheduled**, **Launching**, or **Available**. Changes to approver group members does not impact approvers identified for pre-existing issues, but does affect whether AWS permits approval. Only approver users assigned to the issue at the time of issue creation can approve the request. The approver user must also be a member of the group to issue an approval. If the approver user is not a member of the group, AWS may reject the request. All post-provision actions, including termination, receive pre-approval for the user or group approved to provision it.
**Access controls**
You can set access controls on portfolios, as described earlier in this guide. Those access controls are in addition to the per-project enablement: users must have access to an AWS Connector-enabled project and belong to the groups enabled for a portfolio to provision products in that portfolio.
# Release notes
The AWS Service Management Connector is for Atlassian's Jira Service Management Cloud, an application based on [Forge](https://developer.atlassian.com/platform/forge/). The connector is available from [Atlassian Marketplace](https://marketplace.atlassian.com/apps/1221283/aws-service-management-connector-for-jsm-cloud). The latest version integrates with AWS Systems Manager OpsCenter and AWS Health.
## Version 6.6.0
**Core features**
+ Improved reliability of resource installation process.
**AWS Systems Manager OpsCenter integration**
+ Create and update Jira issues when you create and update operational items (AWS OpsItems) in AWS Systems Manager OpsCenter.
+ Update OpsItems in AWS Systems Manager OpsCenter when you update the Jira issue in Jira Service Management Cloud.
+ View and run AWS Systems Manager automation runbooks to resolve OpsItems and view results of the Jira issues.
+ Synchronize action-item type OpsItems from AWS Systems Manager Incident Manager.
+ Creates a relationship between synced incidents from Incident Manager and the associated OpsItem.
**AWS Health integration**
+ Creates Jira issues from AWS Health events.
+ Supports affected resource tracking for planned lifecycle events.
+ Supports pagination by syncing health events with visual information about the progress.
+ Supports AWS Organizations to view and consolidate multiple AWS accounts through Amazon EventBridge.
## Version 6.0.0
**Core features**
+ Resolves an issue during installation that creates workflows, issue types, and other resources.
+ Upgrades packages to address vulnerabilities.
**AWS Systems Manager Incident Manager integration**
+ Resolves an intermittent issue with the Incident Manager integration that delays ticket creation.
**AWS Security Hub CSPM integration enhancement**
+ Resolves an issue with duplicate fields that causes an *Error in Data* issue when viewing the Security Hub CSPM details panel.
+ Enhances logging for Security Hub CSPM integration.
## Version 5.7.0
**Core features**
+ To avoid timeouts, the connector installation now uses the Forge Async events API.
## Version 5.6.0
**Core features**
+ Resolved site-specific issues with AWS Security Hub CSPM sync
+ Improved throttling exception handing for AWS Systems Manager Automation sync
+ Package dependency update
## Version 5.0.0
**Support integration**
+ Configure dual synchronization of Support cases as Jira issues
+ View, create, resolve, and add correspondences to Support tickets directly from Jira issues
**AWS Systems Manager Automation integration**
+ Render AWS Systems Manager automation documents in the Jira Service Management Agent views
+ Request and execute AWS Systems Manager automation documents through Jira Service Management
## Version 4.4.0
**AWS Security Hub CSPM integration**
+ Corrected the invalid request type message to appear on the "update product issue" action only, and excluded from display on the main portal view
## Version 4.2.0
**AWS Security Hub CSPM integration**
+ Enhanced logging for AWS Security Hub CSPM integration
**Core features**
+ Improved the connector configurations filter to allow only selection of Jira Service Desk project types
## Version 4.0.0
**AWS Service Catalog integration**
+ Render AWS Service Catalog portfolios and products in Jira Service Management using the Customer Portal view
**Core features**
+ Implement appropriate endpoint to support AWS Service Catalog integration for China Regions into the Connector for Jira Service Management
## Version 3.9.0
**AWS Security Hub CSPM integration enhancement**
+ Additional error trapping and enhanced logging for configuration errors
## Version 3.8.0
**AWS Service Catalog integration**
+ Render AWS Service Catalog portfolios and products in Jira Service Management using the Jira Agent view
+ Associate Jira Service Management approval groups to AWS Service Catalog portfolios to require approvals for Jira Service Management user product requests
+ Configure AWS product request form components available for internal customers and Jira agents to view
+ Create AWS Tags across provisioned products
+ View AWS-specific parameters on Amazon EC2 resources, such as Availability Zones, Image ID, Instance ID, KeyPair, Security Group, and VPC
**AWS Security Hub CSPM integration **
+ Configure synchronization behavior of AWS Security Hub CSPM Findings within Jira Service Management Cloud
+ Create, view, update, investigate and resolve AWS Security Hub CSPM Findings as Jira issues
**AWS Systems Manager Incident Manager integration**
+ Sync Incident Manager incidents as Jira Issues
+ Provide configuration to allow bidirectional or unidirectional synchronization of the `resolved` status between a Jira Issue and the corresponding AWS incident
# Release history
Review the release history for AWS Service Management Connector for Atlassian's Jira Service Management Cloud.
| Version | Description | Date |
| --- | --- | --- |
| v6.6.0 | AWS Systems Manager OpsCenter integration AWS Health integration | November 6, 2023 |
| v6.0.0 | AWS Systems Manager Incident Manager integration enhancements | June 22, 2023 |
| v5.0.0 | Support integration AWS Systems Manager Automation integration | April 12, 2023 |
| v4.2.0 | AWS Security Hub CSPM enhanced logging and improved configurations filter | February 23, 2023 |
| v4.0.0 | AWS Service Catalog integration with Jira Customer Portal | February 7, 2023 |
| v3.9.0 | AWS Security Hub CSPM integration enhancements including additional logging to capture errors associated with the AWS Security Hub CSPM Findings sync | January 4, 2023 |
| v3.8.0 | AWS Service Catalog integration AWS Security Hub CSPM integration AWS Systems Manager Incident Manager integration | November 17, 2022 |