AWS managedservices documentation change
Summary
Restructured documentation for application-aware incident notifications, adding detailed steps for provisioning AppRegistry, creating tags, customizing case severity, and reviewing required permissions. Enhanced instructions for CloudFormation integration and clarified tag requirements.
Security assessment
The changes focus on improving operational documentation for feature usage rather than addressing a specific security vulnerability. However, the 'Review required permissions' section explicitly documents IAM policy requirements (e.g., appregistry:GetApplication) and SCP considerations, which constitutes security-related guidance.
Diff
diff --git a/managedservices/latest/userguide/app-aware-inc-notifications.md b/managedservices/latest/userguide/app-aware-inc-notifications.md index 505095851..2609c0f90 100644 --- a/managedservices/latest/userguide/app-aware-inc-notifications.md +++ b/managedservices/latest/userguide/app-aware-inc-notifications.md @@ -5 +5 @@ -Case enrichmentAMS communications attributesPermissions +Provision AppRegistry in your AMS account and create applicationsCreate tags to enable case enrichmentCustomize AMS support case severity for your applicationsReview required permissions @@ -9 +9 @@ Case enrichmentAMS communications attributesPermissions -Learn about AMS monitoring defaults. For more information, see [Monitoring and event management in AMS](./monitoring.html). +Use application aware automated incident notifications to customize your communication experience for support cases that AMS creates on your behalf. When you use this feature, AMS retrieves custom workload preferences from [AWS Service Catalog AppRegistry](https://docs.aws.amazon.com/servicecatalog/latest/arguide/intro-app-registry.html) to enrich your AMS incident communications with metadata about your applications and to customize the severity of support cases created by AMS on your behalf. To use this feature, you must first provision AWS Service Catalog AppRegistry in your AMS account. @@ -11 +11 @@ Learn about AMS monitoring defaults. For more information, see [Monitoring and e -Use application-aware automated incident notifications to retrieve custom workload preferences from [AppRegistry](https://docs.aws.amazon.com/servicecatalog/latest/arguide/intro-app-registry.html) and customize your communication experience. AppRegistry lets you enrich your incident communications with metadata we send about the your applications, and customize support case severity based on criticality. +To learn more about AMS monitoring defaults, see [Monitoring and event management in AMS](./monitoring.html). @@ -13 +13 @@ Use application-aware automated incident notifications to retrieve custom worklo -## Case enrichment +## Provision AppRegistry in your AMS account and create applications @@ -15 +15 @@ Use application-aware automated incident notifications to retrieve custom worklo -AMS can retrieve metadata from onboarded applications and enrich the support cases we create on your behalf. In order to do this, you need to: +The AppRegistry service is available in Self-service Provisioning (SSP) mode for your AMS account. For instructions on how to request access, see [Use AMS SSP to provision AWS Service Catalog AppRegistry in your AMS account](https://docs.aws.amazon.com/managedservices/latest/userguide/service-catalog-appregistry.html). @@ -17 +17 @@ AMS can retrieve metadata from onboarded applications and enrich the support cas - 1. Onboard your application to AppRegistry and create applications in AppRegistry. +After provisioning AppRegistry, use one of the following methods to create applications: @@ -19 +19 @@ AMS can retrieve metadata from onboarded applications and enrich the support cas - 2. Tag the applications appropriately. + 1. **AWS console:** To learn more about creating an application in AppRegistry through the AWS console, see [Creating Applications](https://docs.aws.amazon.com/servicecatalog/latest/arguide/create-apps.html) in the _AWS Service Catalog AppRegistry Administrator Guide_. @@ -20,0 +21 @@ AMS can retrieve metadata from onboarded applications and enrich the support cas + 2. **CloudFormation:** You can define your AppRegistry application just like you define any other resource. For more information, see [AWS Service Catalog AppRegistry resource type reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_ServiceCatalogAppRegistry.html) in the _AWS CloudFormation User Guide_. @@ -24 +24,0 @@ AMS can retrieve metadata from onboarded applications and enrich the support cas -### Onboard your application to AppRegistry and create applications @@ -26 +26 @@ AMS can retrieve metadata from onboarded applications and enrich the support cas -The AppRegistry service is available in SSP Mode for your AMS account. For instructions on how to request access to it, see [Use AMS SSP to provision AWS Service Catalog AppRegistry in your AMS account](https://docs.aws.amazon.com/managedservices/latest/userguide/service-catalog-appregistry.html). +## Create tags to enable case enrichment @@ -28,12 +28 @@ The AppRegistry service is available in SSP Mode for your AMS account. For instr -After provisioning AppRegistry, you can start creating applications in two ways: - - 1. AWS console: To learn more about creating an application in AppRegistry through the AWS console, see the AppRegistry documentation [Creating Applications](https://docs.aws.amazon.com/servicecatalog/latest/arguide/create-apps.html) page. - - 2. CloudFormation: You can define your AppRegistry application just like you define any other resources, for more information about this, see the [AWS Service Catalog AppRegistry resource type reference](https://docs.aws.amazon.com/AWSCloudFormation/latest/UserGuide/AWS_ServiceCatalogAppRegistry.html) page. - - - - -#### Required tags - -We require your applications to be tagged properly for us to be able to access its metadata. The required tags are provided in the following table. +You must tag your applications before AMS can access application metadata. The following table lists the required tag. @@ -45 +34 @@ ams-managed | true -## AMS communications attributes +## Customize AMS support case severity for your applications @@ -47 +36 @@ ams-managed | true -You can customize the severity of AMS created support cases by specifying how critical is your application for your organization. This is controlled by an attribute group associated with your application on AppRegistry. The name of the attribute group name must match the following pattern: +You can customize the severity of AMS created support cases by specifying how critical your application is for your organization. This setting is controlled by an attribute group associated with your application in AppRegistry. The name of the attribute group name must match the following pattern: @@ -52 +41 @@ You can customize the severity of AMS created support cases by specifying how cr -Where the <ApplicationName> matches the name used in AppRegistry when creating the application. +In the preceding pattern, the `ApplicationName` must match the name used in AppRegistry when you created the application. @@ -62 +51 @@ Example content: -_SchemaVersion_ +**SchemaVersion** @@ -64 +53 @@ _SchemaVersion_ -This determines what schema version you're using. This determines the subset of features available to use. +This determines the schema version that you're using and the subset of features available to use. @@ -70 +59 @@ Schema version | Feature -_Criticality_ +**Criticality** @@ -72 +61 @@ _Criticality_ -The criticality of this application determines how important it is for your organization. This criticality also determines the severity of the support cases created by the AMS automated systems. +The criticality of this application determines the severity of the support cases created by the AMS automated systems. @@ -79 +68 @@ Valid values: -To understand the severity levels, see [SeverityLevel](https://docs.aws.amazon.com/awssupport/latest/APIReference/API_SeverityLevel.html). +For more information on severity levels, see [SeverityLevel](https://docs.aws.amazon.com/awssupport/latest/APIReference/API_SeverityLevel.html) in the _AWS Support API Reference_. @@ -83 +72 @@ Required: Yes -## Permissions +## Review required permissions @@ -104 +93 @@ To use this feature, AMS requires access to the following AWS Identity and Acces -Make sure that there is not an IAM policy or Service Control Policy that denies the preceding actions. +Make sure that there isn't an IAM policy or service control policy (SCP) that denies the preceding actions. @@ -106 +95 @@ Make sure that there is not an IAM policy or Service Control Policy that denies -The API calls made by the `ams-access-admin` role. Example of what you might see: +The API calls are made by the `ams-access-admin` role. The following is an example of what you might see: