Configuring Jira Service Management - AWS Service Catalog

Configuring Jira Service Management

The AWS Service Management Connector for Jira Service Management is released as a conventional Jira Service Management add-on. Add-ons are code changes to the Jira software that extend its functionality or extend the functionality of Jira Service Management software. The Connector for Jira Service Management add-on is available to download in the Atlassian Marketplace.

After completing the IAM and AWS Service Catalog configurations, you must configure Jira Service Management. Installation tasks within Jira Service Management include:

  • Clear your web browser cache.

  • Install the Jira Service Management Connector add-on.

  • Configure AWS Service Management Connector add-on, including accounts, schedule sync, request and approval permissions, and core operational settings.

    Note

    You'll need to select a dedicated administrator on the Connector settings page to perform operations on Jira tickets, such as status transitions or comments. If you don't select a dedicated administrator, we list the first administrator in the dropdown by default. For more details, see the Core Operation Settings under the Configuring Connector Settings sub-section.

Clear Web Browser Cache

Clear your web browser cache to remove previously rendered Jira Service Management forms.

Installing Jira Service Management Connector Add-on

  1. Log in to your Jira instance as an admin.

  2. Open the admin menu and choose Add-ons.

  3. On the Manage add-ons screen, choose Find new apps or Find new add-ons from the left side of the page.

  4. Find AWS Service Management Connector for JSM. The search results should include app versions compatible with your Jira instance.

  5. Choose Install to download and install your app.

  6. Proceed to Configuring AWS Accounts and Regions.

Alternatively, you can download the code from the OBR file: AWS Service Management Connector for Jira Service Management v1.7.1 OBR.

  1. Go to Manage apps.

  2. Select Upload app and upload the OBR file.

  3. Proceed to Configuring AWS Accounts and Regions.

The Connector for Jira Service Management version 1.7.1 add-on can be applied to the supported Jira software (Jira Service Management) releases noted above.

Configuring AWS Accounts and Regions

Once the AWS Service Management Connector is installed, configure it by choosing the Jira administration icon in the top right, then choosing Add-ons.

  1. From the AWS Service Catalog section on the left navigation menu, choose AWS Accounts.

  2. Choose Connect new account.

  3. Enter the account alias (used to identify the AWS account in the Connector).

  4. Enter the credentials for SC-sync-user. This is the access key identity and credentials for a sync user saved from the AWS configuration. SC-sync-user credentials are used to retrieve portfolios and products to make them available through Jira Service Management. You will have the opportunity to set the groups allowed to access these.

  5. Enter the credentials for SC-end-user. This is the access key identity and credentials for the end user saved from the AWS configuration. The SC-end-user credentials are used to provision products on behalf of a Jira user.

  6. Add AWS Regions containing AWS Service Catalog products and portfolios that you want available in Jira Service Management.

  7. Choose Test Connectivity.

  8. Upon successful connection status, choose Connect.

Note

We recommend that the sync user and end user be new users in AWS used only with AWS Service Management Connectors. These users should have minimum required privileges. An AWS CloudFormation template with the minimal permissions for AWS Service Management Connectors is available.

Configuring AWS Service Catalog Portfolios within Jira

AWS Product Access

This section describes how to configure AWS Service Catalog portfolios within Jira.

Once your account or accounts are set up and connectivity is successful, use the AWS Account page to manage, for each account, which groups are permitted to access each portfolio in each Region. You can expand and collapse each Region and edit and add groups for each portfolio. Only users in the designated groups have access to those products. By default, no groups have access.

Note

At least one group must be associated to an AWS Service Catalog portfolio for Jira Service Management end users to request AWS products.

To provision products and portfolios

  1. Choose AWS Accounts.

  2. Choose Manage for the AWS account on which you want to configure portfolios.

  3. Under Portfolios, expand the Region associated with the account. Portfolios are displayed under each Region.

  4. In the Permission to request column, choose Add groups for the portfolios that you want to make visible in Jira Service Management. Select the group that you want to be able to see and request AWS Service Catalog products.

    Note

    Because the AWS Service Management Connector for Jira Service Management allows Jira users to provision AWS products in the portfolios their groups have access to, and to control those provisioned products, users should be reminded of the importance of maintaining the security of their Jira accounts.

  5. If products in this portfolio do not require approvals, choose Save.

Jira Service Management Approvals for Products in AWS Service Catalog Portfolios

The AWS Service Management Connector for Jira Service Management enables administrators to configure approvals for products at the portfolio level. All products within a portfolio that contains approval permissions will require approval, so AWS and Jira administrators may need to collaborate on the AWS Service Catalog portfolio structure.

