Handle AWS SSH Quarantine Approvals
Workflow #0007
This workflow is triggered when an Approval Task generated by the Quarantine AWS Instances from Alerts workflow is approved, denied, or expires. If approved, SSH quarantine restrictions are removed from the Amazon Web Services (AWS) security group.
Note: This workflow is designed to respond to approval tasks generated by this workflow!
Change Log
Date | Notes |
---|---|
Nov 20, 2020 | - Initial release |
Sep 10, 2021 | - Updated to use the new system atomics |
Aug 31, 2022 | - Minor updates to naming and descriptions |
See the Important Notes page for more information about updating workflows
Requirements
- The following system atomics are used by this workflow:
- Webex - Post Message to Room
- Webex - Search for Room
- The following atomic actions must be imported before you can import this workflow:
- None
- The targets and account keys listed at the bottom of the page
- Cisco Webex
- Amazon Web Services (AWS)
Workflow Steps
- Fetch global variables
- Extract the AWS instance ID from the Approval Task
- If a Teams room name was provided, translate it into a room ID
- Make sure we got an instance ID (if not, post an error to webex)
- Check the approval result. If the user selected to leave the instance quarantined or the task expired, do nothing. If they want to remove quarantine:
- Get information about the instance from AWS and extract its security group
- Restore normal SSH access
- Send a Webex notification
Configuration
- Set your AWS region in the
AWS Region
local variable - See this page for information on configuring the workflow for Webex
Targets
Target Group: Default TargetGroup
Target Name | Type | Details | Account Keys | Notes |
---|---|---|---|---|
Amazon Web Services | AWS Endpoint | Region: Your Region | Your AWS Account Key | |
Webex Teams | HTTP Endpoint | Protocol: HTTPS Host: webexapis.com Path: None | None |
Account Keys
Account Key Name | Type | Details | Notes |
---|---|---|---|
Your AWS Account Key | AWS Credentials | Access Key: AWS API Access Key Secret Key: AWS API Secret Key |