}
}
}
```
For more information about these fields, see [Transforming target input](https://docs.aws.amazon.com/eventbridge/latest/userguide/transform-input.html) in the *Amazon EventBridge User Guide*.
1. Choose **Confirm**.
1. Choose **Next**.
1. Choose **Next**.
1. Choose **Update rule**.
After an OpsItem is created from an event, you can view the event details by opening the OpsItem and scrolling down to the **Private operational data** section. For information about how to configure the options in an OpsItem, see [Manage OpsItems](OpsCenter-working-with-OpsItems.md).
# Configure CloudWatch alarms to create OpsItems
During the integrated setup of OpsCenter, a tool in AWS Systems Manager, you enable Amazon CloudWatch to automatically create OpsItems based on common alarms. You can create an alarm or edit an existing alarm to create OpsItems in OpsCenter.
CloudWatch creates a new service-linked role in AWS Identity and Access Management (IAM) when you configure an alarm to create OpsItems. The new role is named `AWSServiceRoleForCloudWatchAlarms_ActionSSM`. For more information about CloudWatch service-linked roles, see [Using service-linked roles for CloudWatch](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/using-service-linked-roles.html) in the *Amazon CloudWatch User Guide*.
When a CloudWatch alarm generates an OpsItem, the OpsItem displays **CloudWatch alarm - '*alarm\$1name*' is in ALARM state**.
To view details about a specific OpsItem, choose the OpsItem and then choose the **Related resource details** tab. You can manually edit OpsItems to change details, such as the severity or category. However, when you edit the severity or the category of an alarm, Systems Manager can't update the severity or category of OpsItems that are already created from the alarm. If an alarm created an OpsItem and if you specified a deduplication string, the alarm won't create additional OpsItems even if you edit the alarm in CloudWatch. If the OpsItem is resolved in OpsCenter, CloudWatch will create a new OpsItem.
For more information about configuring CloudWatch alarms, see the following topics.
**Topics**
+ [
# Configuring a CloudWatch alarm to create OpsItems (console)
](OpsCenter-creating-or-editing-existing-alarm-console.md)
+ [
# Configuring an existing CloudWatch alarm to create OpsItems (programmatically)
](OpsCenter-configuring-an-existing-alarm-programmatically.md)
# Configuring a CloudWatch alarm to create OpsItems (console)
You can manually create an alarm or update an existing alarm to create OpsItems from Amazon CloudWatch.
**To create a CloudWatch alarm and configure Systems Manager as a target of that alarm**
1. Complete steps 1–9 as specified in [Create a CloudWatch alarm based on a static threshold](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ConsoleAlarms.html) in the *Amazon CloudWatch User Guide*.
1. In the **Systems Manager action ** section, choose **Add Systems Manager OpsCenter action**.
1. Choose **OpsItems**.
1. For **Severity**, choose from 1 to 4.
1. (Optional) For **Category**, choose a category for the OpsItem.
1. Complete steps 11–13 as specified in [Create a CloudWatch alarm based on a static threshold](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/ConsoleAlarms.html) in the *Amazon CloudWatch User Guide*.
1. Choose **Next** and complete the wizard.
**To edit an existing alarm and configure Systems Manager as a target of that alarm**
1. Open the CloudWatch console at [https://console.aws.amazon.com/cloudwatch/](https://console.aws.amazon.com/cloudwatch/).
1. In the navigation pane, choose **Alarms**.
1. Select the alarm, and then choose **Actions**, **Edit**.
1. (Optional) Change settings in the **Metrics** and **Conditions** sections, and then choose **Next**.
1. In the **Systems Manager** section, choose **Add Systems Manager OpsCenter action**.
1. For **Severity**, choose a number.
**Note**
Severity is a user-defined value. You or your organization determine what each severity value means and any service-level agreement associated with each severity.
1. (Optional) For **Category**, choose an option.
1. Choose **Next** and complete the wizard.
# Configuring an existing CloudWatch alarm to create OpsItems (programmatically)
You can configure Amazon CloudWatch alarms to create OpsItems programmatically by using the AWS Command Line Interface (AWS CLI), AWS CloudFormation templates, or Java code snippets.
**Topics**
+ [
## Before you begin
](#OpsCenter-create-OpsItems-from-CloudWatch-Alarms-before-you-begin)
+ [
## Configuring CloudWatch alarms to create OpsItems (AWS CLI)
](#OpsCenter-create-OpsItems-from-CloudWatch-Alarms-manually-configure-cli)
+ [
## Configuring CloudWatch alarms to create or update OpsItems (CloudFormation)
](#OpsCenter-create-OpsItems-from-CloudWatch-Alarms-programmatically-configure-CloudFormation)
+ [
## Configuring CloudWatch alarms to create or update OpsItems (Java)
](#OpsCenter-create-OpsItems-from-CloudWatch-Alarms-programmatically-configure-java)
## Before you begin
If you edit an existing alarm programmatically or create an alarm that creates OpsItems, you must specify an Amazon Resource Name (ARN). This ARN identifies Systems Manager OpsCenter as the target for OpsItems created from the alarm. You can customize the ARN so that OpsItems created from the alarm include specific information such as severity or category. Each ARN includes the information described in the following table.
****
| Parameter | Details |
| --- | --- |
| `Region` (required) | The AWS Region where the alarm exists. For example: `us-west-2`. For information about AWS Regions where you can use OpsCenter, see [AWS Systems Manager endpoints and quotas](https://docs.aws.amazon.com/general/latest/gr/ssm.html). |
| `account_ID` (required) | The same AWS account ID used to create the alarm. For example: `123456789012`. The account ID must be followed by a colon (`:`) and the parameter `opsitem` as shown in the following examples. |
| `severity` (required) | A user-defined severity level for OpsItems created from the alarm. Valid values: `1`, `2`, `3`, `4` |
| `Category`(optional) | A category for OpsItems created from the alarm. Valid values: `Availability`, `Cost`, `Performance`, `Recovery`, and `Security`. |
Create the ARN by using the following syntax. This ARN doesn't include the optional `Category` parameter.
```
arn:aws:ssm:Region:account_ID:opsitem:severity
```
Following is an example.
```
arn:aws:ssm:us-west-2:123456789012:opsitem:3
```
To create an ARN that uses the optional `Category` parameter, use the following syntax.
```
arn:aws:ssm:Region:account_ID:opsitem:severity#CATEGORY=category_name
```
Following is an example.
```
arn:aws:ssm:us-west-2:123456789012:opsitem:3#CATEGORY=Security
```
## Configuring CloudWatch alarms to create OpsItems (AWS CLI)
This command requires that you specify an ARN for the `alarm-actions` parameter. For information about how to create the ARN, see [Before you begin](#OpsCenter-create-OpsItems-from-CloudWatch-Alarms-before-you-begin).
**To configure a CloudWatch alarm to create OpsItems (AWS CLI)**
1. Install and configure the AWS Command Line Interface (AWS CLI), if you haven't already.
For information, see [Installing or updating the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html).
1. Run the following command to collect information about the alarm that you want to configure.
```
aws cloudwatch describe-alarms --alarm-names "alarm name"
```
1. Run the following command to update an alarm. Replace each *example resource placeholder* with your own information.
```
aws cloudwatch put-metric-alarm --alarm-name name \
--alarm-description "description" \
--metric-name name --namespace namespace \
--statistic statistic --period value --threshold value \
--comparison-operator value \
--dimensions "dimensions" --evaluation-periods value \
--alarm-actions arn:aws:ssm:Region:account_ID:opsitem:severity#CATEGORY=category_name \
--unit unit
```
Here's an example.
