Runbooks and automation - Incident Manager

Runbooks and automation

A runbook drives incident mitigation and response. AWS Systems Manager Incident Manager brings your runbooks to a central place, ensuring responders focus on mitigation instead of tracking down the next steps. Setup and configure runbooks using AWS Systems Manager runbooks and connect them to an incident by defining them in a response plan. For more information about Automation runbooks, see AWS Systems Manager Automation in the Systems Manager user guide. Using automation steps in runbooks incurs costs in Systems Manager. For more information about Systems Manager billing, Systems Manager pricing. For more information about adding a runbook to a response plan, see Response plans.

Define a runbook

When creating a runbook, you can follow the steps provided here or you can follow the more detailed guide provided in the Working with runbooks section in the Systems Manager user guide. If you're creating a multi-account, multi-region runbook, see Running automations in multiple AWS Regions and accounts in the Systems Manager user guide.

Define a runbook

  1. Open the Systems Manager console at https://console.aws.amazon.com/systems-manager/.

  2. In the navigation pane, choose Documents.

  3. Choose Create automation.

  4. Provide a unique and identifiable runbook name.

  5. Provide a description of the runbook.

  6. Provide an IAM role for the automation document to assume. This allows the runbook to run commands automatically. For more information, see Configuring a service role access for Automation workflows.

  7. (Optional) Add the input parameters that the runbook starts with.

  8. (Optional) Add a Target type.

  9. (Optional) Add tags.

  10. Fill in the steps that the runbook takes. Each step requires:

    • A name.

    • A description of the purpose of the step

    • The action to run during the step. Runbooks use the Pause action type to describe a manual step.

    • (Optional) Provide command properties.

  11. After adding all required runbook steps, choose Create Automation.

To enable cross-account functionality, share the runbook in your management account with all application accounts that use the runbook during an incident.

Share a runbook

  1. Open the Systems Manager console at https://console.aws.amazon.com/systems-manager/.

  2. In the navigation pane, choose Documents.

  3. In the documents list, choose the document you want to share and then choose View details. On the Permissions tab, verify that you're the document owner. Only a document owner can share a document.

  4. Choose Edit.

  5. To share the command publicly, choose Public and then choose Save. To share the command privately, choose Private, enter the AWS account ID, choose Add permission, and then choose Save.

Incident Manager runbook template

Incident Manager provides the following runbook templates to get your team started with authoring runbooks in Systems Manager automation. You can use these templates as is or edit them to include more details specific to your application and resources.

Find Incident Manager runbook templates

  1. Open the Systems Manager console at https://console.aws.amazon.com/systems-manager/.

  2. In the navigation pane, choose Documents.

  3. In the documents list use the search to find AWSIncidents-. This displays all Incident Manager runbooks.

Using a template

  1. Open the Systems Manager console at https://console.aws.amazon.com/systems-manager/.

  2. In the navigation pane, choose Documents.

  3. Choose the template you're updating from the documents list.

  4. Choose the Content tab and copy the content of the document.

  5. In the navigation pane, choose Documents.

  6. Choose Create automation.

  7. Provide a unique and identifiable name.

  8. Choose the Editor tab.

  9. Choose Edit.

  10. Enter the copied details in the Document editor area.

  11. Choose Create automation.

AWSIncidents-CriticalIncidentRunbookTemplate

The AWSIncidents-CriticalIncidentRunbookTemplate is a template that provides the Incident Manager incident lifecycle in manual steps. These steps are generic enough to use in most applications but detailed enough to get responders started with incident resolution.