Create
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Sign up Log in
Product Q&A
See all
Community resources
Top groups
Explore all groups
Community resources
Learn
Community resources
Events
Community resources

Where is the documentation for IAM Role required for SSM Action

Ricardo Pereira
Ricardo Pereira September 25, 2020

Trying to configure a action channel to AWS SSM action. 

The link to create cloudformation stack is not working, as we use federation users only.

The documentation link to https://docs.opsgenie.com/v1.0/docs/opsgenie-actions#section-action-channels is broken and goes to a different page with now IAM role definition.

 

Can someone please share how the role needs to be defined ?

 

Thanks

Answer
Watch
Like Steffen Opel _Utoolity_ likes this
791 views

2 answers

1 vote
Ricardo Pereira
Ricardo Pereira October 16, 2020

Would like to confirm that indeed it was my problem. The link is opened on the console for a specific region and I had SCPs in place blocking that region. Even so I think you could simply display the role & policy that you need created so that customers deploy it the way they want: force the console login just to show your trusted account seems unnecessary.

Reply
0 votes
Connor Eyles
Connor Eyles
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 28, 2020

Hi Ricardo,

Here are are some links:

https://docs.opsgenie.com/docs/aws-systems-manager-channel

It mentions "To configure AWS Role for an AWS Action channel, you may use CloudFormation Template created by the link on AWS Role input. If you would like to create an IAM role without this template, please make sure that your role satisfies all of the permissions and trusted relationship configurations given by the CloudFormation template.

Note that, AWS role name should include opsgenie-automation-action- prefix to execute actions on AWS SSM Automation documents."

When you do click on the button here which launches a cloud formation script. This action will automatically create a IAMRole for you with the following Permissions policies

  • Ec2AllPolicy

  • SystemManagerPolicy

Let me know if this answers your question :)

Thanks,
Connor

View More Comments
Ricardo Pereira
Ricardo Pereira September 28, 2020

As I mentioned in the email the link to launch the cloudformation doesn't work for users logged in through Federation which is the case of my company.

I think that having the information of the policies is not enough, as I for sure need to issue a trust to one of your accounts but can't see which..

Please advise.

Like
Connor Eyles
Connor Eyles
Atlassian Team
Atlassian Team members are employees working across the company in a wide variety of roles.
September 28, 2020

Hey Ricardo,

It seems like you are logging into a federated account that has restrictions. What you should do here is go to your Federation Services Admin (in your org) and request access to roles with higher permissions.

Thanks,
Connor

Like
Reply

Suggest an answer

Log in or Sign up to answer
Opsgenie
Opsgenie
DEPLOYMENT TYPE
CLOUD
PERMISSIONS LEVEL
Product Admin
TAGS
AUG Leaders

Atlassian Community Events

    See all events