Configure PagerDuty for AppFabric
PagerDuty is a Digital Operations Management Platform that helps teams mitigate customer-impacting issues by turning any signal into action so you can resolve issues faster and operate more efficiently. Integrates with CloudWatch, GuardDuty, CloudTrail, and Personal Health Dashboard.
You can use AWS AppFabric for security to receive audit logs and user data from PagerDuty, normalize the data into Open Cybersecurity Schema Framework (OCSF) format, and output the data to an Amazon Simple Storage Service (Amazon S3) bucket or an Amazon Data Firehose stream.
AppFabric support for PagerDuty
AppFabric supports receiving user information and audit logs from PagerDuty.
Prerequisites
To use AppFabric to transfer audit logs from PagerDuty to supported destinations, you must meet the following requirements:
-
To access the audit logs, you must have a PagerDuty Business or Digital Operations plan.
-
You should be a Global Admin or account owner of the PagerDuty account.
Rate limit considerations
PagerDuty imposes rate limits on the PagerDuty API.
For more information about the PagerDuty API rate limits, see REST API Rate Limits
Data delay considerations
You might see up to a 30-minute delay for an audit event to be delivered to your
destination. This is due to delay in audit events made available by the application
as well as due to precautions taken to reduce data loss. However, this might be
customizable at an account-level. For assistance, contact AWS Support
Connecting AppFabric to your PagerDuty account
The PagerDuty platform supports API access keys. To generate an API access key, use the following steps.
Create an API Access Key
AppFabric integrates with PagerDuty using an API Access key for public clients. To create an API access key in PagerDuty, use the following steps:
-
Navigate to the PagerDuty log-in page
and sign in. -
Choose Integrations, API Access Keys.
-
Choose Create New API Key.
-
Enter a description and then select Read-only API Key.
-
Choose Create Key.
-
Copy and save the API key. You'll need this later in AppFabric. If you close the page before saving the API key you must generate a new API key and save it. This key should be dedicated to AppFabric to avoid sharing the PagerDuty API rate limit with your other integrations.
App authorizations
Tenant ID
AppFabric will request your tenant ID. The tenant ID for your PagerDuty account is the base URL of your account. You can find this by logging in to PagerDuty and copying from the address bar of your web browser. The tenant ID should follow one of the following formats:
-
For US accounts,
subdomain
.pagerduty.com -
For EU accounts,
subdomain
.eu.pagerduty.com
Tenant name
Enter a name that identifies this unique PagerDuty organization. AppFabric uses the tenant name to label the app authorizations and any ingestions created from the app authorization.
Service account token
AppFabric will request your service account token. The service account token in AppFabric is the API access key you created in Create an API Access Key.