------
#### [ Linux & macOS ]
```
aws cloudwatch put-metric-alarm --alarm-name cpu-mon \
--alarm-description "Alarm when CPU exceeds 70 percent" \
--metric-name CPUUtilization --namespace AWS/EC2 \
--statistic Average --period 300 --threshold 70 \
--comparison-operator GreaterThanThreshold \
--dimensions "Name=InstanceId,Value=i-12345678" --evaluation-periods 2 \
--alarm-actions arn:aws:ssm:us-east-1:123456789012:opsitem:3#CATEGORY=Security \
--unit Percent
```
------
#### [ Windows ]
```
aws cloudwatch put-metric-alarm --alarm-name cpu-mon ^
--alarm-description "Alarm when CPU exceeds 70 percent" ^
--metric-name CPUUtilization --namespace AWS/EC2 ^
--statistic Average --period 300 --threshold 70 ^
--comparison-operator GreaterThanThreshold ^
--dimensions "Name=InstanceId,Value=i-12345678" --evaluation-periods 2 ^
--alarm-actions arn:aws:ssm:us-east-1:123456789012:opsitem:3#CATEGORY=Security ^
--unit Percent
```
------
## Configuring CloudWatch alarms to create or update OpsItems (CloudFormation)
This section includes AWS CloudFormation templates that you can use to configure CloudWatch alarms to automatically create or update OpsItems. Each template requires that you specify an ARN for the `AlarmActions` parameter. For information about how to create the ARN, see [Before you begin](#OpsCenter-create-OpsItems-from-CloudWatch-Alarms-before-you-begin).
**Metric alarm** – Use the following CloudFormation template to create or update a CloudWatch metric alarm. The alarm specified in this template monitors Amazon Elastic Compute Cloud (Amazon EC2) instance status checks. If the alarm enters the `ALARM` state, it creates an OpsItem in OpsCenter.
```
{
"AWSTemplateFormatVersion": "2010-09-09",
"Parameters" : {
"RecoveryInstance" : {
"Description" : "The EC2 instance ID to associate this alarm with.",
"Type" : "AWS::EC2::Instance::Id"
}
},
"Resources": {
"RecoveryTestAlarm": {
"Type": "AWS::CloudWatch::Alarm",
"Properties": {
"AlarmDescription": "Run a recovery action when instance status check fails for 15 consecutive minutes.",
"Namespace": "AWS/EC2" ,
"MetricName": "StatusCheckFailed_System",
"Statistic": "Minimum",
"Period": "60",
"EvaluationPeriods": "15",
"ComparisonOperator": "GreaterThanThreshold",
"Threshold": "0",
"AlarmActions": [ {"Fn::Join" : ["", ["arn:arn:aws:ssm:Region:account_ID:opsitem:severity#CATEGORY=category_name", { "Ref" : "AWS::Partition" }, ":ssm:", { "Ref" : "AWS::Region" }, { "Ref" : "AWS:: AccountId" }, ":opsitem:3" ]]} ],
"Dimensions": [{"Name": "InstanceId","Value": {"Ref": "RecoveryInstance"}}]
}
}
}
}
```
**Composite alarm** – Use the following CloudFormation template to create or update a composite alarm. A composite alarm consists of multiple metric alarms. If the alarm enters the `ALARM` state, it creates an OpsItem in OpsCenter.
```
"Resources":{
"HighResourceUsage":{
"Type":"AWS::CloudWatch::CompositeAlarm",
"Properties":{
"AlarmName":"HighResourceUsage",
"AlarmRule":"(ALARM(HighCPUUsage) OR ALARM(HighMemoryUsage)) AND NOT ALARM(DeploymentInProgress)",
"AlarmActions":"arn:aws:ssm:Region:account_ID:opsitem:severity#CATEGORY=category_name",
"AlarmDescription":"Indicates that the system resource usage is high while no known deployment is in progress"
},
"DependsOn":[
"DeploymentInProgress",
"HighCPUUsage",
"HighMemoryUsage"
]
},
"DeploymentInProgress":{
"Type":"AWS::CloudWatch::CompositeAlarm",
"Properties":{
"AlarmName":"DeploymentInProgress",
"AlarmRule":"FALSE",
"AlarmDescription":"Manually updated to TRUE/FALSE to disable other alarms"
}
},
"HighCPUUsage":{
"Type":"AWS::CloudWatch::Alarm",
"Properties":{
"AlarmDescription":"CPUusageishigh",
"AlarmName":"HighCPUUsage",
"ComparisonOperator":"GreaterThanThreshold",
"EvaluationPeriods":1,
"MetricName":"CPUUsage",
"Namespace":"CustomNamespace",
"Period":60,
"Statistic":"Average",
"Threshold":70,
"TreatMissingData":"notBreaching"
}
},
"HighMemoryUsage":{
"Type":"AWS::CloudWatch::Alarm",
"Properties":{
"AlarmDescription":"Memoryusageishigh",
"AlarmName":"HighMemoryUsage",
"ComparisonOperator":"GreaterThanThreshold",
"EvaluationPeriods":1,
"MetricName":"MemoryUsage",
"Namespace":"CustomNamespace",
"Period":60,
"Statistic":"Average",
"Threshold":65,
"TreatMissingData":"breaching"
}
}
}
```
## Configuring CloudWatch alarms to create or update OpsItems (Java)
This section includes Java code snippets that you can use to configure CloudWatch alarms to automatically create or update OpsItems. Each snippet requires that you specify an ARN for the `validSsmActionStr` parameter. For information about how to create the ARN, see [Before you begin](#OpsCenter-create-OpsItems-from-CloudWatch-Alarms-before-you-begin).
**A specific alarm** – Use the following Java code snippet to create or update a CloudWatch alarm. The alarm specified in this template monitors Amazon EC2 instance status checks. If the alarm enters the `ALARM` state, it creates an OpsItem in OpsCenter.
```
import com.amazonaws.services.cloudwatch.AmazonCloudWatch;
import com.amazonaws.services.cloudwatch.AmazonCloudWatchClientBuilder;
import com.amazonaws.services.cloudwatch.model.ComparisonOperator;
import com.amazonaws.services.cloudwatch.model.Dimension;
import com.amazonaws.services.cloudwatch.model.PutMetricAlarmRequest;
import com.amazonaws.services.cloudwatch.model.PutMetricAlarmResult;
import com.amazonaws.services.cloudwatch.model.StandardUnit;
import com.amazonaws.services.cloudwatch.model.Statistic;
private void putMetricAlarmWithSsmAction() {
final AmazonCloudWatch cw =
AmazonCloudWatchClientBuilder.defaultClient();
Dimension dimension = new Dimension()
.withName("InstanceId")
.withValue(instanceId);
String validSsmActionStr = "arn:aws:ssm:Region:account_ID:opsitem:severity#CATEGORY=category_name";
PutMetricAlarmRequest request = new PutMetricAlarmRequest()
.withAlarmName(alarmName)
.withComparisonOperator(
ComparisonOperator.GreaterThanThreshold)
.withEvaluationPeriods(1)
.withMetricName("CPUUtilization")
.withNamespace("AWS/EC2")
.withPeriod(60)
.withStatistic(Statistic.Average)
.withThreshold(70.0)
.withActionsEnabled(false)
.withAlarmDescription(
"Alarm when server CPU utilization exceeds 70%")
.withUnit(StandardUnit.Seconds)
.withDimensions(dimension)
.withAlarmActions(validSsmActionStr);
PutMetricAlarmResult response = cw.putMetricAlarm(request);
}
```
**Update all alarms** – Use the following Java code snippet to update all CloudWatch alarms in your AWS account to create OpsItems when an alarm enters the `ALARM` state.
```
import com.amazonaws.services.cloudwatch.AmazonCloudWatch;
import com.amazonaws.services.cloudwatch.AmazonCloudWatchClientBuilder;
import com.amazonaws.services.cloudwatch.model.DescribeAlarmsRequest;
import com.amazonaws.services.cloudwatch.model.DescribeAlarmsResult;
import com.amazonaws.services.cloudwatch.model.MetricAlarm;
private void listMetricAlarmsAndAddSsmAction() {
final AmazonCloudWatch cw = AmazonCloudWatchClientBuilder.defaultClient();
boolean done = false;
DescribeAlarmsRequest request = new DescribeAlarmsRequest();
String validSsmActionStr = "arn:aws:ssm:Region:account_ID:opsitem:severity#CATEGORY=category_name";
while(!done) {
DescribeAlarmsResult response = cw.describeAlarms(request);
for(MetricAlarm alarm : response.getMetricAlarms()) {
// assuming there are no alarm actions added for the metric alarm
alarm.setAlarmActions(ImmutableList.of(validSsmActionStr));
}
request.setNextToken(response.getNextToken());
if(response.getNextToken() == null) {
done = true;
}
}
}
```
# Create OpsItems manually
When you find an operational issue, you can manually create an OpsItem from OpsCenter, a tool in AWS Systems Manager, to manage and resolve the issue.
