Getting started with Incident Manager - Incident Manager
PrerequisitesGet prepared wizard

Getting started with Incident Manager

This section walks through Get prepared in the Incident Manager console. You're required to complete Get prepared in the console before you can use it for incident management. The wizard walks you through setting up your replication set, at least one contact and one escalation plan, and your first response plan. The following guides will help you understand Incident Manager and the incident lifecycle:

Prerequisites

If you're using Incident Manager for the first time, see the Setting up AWS Systems Manager Incident Manager. We recommend setting up Incident Manager in the account that you use to manage your operations.

We recommend that you complete the Systems Manager quick setup before beginning the Incident Manager Get prepared wizard. Use Systems Manager Quick Setup to configure frequently used AWS services and features with recommended best practices. Incident Manager uses Systems Manager features to manage incidents associated with your AWS accounts and benefits from having Systems Manager configured first.

Get prepared wizard

The first time you use Incident Manager, you can access the Get prepared wizard from the Incident Manager service homepage. To access the Get prepared wizard after you first complete setup, choose Prepare on the Incidents list page.

  1. Open the Incident Manager console.

  2. On the Incident Manager service homepage, choose Get prepared.

General settings

  1. Under General settings, choose Set up.

  2. Read the terms and conditions. If you agree to Incident Manager's terms and conditions, select I have read and agree to the Incident Manager terms and conditions, then choose Next.

  3. In the Regions area, your current AWS Region appears as the first Region in your replication set. To add more Regions to your replication set, choose them from the list of Regions.

    We recommend including at least two Regions. In case one Region is temporarily unavailable, incident-related activities can still be routed to the other Region.

    Note

    Creating the replication set creates the AWSServiceRoleforIncidentManager service-linked role in your account. To learn more about this role, see Using service-linked roles for Incident Manager.

  4. To set up encryption for your replication set, do one of the following:

    Note

    All Incident Manager resources are encrypted. To learn more about how your data is encrypted, see Data protection in Incident Manager. For more information about your Incident Manager replication set, see Using the Incident Manager replication set.

    • To use an AWS owned key, choose Use AWS owned key.

    • To use your own AWS KMS key, choose Choose an existing AWS KMS key. For each Region you selected in step 3, choose an AWS KMS key, or enter an AWS KMS Amazon Resource Name (ARN).

      Tip

      If you don't have an available AWS KMS key, choose Create an AWS KMS key.

  5. (Optional) In the Tags area, add one or more tags to the replication set. A tag includes a key and, optionally, a value.

    Tags are optional metadata that you assign to a resource. Tags allow you to categorize a resource in different ways, such as by purpose, owner, or environment. For more information, see Tagging resources in Incident Manager.

  6. (Optional) In the Service Access area, to activate the Findings feature, choose the Create service role for findings in this account check box.

    A finding is information about a code deployment or infrastructure change that occurred around the same time that an incident was created. A finding can be examined as a potential cause of the incident. Information about these potential causes is added to the Incident details page for the incident. With information about these deployments and changes readily at hand, responders don't need to manually search for this information.

    Tip

    To view information about the role to be created, choose View permissions.

  7. Choose Create.

    To learn more about replication sets and resiliency, see Resilience in AWS Systems Manager Incident Manager.

Contacts (optional)

  1. Choose Create contact.

    Incident Manager engages contacts during an incident. For more information about contacts, see Working with contacts in Incident Manager.

  2. For Name, enter the contact's name.

  3. For Unique alias, enter an alias to identify this contact.

  4. In the Contact channel section., do the following to define how the contact is engaged during incidents:

    1. For Type, choose Email, SMS, or Voice.

    2. For Channel name, enter a unique name to help you identify the channel.

    3. For Detail, enter the email address or phone number for the contact.

      Phone numbers must have 9–15 characters and start with + followed by the country code and subscriber number.

    4. To create another contact channel, choose Add a new contact channel. We recommend defining at least two channels for each contact.

  5. In the Engagement plan area, do the following to define which channels to notify the contact through, and how long to wait for an acknowledgement through each channel. Select the contact channels to use to engage the contact during incidents.

    Note

    We recommend defining at least two devices in the engagement plan.

