Link Search Menu Expand Document

Handle AWS SSH Quarantine Approvals

Workflow #0007

This workflow is triggered when an Approval Task generated by the Quarantine AWS Instances from Alerts workflow is approved, denied, or expires. If approved, SSH quarantine restrictions are removed from the Amazon Web Services (AWS) security group.

Note: This workflow is designed to respond to approval tasks generated by this workflow!

GitHub


Change Log

Date Notes
Nov 20, 2020 - Initial release
Sep 10, 2021 - Updated to use the new system atomics

See the Important Notes page for more information about updating workflows


Requirements

  • The following system atomics are used by this workflow:
    • Webex Teams - Post Message to Room
    • Webex Teams - Search for Room
  • The following atomic actions must be imported before you can import this workflow:
    • None
  • The targets and account keys listed below
  • A Webex Teams access token and room name to post messages to
  • Amazon Web Services (AWS)

Workflow Steps

  1. Fetch global variables
  2. Extract the AWS instance ID from the Approval Task
  3. If a Teams room name was provided, translate it into a room ID
  4. Make sure we got an instance ID (if not, post an error to webex)
  5. Check the approval result. If the user selected to leave the instance quarantined or the task expired, do nothing. If they want to remove quarantine:
    • Get information about the instance from AWS and extract its security group
    • Restore normal SSH access
    • Send a Webex Teams notification

Configuration

  • Set your AWS region in the AWS Region local variable
  • See this page for information on configuring the workflow for Webex Teams

Targets

Target Group: Default TargetGroup

Target Name Type Details Account Keys Notes
Amazon Web Services AWS Endpoint Region: Your Region
Your AWS Account Key  
Webex Teams HTTP Endpoint Protocol: HTTPS
Host: webexapis.com
Path: None
None  

Account Keys

Account Key Name Type Details Notes
Your AWS Account Key AWS Credentials Access Key: AWS API Access Key
Secret Key: AWS API Secret Key