If you set up OpsCenter for cross-account administration, a Systems Manager delegated administrator or AWS Organizations management account can create OpsItems for member accounts. For more information, see [(Optional) Manually set up OpsCenter to centrally manage OpsItems across accounts](OpsCenter-getting-started-multiple-accounts.md).
You can create OpsItems by using the AWS Systems Manager console, the AWS Command Line Interface (AWS CLI), or AWS Tools for Windows PowerShell.
**Topics**
+ [
# Creating OpsItems manually (console)
](OpsCenter-creating-OpsItems-console.md)
+ [
# Creating OpsItems manually (AWS CLI)
](OpsCenter-creating-OpsItems-CLI.md)
+ [
# Creating OpsItems manually (PowerShell)
](OpsCenter-creating-OpsItems-Powershell.md)
# Creating OpsItems manually (console)
You can manually create OpsItems using the AWS Systems Manager console. When you create an OpsItem, it's displayed in your OpsCenter account. If you set up OpsCenter for cross-account administration, OpsCenter provides the delegated administrator or management account with the option to create OpsItems for selected member accounts. For more information, see [(Optional) Manually set up OpsCenter to centrally manage OpsItems across accounts](OpsCenter-getting-started-multiple-accounts.md).
**To create an OpsItem using the AWS Systems Manager console**
1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).
1. In the navigation pane, choose **OpsCenter**.
1. Choose **Create OpsItem**. If you don't see this button, choose the **OpsItems** tab, and then choose **Create OpsItem**.
1. (Optional) Choose **Other account**, and then choose the account where you want to create the OpsItem.
**Note**
This step is required if you're creating OpsItems for a member account.
1. For **Title**, enter a descriptive name to help you understand the purpose of the OpsItem.
1. For **Source**, enter the type of impacted AWS resource or other source information to help users understand the origin of the OpsItem.
**Note**
You can't edit the **Source** field after you create the OpsItem.
1. (Optional) For **Priority**, choose the priority level.
1. (Optional) For **Severity**, choose the severity level.
1. (Optional) For **Category**, choose a category.
1. For **Description**, enter information about this OpsItem including (if applicable) steps for reproducing the issue.
**Note**
The console supports most markdown formatting in the OpsItem description field. For more information, see [Using Markdown in the Console](https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/aws-markdown.html) in the *Getting Started with the AWS Management Console Getting Started Guide.*
1. For **Deduplication string**, enter words that the system can use to check for duplicate OpsItems. For more information about deduplication strings, see [Managing duplicate OpsItems](OpsCenter-working-deduplication.md).
1. (Optional) For **Notifications**, specify the Amazon Resource Name (ARN) of the Amazon SNS topic where you want notifications sent when this OpsItem is updated. You must specify an Amazon SNS ARN that is in the same AWS Region as the OpsItem.
1. (Optional) For **Related resources**, choose **Add** to specify the ID or ARN of the impacted resource and any related resources.
1. Choose **Create OpsItem**.
If successful, the page displays the OpsItem. When a delegated administrator or management account creates an OpsItem for selected member accounts, the new OpsItems are displayed in the OpsCenter of the administrator and members accounts. For information about how to configure the options in an OpsItem, see [Manage OpsItems](OpsCenter-working-with-OpsItems.md).
# Creating OpsItems manually (AWS CLI)
The following procedure describes how to create an OpsItem by using the AWS Command Line Interface (AWS CLI).
**To create an OpsItem using the AWS CLI**
1. Install and configure the AWS Command Line Interface (AWS CLI), if you haven't already.
For information, see [Installing or updating the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html).
1. Open the AWS CLI and run the following command to create an OpsItem. Replace each *example resource placeholder* with your own information.
```
aws ssm create-ops-item \
--title "Descriptive_title" \
--description "Information_about_the_issue" \
--priority Number_between_1_and_5 \
--source Source_of_the_issue \
--operational-data Up_to_20_KB_of_data_or_path_to_JSON_file \
--notifications Arn="SNS_ARN_in_same_Region" \
--tags "Key=key_name,Value=a_value"
```
**Specify operational data from a file**
When you create an OpsItem, you can specify operational data from a file. The file must be a JSON file, and the contents of the file must use the following format.
```
{
"key_name": {
"Type": "SearchableString",
"Value": "Up to 20 KB of data"
}
}
```
Here is an example.
```
aws ssm create-ops-item ^
--title "EC2 instance disk full" ^
--description "Log clean up may have failed which caused the disk to be full" ^
--priority 2 ^
--source ec2 ^
--operational-data file:///Users/TestUser1/Desktop/OpsItems/opsData.json ^
--notifications Arn="arn:aws:sns:us-west-1:12345678:TestUser1" ^
--tags "Key=EC2,Value=Production"
```
**Note**
For information about how to enter JSON-formatted parameters on the command line on different local operating systems, see [Using quotation marks with strings in the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/cli-usage-parameters-quoting-strings.html) in the *AWS Command Line Interface User Guide*.
The system returns information like the following.
```
{
"OpsItemId": "oi-1a2b3c4d5e6f"
}
```
1. Run the following command to view details about the OpsItem that you created.
```
aws ssm get-ops-item --ops-item-id ID
```
The system returns information like the following.
```
{
"OpsItem": {
"CreatedBy": "arn:aws:iam::12345678:user/TestUser",
"CreatedTime": 1558386334.995,
"Description": "Log clean up may have failed which caused the disk to be full",
"LastModifiedBy": "arn:aws:iam::12345678:user/TestUser",
"LastModifiedTime": 1558386334.995,
"Notifications": [
{
"Arn": "arn:aws:sns:us-west-1:12345678:TestUser"
}
],
"Priority": 2,
"RelatedOpsItems": [],
"Status": "Open",
"OpsItemId": "oi-1a2b3c4d5e6f",
"Title": "EC2 instance disk full",
"Source": "ec2",
"OperationalData": {
"EC2": {
"Value": "12345",
"Type": "SearchableString"
}
}
}
}
```
1. Run the following command to update the OpsItem. This command changes the status from `Open` (the default) to `InProgress`.
```
aws ssm update-ops-item --ops-item-id ID --status InProgress
```
The command has no output.
1. Run the following command again to verify that the status changed to `InProgress`.
```
aws ssm get-ops-item --ops-item-id ID
```
## Examples of creating an OpsItem
The following code examples show you how to create an OpsItem by using the Linux management portal, macOS, or Windows Server.
**Linux management portal or macOS**
The following command creates an OpsItem when an Amazon Elastic Compute Cloud (Amazon EC2) instance disk is full.
```
aws ssm create-ops-item \
--title "EC2 instance disk full" \
--description "Log clean up may have failed which caused the disk to be full" \
--priority 2 \
--source ec2 \
--operational-data '{"EC2":{"Value":"12345","Type":"SearchableString"}}' \
--notifications Arn="arn:aws:sns:us-west-1:12345678:TestUser1" \
--tags "Key=EC2,Value=ProductionServers"
```
The following command uses the `/aws/resources` key in `OperationalData` to create an OpsItem with an Amazon DynamoDB related resource.
```
aws ssm create-ops-item \
--title "EC2 instance disk full" \
--description "Log clean up may have failed which caused the disk to be full" \
--priority 2 \
--source ec2 \
--operational-data '{"/aws/resources":{"Value":"[{\"arn\": \"arn:aws:dynamodb:us-west-2:12345678:table/OpsItems\"}]","Type":"SearchableString"}}' \
--notifications Arn="arn:aws:sns:us-west-2:12345678:TestUser"
```
The following command uses the `/aws/automations` key in `OperationalData` to create an OpsItem that specifies the `AWS-ASGEnterStandby` document as an associated Automation runbook.
```
aws ssm create-ops-item \
--title "EC2 instance disk full" \
--description "Log clean up may have failed which caused the disk to be full" \
--priority 2 \
--source ec2 \
--operational-data '{"/aws/automations":{"Value":"[{\"automationId\": \"AWS-ASGEnterStandby\", \"automationType\": \"AWS::SSM::Automation\"}]","Type":"SearchableString"}}' \
--notifications Arn="arn:aws:sns:us-west-2:12345678:TestUser"
```
**Windows**
The following command creates an OpsItem when an Amazon Relational Database Service (Amazon RDS) instance is not responding.