    1. For Contact channel name, choose a channel you specified in the Contact channel area.

    2. For Engagement time (min), enter the number of minutes to wait before engaging the contact channel.

      We recommend that you select at least one device to engage at the beginning of an engagement, specifying 0 (zero) minutes waiting time.

    3. To add more contact channels to the engagement plan, choose Add engagement.

  6. (Optional) In the Tags area, add one or more tags to the contact. A tag includes a key and, optionally, a value.

    Tags are optional metadata that you assign to a resource. Tags allow you to categorize a resource in different ways, such as by purpose, owner, or environment. For more information, see Tagging resources in Incident Manager.

  7. To create the contact record and send activation codes to the defined contact channels, choose Next.

  8. (Optional) In the Contact channel activation page, enter the activation code sent to each channel.

    You can generate new activation codes later if you're not able to enter the codes now.

  9. Repeat step four until you have added all of your contacts to Incident Manager.

  10. After all contacts are entered, choose Finish.

(Optional) Escalation plans

  1. Choose Create escalation plan.

    An escalation plan escalates through your contacts during an incident, ensuring that Incident Manager engages the correct responders during an incident. For more information about escalation plans, see Working with escalation plans in Incident Manager.

  2. For Name, enter a unique name for the escalation plan.

  3. For Alias, enter a unique alias to help you identify the escalation plan.

  4. In the Stage 1 area, do the following:

    1. For Escalation channel, choose contact channels to engage.

    2. If you want a contact to be able to halt the progression of escalation plan stages, select Acknowledgment stops plan progression.

    3. To add more channels to a stage, choose Add escalation channel.

  5. To create a new stage in the escalation plan, choose Add stage and add its stage details.

  6. (Optional) In the Tags area, add one or more tags to the escalation plan. A tag includes a key and, optionally, a value.

    Tags are optional metadata that you assign to a resource. Tags allow you to categorize a resource in different ways, such as by purpose, owner, or environment. For more information, see Tagging resources in Incident Manager.

  7. Choose Create escalation plan.

Response plan

  1. Choose Create response plan. Use the response plan to put together contacts and escalation plans you created. During this Getting started wizard, the following sections are optional, especially if this is your first time setting up a response plan:

    • Chat channel

    • Runbooks

    • Engagements

    • Third-party integrations

    For information about adding these elements to response plans later, see Preparing for incidents in Incident Manager.

  2. For Name, enter a unique, identifiable name for the response plan. The name is used to create the response plan ARN or in response plans with no display name.

  3. (Optional) For Display name, enter a name to help you identify this response plan when creating incidents.

  4. For Title, enter a title to help identify the type of incident that relates to this response plan. The value you specify is included in each incident's title. The alarm or event that started the incident is also added to the title.

  5. For Impact, select the impact level you expect for incidents related to this response plan, such as Critical or Low.

  6. (Optional) For Summary, enter a brief description that is used to provide an overview of the incident. Incident Manager automatically populates relevant information into the summary during an incident.

  7. (Optional) For Dedupe string, enter a dedupe string. Incident Manager uses this string to prevent the same root cause from creating multiple incidents in the same account.

    A deduplication string is a term or phrase the system uses to check for duplicate incidents. If you specify a deduplication string, Incident Manager searches for open incidents that contain the same string in the dedupeString field when it creates the incident. If a duplicate is detected, Incident Manager deduplicates the newer incident into the existing incident.

    Note

    By default, Incident Manager automatically deduplicates multiple incidents created by the same Amazon CloudWatch alarm or Amazon EventBridge event. You don't have to enter your own deduplication string to prevent duplication for these resource types.

  8. (Optional) In the Tags area, add one or more tags to the response plan. A tag includes a key and, optionally, a value.

    Tags are optional metadata that you assign to a resource. Tags allow you to categorize a resource in different ways, such as by purpose, owner, or environment. For more information, see Tagging resources in Incident Manager.

  9. Select the contacts and escalation plans to apply to the incident from the Engagements dropdown.

  10. Choose Create response plan.

After you've created a response plan, you can associate Amazon CloudWatch alarms or Amazon EventBridge events with the response plan. This will automatically create an incident based on an alarm or event. For more information, see Creating incidents in Incident Manager.