You're on your way to the next level! Join the Kudos program to earn points and save your progress.
Level 1: Seed
25 / 150 points
1 badge earned
Challenges come and go, but your rewards stay with you. Do more to earn more!
What goes around comes around! Share the love by gifting kudos to your peers.
Keep earning points to reach the top of the leaderboard. It resets every quarter so you always have a chance!
Join now to unlock these features and more
Trying to configure a action channel to AWS SSM action.
The link to create cloudformation stack is not working, as we use federation users only.
The documentation link to https://docs.opsgenie.com/v1.0/docs/opsgenie-actions#section-action-channels is broken and goes to a different page with now IAM role definition.
Can someone please share how the role needs to be defined ?
Would like to confirm that indeed it was my problem. The link is opened on the console for a specific region and I had SCPs in place blocking that region. Even so I think you could simply display the role & policy that you need created so that customers deploy it the way they want: force the console login just to show your trusted account seems unnecessary.
Here are are some links:
It mentions "To configure AWS Role for an AWS Action channel, you may use CloudFormation Template created by the link on AWS Role input. If you would like to create an IAM role without this template, please make sure that your role satisfies all of the permissions and trusted relationship configurations given by the CloudFormation template.
Note that, AWS role name should include opsgenie-automation-action- prefix to execute actions on AWS SSM Automation documents."
When you do click on the button here which launches a cloud formation script. This action will automatically create a IAMRole for you with the following Permissions policies
Let me know if this answers your question :)
As I mentioned in the email the link to launch the cloudformation doesn't work for users logged in through Federation which is the case of my company.
I think that having the information of the policies is not enough, as I for sure need to issue a trust to one of your accounts but can't see which..
It seems like you are logging into a federated account that has restrictions. What you should do here is go to your Federation Services Admin (in your org) and request access to roles with higher permissions.