```
aws ssm create-ops-item ^
--title "RDS instance not responding" ^
--description "RDS instance not responding to ping" ^
--priority 1 ^
--source RDS ^
--operational-data={\"RDS\":{\"Value\":\"abcd\",\"Type\":\"SearchableString\"}} ^
--notifications Arn="arn:aws:sns:us-west-1:12345678:TestUser1" ^
--tags "Key=RDS,Value=ProductionServers"
```
The following command uses the `/aws/resources` key in `OperationalData` to create an OpsItem with an Amazon EC2 instance related resource.
```
aws ssm create-ops-item ^
--title "EC2 instance disk full" ^
--description "Log clean up may have failed which caused the disk to be full" ^
--priority 2 ^
--source ec2 ^
--operational-data={\"/aws/resources\":{\"Value\":\"[{\\"""arn\\""":\\"""arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0\\"""}]\",\"Type\":\"SearchableString\"}}
```
The following command uses the `/aws/automations` key in `OperationalData` to create an OpsItem that specifies the `AWS-RestartEC2Instance` runbook as an associated Automation runbook.
```
aws ssm create-ops-item ^
--title "EC2 instance disk full" ^
--description "Log clean up may have failed which caused the disk to be full" ^
--priority 2 ^
--source ec2 ^
--operational-data={\"/aws/automations\":{\"Value\":\"[{\\"""automationId\\""":\\"""AWS-RestartEC2Instance\\”"",\\"""automationType\\""":\\"""AWS::SSM::Automation\\"""}]\",\"Type\":\"SearchableString\"}}
```
# Creating OpsItems manually (PowerShell)
The following procedure describes how to create an OpsItem by using AWS Tools for Windows PowerShell.
**To create an OpsItem using AWS Tools for Windows PowerShell**
1. Open AWS Tools for Windows PowerShell and run the following command to specify your credentials.
```
Set-AWSCredentials –AccessKey key-name –SecretKey key-name
```
1. Run the following command to set the AWS Region for your PowerShell session.
```
Set-DefaultAWSRegion -Region Region
```
1. Run the following command to create a new OpsItem. Replace each *example resource placeholder* with your own information. This command specifies a Systems Manager Automation runbook for remediating this OpsItem.
```
$opsItem = New-Object Amazon.SimpleSystemsManagement.Model.OpsItemDataValue
$opsItem.Type = [Amazon.SimpleSystemsManagement.OpsItemDataType]::SearchableString
$opsItem.Value = '[{\"automationId\":\"runbook_name\",\"automationType\":\"AWS::SSM::Automation\"}]'
$newHash = @{" /aws/automations"=[Amazon.SimpleSystemsManagement.Model.OpsItemDataValue]$opsItem}
New-SSMOpsItem `
-Title "title" `
-Description "description" `
-Priority priority_number `
-Source AWS_service `
-OperationalData $newHash
```
If successful, the command outputs the ID of the new OpsItem.
The following example specifies the Amazon Resource Name (ARN) of an impaired Amazon Elastic Compute Cloud (Amazon EC2) instance.
```
$opsItem = New-Object Amazon.SimpleSystemsManagement.Model.OpsItemDataValue
$opsItem.Type = [Amazon.SimpleSystemsManagement.OpsItemDataType]::SearchableString
$opsItem.Value = '[{\"arn\":\"arn:aws:ec2:us-east-1:123456789012:instance/i-1234567890abcdef0\"}]'
$newHash = @{" /aws/resources"=[Amazon.SimpleSystemsManagement.Model.OpsItemDataValue]$opsItem}
New-SSMOpsItem -Title "EC2 instance disk full still" -Description "Log clean up may have failed which caused the disk to be full" -Priority 2 -Source ec2 -OperationalData $newHash
```
# Manage OpsItems
OpsCenter, a tool in AWS Systems Manager, tracks OpsItems from their creation to resolution. If you set up OpsCenter for cross-account administration, a delegated administrator or management account can manage OpsItems from their account. For more information, see [(Optional) Manually set up OpsCenter to centrally manage OpsItems across accounts](OpsCenter-getting-started-multiple-accounts.md).
You can view and manage OpsItems by using the following pages in the Systems Manager console:
+ **Summary** – Displays a count of open and in-progress OpsItems, count of OpsItems by source and age, and operational insights. You can filter OpsItems by source and OpsItems status.
+ **OpsItems** – Displays a list of OpsItems with multiple fields of information, such as title, ID, priority, description, the source of the OpsItem, and the date and time of last update. Using this page, you can manually create OpsItems, configure sources, change the status of an OpsItem, and filter OpsItems by new incidents. You can choose an OpsItem to display its **OpsItems details** page.
+ **OpsItem details** – Provides detailed insights and tools that you can use to manage an OpsItem. The OpsItems details page has the following tabs:
+ **Overview** – Displays related resources, runbooks that ran in the last 30 days, and a list of available runbooks that you can run. You can also view similar OpsItems, add operational data, and add related OpsItems.
+ **Related resource details** – Displays information about the resource from several AWS services. Expand the **Resource details** section to view information about this resource as provided by the AWS service that hosts it. You can also toggle through other related resources associated with this OpsItem by using the **Related resources** list.
For more information about how to manage OpsItems, see the following topics.
**Topics**
+ [
# Viewing details of an OpsItem
](OpsCenter-working-with-OpsItems-viewing-details.md)
+ [
# Editing an OpsItem
](OpsCenter-working-with-OpsItems-editing-details.md)
+ [
# Adding related resources to an OpsItem
](OpsCenter-working-with-OpsItems-adding-related-resources.md)
+ [
# Adding related OpsItems to an OpsItem
](OpsCenter-working-with-OpsItems-adding-related-OpsItems.md)
+ [
# Adding operational data to an OpsItem
](OpsCenter-working-with-OpsItems-adding-operational-data.md)
+ [
# Creating an incident for an OpsItem
](OpsCenter-working-with-OpsItems-create-an-incident.md)
+ [
# Managing duplicate OpsItems
](OpsCenter-working-deduplication.md)
+ [
# Analyzing operational insights to reduce OpsItems
](OpsCenter-working-operational-insights.md)
+ [
# Viewing OpsCenter logs and reports
](OpsCenter-logging-auditing.md)
# Viewing details of an OpsItem
To get a comprehensive view of an OpsItem, use the **OpsItem details** page in the OpsCenter console. The **Overview** page displays the following information:
+ **OpsItems details**– Displays general information for the selected OpsItem.
+ **Related Resources** – A related resource is the impacted resource or the resource that initiated the event that created the OpsItem.
+ **Automation executions in the last 30 days ** – A list of runbooks that ran in last 30 days.
+ **Runbooks** – You can choose a runbook from a list of available runbooks.
+ **Similar OpsItems** – This is a system-generated list of OpsItems that might be related or of interest to you. To generate the list, the system scans the titles and descriptions of all OpsItems and returns OpsItems that use similar words.
+ **Operational data** – Operational data is custom data that provides useful reference details about the OpsItem. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data.
+ **Related OpsItems** – You can specify the IDs of OpsItems that are in some way related to the current OpsItem.
+ **Related Resource Details** – Displays data providers, including Amazon CloudWatch metrics and alarms, AWS CloudTrail logs, and details from AWS Config.
**To view details of an OpsItem**
1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).
1. In the navigation pane, choose **OpsCenter**.
1. Choose an OpsItem to view its details.
# Editing an OpsItem
The **OpsItem details** section includes information about an OpsItem,
including the description, title, source, OpsItem ID, and the status.
You can edit a single OpsItem or you can select multiple OpsItems and edit the
following fields: **Status**, **Priority**,
**Severity**, **Category**.
When Amazon EventBridge creates an OpsItem, it populates the **Title**, **Source**, and **Description** fields. You can edit the **Title** and **Description** fields, but you can't edit the **Source** field.
**Note**
The console supports most markdown formatting in the OpsItem description field. For more information, see [Using Markdown in the Console](https://docs.aws.amazon.com/awsconsolehelpdocs/latest/gsg/aws-markdown.html) in the *Getting Started with the AWS Management Console Getting Started Guide.*
Generally, you can edit the following configurable data for an OpsItem:
+ **Title** – Name of the OpsItem. The source creates the title of the OpsItem.
