Services or capabilities described in Amazon Web Services documentation might vary by Region. To see the differences applicable to the China Regions, see Getting Started with Amazon Web Services in China (PDF).

Integrate OpsCenter with other Amazon Web Services

OpsCenter, a capability of Amazon Systems Manager, integrates with multiple Amazon Web Services to diagnose and remediate issues with Amazon resources. You must set up the Amazon Web Service before you integrate it with OpsCenter.

By default, the following Amazon Web Services are integrated with OpsCenter and can create OpsItems automatically:

You have to integrate the following services with OpsCenter to create OpsItems automatically:

When any of these services create an OpsItem, you can manage and remediate the OpsItem from OpsCenter. For more information, see Manage OpsItems and Remediate OpsItem issues.

For more information about each Amazon Web Service and how it integrates with OpsCenter, see the following topics.

Amazon CloudWatch

Amazon CloudWatch monitors your Amazon resources and services, and displays metrics on every Amazon Web Service that you use. CloudWatch creates an OpsItem when an alarm enters the alarm state. For example, you can configure an alarm to automatically create an OpsItem if there is a spike in HTTP errors generated by your Application Load Balancer.

Some alarms that you can configure in CloudWatch to create OpsItems are shown in the following list:

You can either create an alarm or edit an existing alarm to create an OpsItem. For more information, see Configure CloudWatch alarms to create OpsItems.

When you enable OpsCenter using Integrated Setup, it integrates CloudWatch with OpsCenter.

Amazon CloudWatch Application Insights

Using Amazon CloudWatch Application Insights, you can set up the most appropriate monitors for your application resources to continuously analyze data for signs of problems with your applications. When you configure application resources in CloudWatch Application Insights, you can choose to have the system create OpsItems in OpsCenter. An OpsItem is created on the OpsCenter console for every problem detected with the application. For information, see Set up, configure, and manage your application for monitoring in the Amazon CloudWatch User Guide.

OpsItem title: [<APPLICATION NAME>: <RESOURCE ID>] <PROBLEM SUMMARY>

OpsItem description:       

CloudWatch Application Insights has detected a problem in application <APPLICATION NAME>.
Problem summary: <PROBLEM SUMMARY>
Problem ID: <PROBLEM ID> (hyperlinks to the Application Insights problem summary page)
Problem Status: <PROBLEM STATUS>
Insight: <INSIGHT>

Here is an example:

Amazon DevOps Guru

Amazon DevOps Guru applies machine learning to analyze your operational data, application metrics, and application events to identify behaviors that deviate from normal operating patterns. If you enable DevOps Guru to generate an OpsItem in OpsCenter, each insight generates a new OpsItem. You can use OpsCenter to manage your OpsItems.

DevOps Guru automatically creates OpsItems. You can enable Amazon DevOps Guru to create OpsItems by using Quick Setup, which is a capability of Systems Manager. The system creates OpsItems by using the AWSServiceRoleForDevOpsGuru Amazon Identity and Access Management (IAM) service-linked role.

Amazon EventBridge

Amazon EventBridge delivers a stream of events that describe changes in Amazon resources. When you enable OpsCenter using Integrated Setup, it integrates EventBridge with OpsCenter, and enables default EventBridge rules. Based on these rules, EventBridge creates OpsItems. Using rules, you can filter and route events to OpsCenter for investigation and remediation.

Following are some rules that you can configure in EventBridge to create an OpsItem:

Based on your requirements, you can either create a rule or edit an existing rule to create an OpsItems. For instructions on how to edit a rule to create an OpsItem, see Configure EventBridge rules to create OpsItems.

Amazon Config

Amazon Config provides a detailed view of the configuration of Amazon resources in your Amazon Web Services account.

Amazon Config does not integrate directly with OpsCenter. Instead, you create an Amazon Config rule that sends an event to Amazon EventBridge, such as when Amazon Config detects a noncompliant instance. Then EventBridge evaluates that event against an EventBridge rule you've created. If the rule matches, EventBridge transforms the event to an OpsItem and transmits it to OpsCenter as the destination target.

Using this OpsItem, you can track details of the noncompliant resource, record investigative actions, and provide access to consistent remediation actions.

Related info

Configure EventBridge rules to create OpsItems

Using Amazon Systems ManagerOpsCenter and Amazon Config for compliance monitoring

Amazon Security Hub

Amazon Security Hub collects security data, called findings, from across Amazon Web Services accounts and services. Using a set of rules to detect and generate findings, Security Hub helps you identify, prioritize, and remediate security issues for the resources you manage. After you configure integration, as described in this topic, Systems Manager creates OpsItems for Security Hub findings in OpsCenter.

By default, Systems Manager creates OpsItems for critical and high severity findings. You can manually configure OpsCenter to create OpsItems for medium and low severity findings. OpsCenter doesn’t create OpsItems for informational findings as they don't require remediation. For more information about Security Hub severity levels, see Severity in the Amazon Security Hub API Reference.

Before you begin

Before you configure OpsCenter to create OpsItems based on Security Hub findings, verify that you completed the Security Hub set up tasks. For more information, see Setting up Security Hub in the Amazon Security Hub User Guide.

When you integrate Security Hub with OpsCenter, the system creates OpsItems by using the AWSServiceRoleForSystemsManagerOpsDataSync IAM service-linked role. For more information about this role, see Using roles to create OpsData and OpsItems for Explorer.

Use the following procedure if you no longer want the system to create OpsItems for Security Hub findings.

Incident Manager

Incident Manager, a capability of Amazon Systems Manager, provides an incident management console that helps you mitigate and recover from incidents affecting your Amazon hosted applications. An incident is any unplanned interruption or reduction in quality of services. After you set up and configure Incident Manager, the system automatically creates OpsItems in OpsCenter.

When the system creates an incident in Incident Manager, it also creates an OpsItem in OpsCenter, and displays the incident as a related item. If the OpsItem already exists, Incident Manager doesn't create an OpsItem. The first OpsItem is known as the parent OpsItem. If an incident grows in scale and scope, you can add incidents to an existing OpsItem. If required, you can manually create an incident for an OpsItem. After an incident is closed, you can create an analysis in Incident Manager to review and improve the remediation process for similar issues.

By default, OpsCenter integrates with Incident Manager. If Incident Manager is not set up, the OpsCenter page displays a message to set up Incident Manager. When Incident Manager creates an OpsItem, you can manage and remediate the OpsItem from OpsCenter. For instructions on creating an incident for an OpsItem, see Creating an incident for an OpsItem.