To configure the approval process

  1. Choose AWS Accounts.

  2. Choose Manage on the AWS account for which you want to configure portfolio approvals.

  3. In the Permission to approve column, choose Add groups for the portfolios that require product approvals.

  4. Select Require approval for provisioning.

  5. Under Permission to approve, choose Add group.

  6. Choose Save.

Note

If a portfolio only has a group associated with Permissions to request, products within the portfolio immediately provision when the product request is submitted.

Viewing Products and Budgets

Two other tabs in the Admin -> AWS Accounts -> Manage section let you view information on portfolios, for reference. The Available Products tab lists the products in the portfolio and budgetary information on each. The Budgets tab gives overall budgetary information on the portfolio.

Note

Note: Additional configurations for the AWS Service Catalog request form and Automated Tags are detailed in the next section Configuring Connector Settings.

Configuring Connector Settings (Jira Project Enablement and Request Type)

In addition to configuring AWS accounts, the AWS Service Management Connector contains selections AWS services, UI settings (AWS Service Catalog), enabling projects and configuring AWS Systems Manager OpsCenter.

Note

There are no per-account settings for AWS Config and AWS Systems Manager Automation through the JSM Connector.

Connector features enabled by default

To configure the default Connector features for specific AWS services

For a new installation of Connector, the default project configuration is for all Connector features (AWS Service Catalog, AWS Config, AWS Systems Manager Automation, and AWS Systems Manager OpsCenter) to be enabled. If you are upgrading an existing installation, for security reasons, new features are initially not enabled.

  1. In the left navigation menu, under AWS Service Management, select Connector settings.

  2. At the top, under Connector features enabled by default, select each feature depending whether you want projects using the default configuration to be able to use them or not.

  3. Choose Save.

UI Settings (AWS Service Catalog)

Configure the AWS Service Catalog product widget components to make them viewable to end users.

To address the varying personas of end users requesting AWS products, the Connector for Jira Service Management includes an add-on app setting to enable or disable components of the AWS product widget. By default, all AWS product components are enabled.

To modify the AWS product view

  1. In the left navigation menu, under AWS Service Management, AWS Connector settings.

  2. Go the UI settings (Service Catalog) section and deselect any AWS product component such as:

    1. Allow the product name to be edited. (If unchecked, an autogenerated name will be used which the user will not be able to edit.)

    2. Allow the user to select a launch option. (If unchecked, the default launch option will be selected and the launch option section hidden.)

    3. Allow the user to select a product version. (If unchecked, the default product version will be selected and the product version section hidden.)

    4. Allow the user to add or edit tags. (If unchecked, default values will be chosen for tag options and the tags section will be hidden.)

    5. Allow user to create a plan for creation or update of a provisioned product. (If unchecked, the plans section will be hidden.)

  3. Choose Save.

Projects enabled for the Connector

The AWS Service Management Connector for Jira Service Management requires the add-on to be associated to one or more Jira projects and, for JSM request types. You can configure which Connector features are enabled for each Jira project.

To configure the Jira projects for AWS Service Catalog, AWS Config, AWS Systems Manager Automation and AWS Systems Manager OpsCenter

  1. In the left navigation menu, under AWS Service Management Connector, select Connector settings.

  2. Under Projects enabled for Connector, you must enable at least one Jira project. You can create a new Jira Service Management project or add an existing one. Only users with access to the associated project will be able to access the Connector. When this update is applied, the Connector adds the necessary issue types and other Jira items needed for AWS Service Catalog products to be available in those projects. You can return to this screen and add or remove projects at any time.

  3. Projects initially take the default configuration in regards which Connector features are enabled. Choose Edit in a project row to change the configuration for individual projects. It is permitted for projects to use more features than the default.

  4. Choose Save.

    Note

    For end-users to be able to request AWS Service Catalog products, one or more projects must be enabled and users must have Jira permissions to create issues in the Jira project and Permission to Request in the Jira settings for the AWS Account for at least one portfolio with products.

    AWS Systems Manager Automation enablement considerations

    It Is not currently supported to have fine-grained permissions in Jira for which users and groups should be allowed to access which AWS Systems Manager automation documents. If a project is enabled for Systems Manager Automation, then any user with permission to create issues in that project will have the ability to run any of the automations. Access can be restricted by limiting which users have access to projects with AWS Systems Manager Automation enabled.

OpsCenter Configuration

Once you've enabled project(s) for the Connector, AWS Systems Manager OpsCenter requires Jira admins to associate Jira project(s) to this integration as well as determine the full sync and delta sync intervals.

To associate the Jira projects enabled for the Connector to the AWS Systems Manager OpsCenter integration features

  1. In the left navigation menu, under AWS Service Management Connector, select Connector settings.

  2. Create a new Jira Service Management Project. Under OpsCenter Configuration, you must enable at least one Jira project. You can create a new Jira Service Management project or add an existing one. Only users with access to the associated project will be able to access the Connector. When this update is applied, the Connector adds the necessary issue type to associated project(s). You can return to this screen and add or remove projects at any time.