+ **Description** – Information about this OpsItem including (if applicable) steps for reproducing the issue.
+ **Status** – Status of an OpsItem. For a list of valid status values, see [OpsItem Status](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_OpsItem.html#systemsmanager-Type-OpsItem-Status) in the *AWS Systems Manager API Reference*.
+ **Priority** – Priority of an OpsItem can be between 1 and 5. We recommend that your organization determine what each priority level means and a corresponding service level agreement for each level.
+ **Severity** – Severity of an OpsItem can be between 1 to 4, where 1 is critical, 2 is high, 3 is medium, and 4 is low.
+ **Category** – Category of an OpsItem can be availability, cost, performance, recovery, or security.
+ **Notifications** – When you edit an OpsItem, you can specify the Amazon Resource Name (ARN) of an Amazon Simple Notification Service topic in the **Notifications** field. By specifying an ARN, you ensure that all stakeholders receive a notification when the OpsItem is edited, including a status change. For more information, see the [https://docs.aws.amazon.com/sns/latest/dg/](https://docs.aws.amazon.com/sns/latest/dg/).
**Important**
The Amazon SNS topic must exist in the same AWS Region as the OpsItem. If the topic and the OpsItem are in different Regions, the system returns an error.
OpsCenter has bidirectional integration with AWS Security Hub CSPM. When you update an OpsItem status and severity related to a security finding, those changes are automatically sent to Security Hub CSPM to ensure you always see the latest and correct information.
When an OpsItem is created from a Security Hub CSPM finding, Security Hub CSPM metadata is automatically added to the operational data field of the OpsItem. If this metadata is deleted, the bidirectional updates no longer function.
**To edit OpsItem details**
1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).
1. In the navigation pane, choose **OpsCenter**.
1. Choose an OpsItem ID to open the details page or choose multiple OpsItems. If you choose multiple OpsItems, you can only edit the status, priority, severity, or category. If you edit multiple OpsItems, OpsCenter updates and saves your changes as soon as you choose the new status, priority, severity, or category.
1. In the **OpsItem details** section, choose **Edit**.
1. Edit the details of the OpsItem according to the requirements and guidelines specified by your organization.
1. When you're finished, choose **Save**.
# Adding related resources to an OpsItem
Each OpsItem includes a **Related resources** section that lists the Amazon Resource Name (ARN) of the related resource. A *related resource* is the impacted AWS resource that needs to be investigated.
If Amazon EventBridge creates the OpsItem, the system automatically populates the OpsItem with the ARN of the resource. You can manually specify ARNs of related resources. For certain ARN types, OpsCenter automatically creates a deep link that displays details about the resource directly in the OpsCenter console. For example, if you specify the ARN of an Amazon Elastic Compute Cloud (Amazon EC2) instance as a related resource, then OpsCenter pulls in details about that EC2 instance. This allows you to view detailed information about your impacted AWS resources without having to leave OpsCenter.
**To view and add related resources to an OpsItem**
1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).
1. In the navigation pane, choose **OpsCenter**.
1. Choose the **OpsItems** tab.
1. Choose an OpsItem ID.
![\[A new OpsItem on the OpsCenter Overview page.\]](http://docs.aws.amazon.com/systems-manager/latest/userguide/images/OpsItems_working_scenario_1.png)
1. To view information about the impacted resource, choose the **Related resources details** tab.
![\[Viewing the Related resource details tab for an OpsItem.\]](http://docs.aws.amazon.com/systems-manager/latest/userguide/images/OpsItems_working_scenario_1_5.png)
This tab displays information about the resource from several AWS services. Expand the **Resource details** section to view information about this resource as provided by the AWS service that hosts it. You can also toggle through other related resources associated with this OpsItem by using the **Related resources** list.
1. To add additional related resources, choose the **Overview** tab.
1. In the **Related resources** section, choose **Add**.
1. For **Resource type**, choose a resource from the list.
1. For **Resource ID**, enter either the ID or the Amazon Resource Name (ARN). The type of information you choose depends on the resource that you chose in the previous step.
**Note**
You can manually add the ARNs of additional related resources. Each OpsItem can list a maximum of 100 related resource ARNs.
The following table lists the resource types that automatically create deep links to related resources.
**Supported resource types**
| Resource name | ARN format |
| --- | --- |
| AWS Certificate Manager certificate | arn:aws:acm:region:account-id:certificate/certificate-id
|
| Amazon EC2 Auto Scaling group | arn:aws:autoscaling:region:account-id:autoScalingGroup:groupid:autoScalingGroupName/groupfriendlyname
|
| Amazon CloudFront distribution | arn:aws:cloudfront::account-id:*
|
| AWS CloudFormation stack | arn:aws:cloudformation:region:account-id:stack/stackname/additionalidentifier
|
| Amazon CloudWatch alarm | arn:aws:cloudwatch:region:account-id:alarm:alarm-name
|
| AWS CloudTrail trail | arn:aws:cloudtrail:region:account-id:trail/trailname
|
| AWS CodeBuild project | arn:aws:codebuild:region:account-id:resourcetype/resource
|
| AWS CodePipeline | arn:aws:codepipeline:region:account-id:resource-specifier
|
| Amazon DevOps Guru insight | arn:aws:devops-guru:region:account-id:insight/proactive or reactive/resource-id
|
| Amazon DynamoDB table | arn:aws:dynamodb:region:account-id:table/tablename
|
| Amazon Elastic Compute Cloud (Amazon EC2) customer gateway | arn:aws:ec2:region:account-id:customer-gateway/cgw-id
|
| Amazon EC2 elastic IP | arn:aws:ec2:region:account-id:eip/eipalloc-id
|
| Amazon EC2 Dedicated Host | arn:aws:ec2:region:account-id:dedicated-host/host-id
|
| Amazon EC2 instance | arn:aws:ec2:region:account-id:instance/instance-id
|
| Amazon EC2 internet gateway | arn:aws:ec2:region:account-id:internet-gateway/igw-id
|
| Amazon EC2 network access control list (network ACL) | arn:aws:ec2:region:account-id:network-acl/nacl-id
|
| Amazon EC2 network interface | arn:aws:ec2:region:account-id:network-interface/eni-id
|
| Amazon EC2 route table | arn:aws:ec2:region:account-id:route-table/route-table-id
|
| Amazon EC2 security group | arn:aws:ec2:region:account-id:security-group/security-group-id
|
| Amazon EC2 subnet | arn:aws:ec2:region:account-id:subnet/subnet-id
|
| Amazon EC2 volume | arn:aws:ec2:region:account-id:volume/volume-id
|
| Amazon EC2 VPC | arn:aws:ec2:region:account-id:vpc/vpc-id
|
| Amazon EC2 VPN connection | arn:aws:ec2:region:account-id:vpn-connection/vpn-id
|
| Amazon EC2 VPN gateway | arn:aws:ec2:region:account-id:vpn-gateway/vgw-id
|
| AWS Elastic Beanstalk application | arn:aws:elasticbeanstalk:region:account-id:application/applicationname
|
| Elastic Load Balancing (Classic Load Balancer) | arn:aws:elasticloadbalancing:region:account-id:loadbalancer/name
|
| Elastic Load Balancing (Application Load Balancer) | arn:aws:elasticloadbalancing:region:account-id:loadbalancer/app/load-balancer-name/load-balancer-id
|
| Elastic Load Balancing (Network Load Balancer) | arn:aws:elasticloadbalancing:region:account-id:loadbalancer/net/load-balancer-name/load-balancer-id
|
| AWS Identity and Access Management (IAM) group | arn:aws:iam::account-id:group/group-name
|
| IAM policy | arn:aws:iam::account-id:policy/policy-name
|
| IAM role | arn:aws:iam::account-id:role/role-name
|
| IAM user | arn:aws:iam::account-id:user/user-name
|
| AWS Lambda function | arn:aws:lambda:region:account-id:function:function-name
|
| Amazon Relational Database Service (Amazon RDS) cluster | arn:aws:rds:region:account-id:cluster:db-cluster-name
|
| Amazon RDS database instance | arn:aws:rds:region:account-id:db:db-instance-name
|
| Amazon RDS subscription | arn:aws:rds:region:account-id:es:subscription-name
|
| Amazon RDS security group | arn:aws:rds:region:account-id:secgrp:security-group-name
|
| Amazon RDS cluster snapshot | arn:aws:rds:region:account-id:cluster-snapshot:cluster-snapshot-name
|
| Amazon RDS subnet group | arn:aws:rds:region:account-id:subgrp:subnet-group-name
|
| Amazon Redshift cluster | arn:aws:redshift:region:account-id:cluster:cluster-name
|
| Amazon Redshift parameter group | arn:aws:redshift:region:account-id:parametergroup:parameter-group-name
|
| Amazon Redshift security group | arn:aws:redshift:region:account-id:securitygroup:security-group-name
|
| Amazon Redshift cluster snapshot | arn:aws:redshift:region:account-id:snapshot:cluster-name/snapshot-name
|
| Amazon Redshift subnet group | arn:aws:redshift:region:account-id:subnetgroup:subnet-group-name
|
| Amazon Simple Storage Service (Amazon S3) bucket | arn:aws:s3:::bucket_name
|
| AWS Config recording of AWS Systems Manager managed node inventory | arn:aws:ssm:region:account-id:managed-instance-inventory/node_id
|
| Systems Manager State Manager association | arn:aws:ssm:region:account-id:association/association_ID
|
# Adding related OpsItems to an OpsItem
By using **Related OpsItems** of the **OpsItems Details** page, you can investigate operations issues and provide context for an issue. OpsItems can be related in different ways, including a parent-child relationship between OpsItems, a root cause, or a duplicate. You can associate one OpsItem with another to display it in the **Related OpsItem** section.You can specify a maximum of 10 IDs for other OpsItems that are related to the current OpsItem.
![\[Viewing related OpsItems.\]](http://docs.aws.amazon.com/systems-manager/latest/userguide/images/OpsItems_working_scenario_4.png)
**To add a related OpsItem**
1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).
1. In the navigation pane, choose **OpsCenter**.
1. Choose an OpsItem ID to open the details page.
1. In the **Related OpsItem** section, choose **Add**.
1. For **OpsItem ID**, specify an ID.
1. Choose **Add**.
# Adding operational data to an OpsItem
Operational data is custom data that provides useful reference details about an OpsItem. You can enter multiple key-value pairs of operational data. For example, you can specify log files, error strings, license keys, troubleshooting tips, or other relevant data. The maximum length of the key can be 128 characters, and the maximum size of the value can be 20 KB.
![\[Viewing operational data for an OpsItem.\]](http://docs.aws.amazon.com/systems-manager/latest/userguide/images/OpsItems_working_scenario_7.png)
You can make the data searchable by other users in the account, or you can restrict search access. Searchable data means that all users with access to the OpsItem **Overview** page (as provided by the [DescribeOpsItems](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DescribeOpsItems.html) API operation) can view and search on the specified data. Operational data that isn't searchable is only viewable by users who have access to the OpsItem (as provided by the [GetOpsItem](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetOpsItem.html) API operation).
**To add operational data to an OpsItem**
1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).
1. In the navigation pane, choose **OpsCenter**.
1. Choose an OpsItem ID to open its details page.
1. Expand **Operational data**.
1. If no operational data exists for the OpsItem, choose **Add**. If operational data already exists for the OpsItem, choose **Manage**.
After you create operational data, you can edit the key and the value, remove the operational data, or add additional key-value pairs by choosing **Manage**.
1. For **Key**, specify a word or words to help users understand the purpose of the data.
**Important**
Operational data keys *can't* begin with the following: `amazon`, `aws`, `amzn`, `ssm`, `/amazon`, `/aws`, `/amzn`, `/ssm`.
1. For **Value**, specify the data.
1. Choose **Save**.
**Note**
You can filter OpsItems by using the **Operational data** operator on the **OpsItems** page. In the **Search** box, choose **Operational data**, and then enter a key-value pair in JSON. You must enter the key-value pair by using the following format: `{"key":"key_name","value":"a_value"}`
# Creating an incident for an OpsItem
Use the following procedure to manually create an incident for an OpsItem to track and manage it in AWS Systems Manager Incident Manager, which is a tool in AWS Systems Manager. An *incident* is any unplanned interruption or reduction in quality of services. For more information about Incident Manager, see [Integrate OpsCenter with other AWS services](OpsCenter-applications-that-integrate.md).
**To manually create an incident for an OpsItem**
1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).
1. In the navigation pane, choose **OpsCenter**.
1. If Incident Manager created an OpsItem for you, choose it and go to step 5. If not, choose **Create OpsItem** and complete the form. If you don't see this button, choose the **OpsItems** tab, and then choose **Create OpsItem**.
1. If you created an OpsItem, open it.
1. Choose **Start Incident**.
1. For **Response plan**, choose the Incident Manager response plan that you want to assign to this incident.
1. (Optional) For **Title**, enter a descriptive name to help other team members understand the nature of the incident. If you don't enter a new title, OpsCenter creates the OpsItem and the corresponding incident in Incident Manager using the title in the response plan.
1. (Optional) For **Incident impact**, choose an impact level for this incident. If you don't choose an impact level, OpsCenter creates the OpsItem and the corresponding incident in Incident Manager using the impact level in the response plan.
1. Choose **Start**.
# Managing duplicate OpsItems
OpsCenter can receive multiple duplicate OpsItems for a single source from multiple AWS services. OpsCenter uses a combination of built-in logic and configurable deduplication strings to avoid creating duplicate OpsItems. AWS Systems Manager applies deduplication built-in logic when the [CreateOpsItem](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_CreateOpsItem.html) API operation is called.
AWS Systems Manager uses the following deduplication logic:
1. When creating the OpsItem, Systems Manager creates and stores a hash based on the deduplication string and the resource that initiated the OpsItem.
1. When another request is made to create an OpsItem, the system checks the deduplication string of the new request.
1. If a matching hash exists for this deduplication string, Systems Manager checks the status of the existing OpsItem. If the status of an existing OpsItem is open or in progress, the OpsItem is not created. If the existing OpsItem is resolved, Systems Manager creates a new OpsItem.
After you create an OpsItem, you *can't* edit or change the deduplication strings in that OpsItem.
To manage duplicate OpsItems, you can do the following:
+ Edit the deduplication string for an Amazon EventBridge rule that targets OpsCenter. For more information, see [Editing a deduplication string in a default EventBridge rule](#OpsCenter-working-deduplication-editing-cwe).
+ Specify a deduplication string when you manually create an OpsItem. For more information, see [Specifying a deduplication string using AWS CLI](#OpsCenter-working-deduplication-configuring-manual-cli).
+ Review and resolve duplicate OpsItems using operational insights. You can use runbooks to resolve duplicate OpsItems.
To help you resolve duplicate OpsItems and reduce the number of OpsItems created by a source, Systems Manager provides automation runbooks. For information, see [Resolving duplicate OpsItems based on insights](OpsCenter-working-operational-insights.md#OpsCenter-working-operational-insights-resolve).
## Editing a deduplication string in a default EventBridge rule
Use the following procedure to specify a deduplication string for an EventBridge rule that targets OpsCenter.
**To edit a deduplication string for an EventBridge rule**
1. Sign in to the AWS Management Console and open the Amazon EventBridge console at [https://console.aws.amazon.com/events/](https://console.aws.amazon.com/events/).
1. In the navigation pane, choose **Rules**.
1. Choose a rule, and then choose **Edit**.
1. Go to the **Select target(s)** page.
1. In the **Additional settings** section, choose **Configure input transformer**.
1. In the **Template** box, locate the `"operationalData": { "/aws/dedup"` JSON entry and the deduplication strings that you want to edit.
The deduplication string entry in EventBridge rules uses the following JSON format.
```
"operationalData": { "/aws/dedup": {"type": "SearchableString","value": "{\"dedupString\":\"Words the system should use to check for duplicate OpsItems\"}"}}
```
Here is an example.