  3. Under OpsCenter Configuration, in the Full Sync Interval and Delta Sync Interval fields, you can change the sync interval if you want. The Full Sync and Delta interval determines how often Jira Service Management conducts syncs all or changes to OpsItems details with AWS Systems Manager OpsCenter respectively. Increasing this number will reduce the number of API calls to AWS but will mean it takes longer for OpsItems updates to be reflected in the Connector.

  4. Choose Save.

Core Operational Settings

To configure operational settings for the AWS Service Management Connector for Jira Service Management

  1. In the left navigation menu, under AWS Service Management Connector, select Connector settings.

  2. Under Core operational settings, in the Synchronization interval field, you can change the sync interval if you want. This interval determines how often Jira Service Management syncs with AWS. Increasing this number will reduce the number of API calls to AWS but will mean it takes longer for updates in AWS portfolios and automation documents to be reflected in the Connector. Information on actively provisioning products and ongoing automation executions updates more frequently.

  3. Under Core operational settings, in the JIRA Administrator to run as field, you can change the admin user assigned to perform automated operations within JIRA.

    It is important to emphasize the Connector performs many actions within Jira, and needs to do those actions as a Jira user. By default, Connector will choose the Jira Admin user with the lowest ID, which works for many environments.

    However, that may be the wrong strategy if the initial admin user has been disabled or if a different admin user is preferred. For clarity within the Connector, it can be a good idea to create a new user called, for example, "AWS Connector Admin", and select that as the default user.

    Actions performed automatically by the Connector, such as synchronizing OpsItems from AWS or adding a commenting on detecting a change to an AWS Provisioned Product, will be recorded as being done by this user. This does not affect actions performed by end users, such as requesting a Provisioned Product or manually creating an OpsItem in Jira, which as usual will be recorded as being done by that end user.

    This user should have global admin permissions, JSM permissions, and admin access to each of the AWS-enabled projects.

  4. Choose Save.

Note

We recommend no changes to entities that the plugin created, such as the addition of fields, workflows, issue types, screens, and so on.

Configuring Automated Tags (AWS Service Catalog)

The AWS Service Management Connector v1.7.1 enables Jira administrators to add tags (metadata) to AWS Service Catalog provisioned products globally across the add-on or granularly at the portfolio level. These tags are not visible to end users.

Two tag types are available in this release:

  • Generic tags in which the admin can enter the key and value.

  • AWS Service Catalog Request Type tags in which the admin can enter the following syntax for key and value:

Key Value
Project Code ${PROJECT_CODE}
Project Name ${PROJECT_NAME}
Project Name ${ISSUE_ID}
Username ${USERNAME}
Opened By ${OPENED_BY}

To add generic AWS tags to AWS Service Catalog provisioned products in Jira Service Management

  1. In the left navigation menu, under AWS Service Management, select Automated Tags.

  2. For Global level tags, enter the Key and Value entries. Under Portfolio, select Global (set by default). Select the + icon to insert.

  3. For Portfolio level tags, enter the Key and Value entries. Under Portfolio, select the Portfolio dropdown to choose the portfolio associated to associate tag. Select the + icon to insert.

To add in-scope request type AWS tags to AWS Service Catalog provisioned products derived from Jira Service Management

  1. In the left navigation menu, under AWS Service Management, select Automated Tags.

  2. For Global level tags, enter the Key and Value entries. Under Portfolio, select Global (set by default). Select the + icon to insert.

  3. For Portfolio level tags, enter the Key and Value entries. Under Portfolio, select the Portfolio dropdown to choose the portfolio associated to associate tag. Select the + icon to insert.

    Once products are provisioned, you can see in the AWS console that these tags are associated to the resource.

Configuring Project Request Type Groups

The AWS request type must be in a group for users to be able to access it in Jira Service Management. Enabling Jira projects, as described in Configuring Connector Settings (Jira Project Enablement and Request Type), makes AWS product request types available, but Jira Service Management users won't see the request type until it is added to a Request Type Group.

To configure request types

  1. In the AWS Service Management Connector for Jira Service Management , go to the Connector settings page.

  2. In the Projects section, choose add the AWS request type.

  3. Select Add existing request type in the upper right-hand corner.

  4. Select Request AWS product from the available request type.

  5. Select Edit Groups for the Request AWS product request type.

  6. On the Edit groups form, select General, then choose Save.

Note

A custom Request AWS Product request type was created for the Connector for Jira Service Management, so edits to the Request AWS Product request type are not required. You can add a request type to an existing group. If you don't have a group, create a new group and add the request type to it.