```
"operationalData": { "/aws/dedup": {"type": "SearchableString","value": "{\"dedupString\":\"SSMOpsCenter-EBS-volume-performance-issue\"}"}}
```
1. Edit the deduplication strings, and then choose **Confirm**.
1. Choose **Next**.
1. Choose **Next**.
1. Choose **Update rule**.
## Specifying a deduplication string using AWS CLI
You can specify a deduplication string when you manually create a new OpsItem by using either the AWS Systems Manager console or the AWS CLI. For information about entering deduplication strings when you manually create an OpsItem in the console, see [Create OpsItems manually](OpsCenter-manually-create-OpsItems.md). If you're using the AWS CLI, you can enter the deduplication string for the `OperationalData` parameter. The parameter syntax uses JSON, as shown in the following example.
```
--operational-data '{"/aws/dedup":{"Value":"{\"dedupString\": \"Words the system should use to check for duplicate OpsItems\"}","Type":"SearchableString"}}'
```
Here is an example command that specifies a deduplication string of `disk full`.
------
#### [ Linux & macOS ]
```
aws ssm create-ops-item \
--title "EC2 instance disk full" \
--description "Log clean up may have failed which caused the disk to be full" \
--priority 1 \
--source ec2 \
--operational-data '{"/aws/dedup":{"Value":"{\"dedupString\": \"disk full\"}","Type":"SearchableString"}}' \
--tags "Key=EC2,Value=ProductionServers" \
--notifications Arn="arn:aws:sns:us-west-1:12345678:TestUser"
```
------
#### [ Windows ]
```
aws ssm create-ops-item ^
--title "EC2 instance disk full" ^
--description "Log clean up may have failed which caused the disk to be full" ^
--priority 1 ^
--source EC2 ^
--operational-data={\"/aws/dedup\":{\"Value\":\"{\\"""dedupString\\""":\\"""disk full\\"""}\",\"Type\":\"SearchableString\"}} ^
--tags "Key=EC2,Value=ProductionServers" --notifications Arn="arn:aws:sns:us-west-1:12345678:TestUser"
```
------
# Analyzing operational insights to reduce OpsItems
OpsCenter *operational insights* display information about duplicate OpsItems. OpsCenter automatically analyzes OpsItems in your account and generates three types of *insights*. You can view this information in the **Operational insights** section of the OpsCenter **Summary** tab.
+ **Duplicate OpsItems** – An insight is generated when eight or more OpsItems have the same title for the same resource.
+ **Most common titles** – An insight is generated when more than 50 OpsItems have the same title.
+ **Resources generating the most OpsItems** – An insight is generated when an AWS resource has more than 10 open OpsItems. These insights and their corresponding resources are displayed in the **Resources generating the most OpsItems** table on the OpsCenter **Summary** tab. Resources are listed in decreasing order of OpsItem count.
**Note**
OpsCenter creates **Resources generating the most OpsItems** insights for the following resource types:
Amazon Elastic Compute Cloud (Amazon EC2) instances
Amazon EC2 security groups
Amazon EC2 Auto Scaling group
Amazon Relational Database Service (Amazon RDS) database
Amazon RDS cluster
AWS Lambda function
Amazon DynamoDB table
Elastic Load Balancing load balancer
Amazon Redshift cluster
AWS Certificate Manager certificate
Amazon Elastic Block Store volume
OpsCenter enforces a limit of 15 insights per type. If a type reaches this limit, OpsCenter stops displaying more insights for that type. To view additional insights, you must resolve all OpsItems associated with an OpsInsight of that type. If a pending insight is prevented from being displayed in the console because of the 15-insight limit, that insight becomes visible after another insight is closed.
When you choose an insight, OpsCenter displays information about the affected OpsItems and resources. The following screenshot shows an example with the details of a duplicate OpsItem insight.
![\[Detailed view of an OpsCenter insight with information about OpsItems.\]](http://docs.aws.amazon.com/systems-manager/latest/userguide/images/OpsCenter-insights-detailed.png)
Operational insights are turned off by default. For more information about working with operational insights, see the following topics.
**Topics**
+ [
## Enabling operational insights
](#OpsCenter-working-operational-insights-viewing)
+ [
## Resolving duplicate OpsItems based on insights
](#OpsCenter-working-operational-insights-resolve)
+ [
## Disabling operational insights
](#OpsCenter-working-operational-insights-disable)
## Enabling operational insights
You can enable operational insights on the **OpsCenter** page in the Systems Manager console. When you enable operational insights, Systems Manager creates an AWS Identity and Access Management (IAM) service-linked role called `AWSServiceRoleForAmazonSSM_OpsInsights`. A service-linked role is a unique type of IAM role that is linked directly to Systems Manager. Service-linked roles are predefined and include all the permissions that the service requires to call other AWS services on your behalf. For more information about the `AWSServiceRoleForAmazonSSM_OpsInsights` service-linked role, see [Using roles to create operational insight OpsItems in Systems Manager OpsCenter](using-service-linked-roles-service-action-4.md).
**Note**
Note the following important information:
Your AWS account is charged for operational insights. For more information, see [AWS Systems Manager Pricing](https://aws.amazon.com/systems-manager/pricing/).
OpsCenter periodically refreshes insights using a batch process. This means the list of insights displayed in OpsCenter might be out of sync.
Use the following procedure to enable and view operational insights in OpsCenter.
**To enable and view operational insights**
1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).
1. In the navigation pane, choose **OpsCenter**.
1. In the **Operational insight is available** message box, choose **Enable**. If you don't see this message, scroll down to the **Operational insights** section and choose **Enable**.
1. After you enable this feature, on the **Summary** tab, scroll down to the **Operational insights** section.
1. To view a filtered list of insights, choose the link beside **Duplicate OpsItems**, **Most common titles**, or **Resources generating the most OpsItems**. To view all insights, choose **View all operational insights**.
1. Choose an insight ID to view more information.
## Resolving duplicate OpsItems based on insights
To resolve insights, you must first resolve all OpsItems associated with an insight. You can use the `AWS-BulkResolveOpsItemsForInsight` runbook to resolve OpsItems associated with an insight.
To help you resolve duplicate OpsItems and reduce the number of OpsItems created by a source, Systems Manager provides the following automation runbooks:
+ The `AWS-BulkResolveOpsItems` runbook resolves OpsItems that match a specified filter.
+ The `AWS-AddOpsItemDedupStringToEventBridgeRule` runbook adds a deduplication string for all OpsItem targets that are associated with a specific Amazon EventBridge rule. This runbook doesn't add a deduplication string if a rule already has one.
+ The `AWS-DisableEventBridgeRule` turns off a rule in EventBridge if the rule is generating dozens or hundreds of OpsItems.
**To resolve an operational insight**
1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).
1. In the navigation pane, choose **OpsCenter**.
1. On the **Overview** tab, scroll down to **Operational insights**.
1. Choose **View all operational insights**.
1. Choose an insight ID to view more information.
1. Choose a runbook and choose **Execute**.
## Disabling operational insights
When you turn off operational insights, the system stops creating new insights and stops displaying insights in the console. Any active insights remain unchanged in the system, although you won't see them displayed in the console. If you enable this feature again, the system displays previously unresolved insights and starts creating new insights. Use the following procedure to turn off operational insights.
**To turn off operational insights**
1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).
1. In the navigation pane, choose **OpsCenter**.
1. Choose **Settings**.
1. In the **Operational insights** section, choose **Edit** and then toggle the **Disable** option.
1. Choose **Save**.
# Viewing OpsCenter logs and reports
AWS CloudTrail logs AWS Systems Manager OpsCenter API calls to the console, the AWS Command Line Interface (AWS CLI), and the SDK. You can view the information in the CloudTrail console or in an Amazon Simple Storage Service (Amazon S3) bucket. Amazon S3 uses one bucket to store all CloudTrail logs for your account.
Logs of OpsCenter actions show create, update, get, and describe OpsItem activities. For more information about viewing and using CloudTrail logs of Systems Manager activity, see [Logging AWS Systems Manager API calls with AWS CloudTrail](monitoring-cloudtrail-logs.md).
AWS Systems Manager OpsCenter provides you with the following information about OpsItems:
+ **OpsItem status summary** – Provides a summary of OpsItems by status (Open and In progress, Open, or In Progress).
+ **Sources with most open OpsItems** – Provides a breakdown of the top AWS services with open OpsItems.
+ **OpsItems by source and age** – Provides a count of OpsItems, grouped by source and days since creation.
**To view the OpsCenter summary report**
1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).
1. In the navigation pane, choose **OpsCenter**.
1. On the OpsItems **Overview** page, choose **Summary**.
1. Under **OpsItems by source and age**, choose the Search bar to filter OpsItems according to **Source**. Use the list to filter according to **Status**.
# Delete OpsItems
You can delete an individual OpsItem by calling the [DeleteOpsItem](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_DeleteOpsItem.html) API operation using the AWS Command Line Interface or the AWS SDK. You can't delete an OpsItem in the AWS Management Console. To delete an OpsItem, your AWS Identity and Access Management (IAM) user, group, or role must have either administrator permission or you must have been granted permission to call the `DeleteOpsItem` API operation.
**Important**
Note the following important information about this operation.
Deleting an OpsItem is irreversible. You can't restore a deleted OpsItem.
This operation uses an *eventual consistency model*, which means the system can take a few minutes to complete this operation. If you delete an OpsItem and immediately call, for example, [GetOpsItem](https://docs.aws.amazon.com/systems-manager/latest/APIReference/API_GetOpsItem.html), the deleted OpsItem might still appear in the response.
This operation is idempotent. The system doesn't throw an exception if you repeatedly call this operation for the same OpsItem. If the first call is successful, all additional calls return the same successful response as the first call.
This operation doesn't support cross-account calls. A delegated administrator or management account can't delete OpsItems in other accounts, even if OpsCenter has been set up for cross-account administration. For more information about cross-account administration, see [(Optional) Setting up OpsCenter to centrally manage OpsItems across accounts](OpsCenter-setting-up-cross-account.md).
If you receive the `OpsItemLimitExceededException`, you can delete one or more OpsItems to reduce your total number of OpsItems below the quota limits. For more information about this exception, see [Troubleshooting issues with OpsCenter](OpsCenter-troubleshooting.md).
## Deleting an OpsItem
Use the following procedure to delete an OpsItem.
**To delete an OpsItem**
1. Install and configure the AWS CLI, if you haven't already. For more information, see [Installing or updating the latest version of the AWS CLI](https://docs.aws.amazon.com/cli/latest/userguide/getting-started-install.html).
1. Run the following command. Replace *ID* with the ID of the OpsItem you want to delete.
```
aws ssm delete-ops-item --ops-item-id ID
```
If successful, the command returns no data.
# Remediate OpsItem issues
Using AWS Systems Manager Automation runbooks, you can remediate issues with AWS resources that are identified in an OpsItem. Automation uses predefined runbooks to remediate common issues with AWS resources.
Each OpsItem includes the **Runbooks** section that provides a list of runbooks that you can use for remediation. When you choose an Automation runbook from the list, OpsCenter automatically displays some of the fields required to run the document. When you run an Automation runbook, the system associates the runbook with the related resource of the OpsItem. If Amazon EventBridge creates an OpsItem, it associates a runbook with the OpsItem. OpsCenter keeps a 30-day record of Automation runbooks for an OpsItem.
You can choose a status to view important details about the runbook, such as the reason why an automation failed and which step of the Automation runbook was running when the failure occurred, as shown in the following example.
![\[Status information for the last time an Automation runbook was run.\]](http://docs.aws.amazon.com/systems-manager/latest/userguide/images/OpsItems_automation_results.png)
The **Related resource details** page for a selected OpsItem includes the **Run automation** list. You can choose recent or resource-specific Automation runbooks and run them to remediate issues. This page also includes data providers, including Amazon CloudWatch metrics and alarms, AWS CloudTrail logs, and details from AWS Config.
![\[Metrics available on the Related Resources tab.\]](http://docs.aws.amazon.com/systems-manager/latest/userguide/images/OpsItems_automation_related_resource_details.png)
You can view information about an Automation runbook by either choosing its name in the console or by using the [Systems Manager Automation Runbook Reference](automation-documents-reference.md).
## Remediating an OpsItem using a runbook
Before you use an Automation runbook to remediate an OpsItem issue, do the following:
+ Verify that you have permission to run Systems Manager Automation runbooks. For more information, see [Setting up Automation](automation-setup.md).
+ Collect resource-specific ID information for the automation that you want to run. For example, if you want to run an automation that restarts an EC2 instance, then you must specify the ID of the EC2 instance to restart.
**To run an Automation runbook to remediate an OpsItem issue**
1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).
1. In the navigation pane, choose **OpsCenter**.
1. Choose the OpsItem ID to open the details page.
![\[A new OpsItem on the OpsCenter Overview page.\]](http://docs.aws.amazon.com/systems-manager/latest/userguide/images/OpsItems_working_scenario_1.png)
1. Scroll to the **Runbooks** section.
1. Use the search bar or the numbers in the upper right to find the Automation runbook that you want to run.
1. Choose a runbook, and then choose **Execute**.
1. Enter the required information for the runbook, and then choose **Submit**.
Once you start the runbook, the system returns to the previous screen and displays the status.
1. In the **Automation executions in the last 30 days** section, choose the **Execution ID** link to view steps and the status of the execution.
## Remediating an OpsItem using an associated runbook
After you run an Automation runbook from an OpsItem, OpsCenter associates the runbook with the OpsItem. An *associated* runbook is ranked higher than other runbooks in the **Runbooks** list.
Use the following procedure to run an Automation runbook that has already been associated with a related resource in an OpsItem. For information about adding related resources, see [Manage OpsItems](OpsCenter-working-with-OpsItems.md).
**To run a resource-associated runbook to remediate an OpsItem issue**
1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).
1. In the navigation pane, choose **OpsCenter**.
1. Open the OpsItem.
1. In the **Related resources** section, choose the resource on which you want to run the Automation runbook.
1. Choose **Run automation**, and then choose the associated Automation runbook that you want to run.
1. Enter the required information for the runbook, and then choose **Execute**.
Once you start the runbook, the system returns to the previous screen and displays the status.
1. In the **Automation executions in the last 30 days** section, choose the **Execution ID** link to view steps and the status of the execution.
# Viewing OpsCenter summary reports
AWS Systems Manager OpsCenter includes a summary page that automatically displays the following information:
+ **OpsItem status summary** – A summary of OpsItems by status, such as `Open` and `In progress`.
+ **Sources with most open OpsItems** – A breakdown of the top AWS services that have open OpsItems.
+ **OpsItems by source and age** – A count of OpsItems, grouped by source and number of days since creation.
**To view OpsCenter summary reports**
1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).
1. In the navigation pane, choose **OpsCenter**, and then choose the **Summary** tab.
1. In the **OpsItems by source and age** section, do the following:
1. (Optional) In the filter field, choose **Source**, select `Equal`, `Begin With`, or `Not Equal`, and then enter a search parameter.
1. In the adjacent list, select one of the following status values:
+ `Open`
+ `In progress`
+ `Resolved`
+ `Open and in progress`
+ `All`
# Troubleshooting issues with OpsCenter
This topic includes information to help you troubleshoot common errors and issues with OpsCenter.
## You receive the OpsItemLimitExceededException
If your AWS account has reached the maximum number of OpsItems allowed when you call the CreateOpsItem API operation, you receive an `OpsItemLimitExceededException`. OpsCenter returns the exception if your call would exceed the maximum number of OpsItems for either of the following quotas:
+ Total number of OpsItems per AWS account per Region (including `Open` and `Resolved` OpsItems): 500,000
+ Maximum number of OpsItems per AWS account per month: 10,000
These quotas apply to OpsItems created from any source except the following:
+ OpsItems created by AWS Security Hub CSPM findings
+ OpsItems that are auto-generated when an Incident Manager incident is opened
OpsItems created from these sources don't count against your OpsItem quotas, but you are charged for each OpsItem.
If you receive an `OpsItemLimitExceededException`, you can manually delete OpsItems until you are below the quota preventing you from creating a new OpsItem. Again, deleting OpsItems created for Security Hub CSPM findings or Incident Manager incidents won't reduce your total number of OpsItems enforced by the quotas. You must delete OpsItems from other sources. For information about how to delete an OpsItem, see [Delete OpsItems](OpsCenter-delete-OpsItems.md).
## You receive a large bill from AWS for large numbers of auto-generated OpsItems
If you configured integration with AWS Security Hub CSPM, OpsCenter creates OpsItems for Security Hub CSPM findings. Depending on the number of finding Security Hub CSPM generates and the account you were logged into when you configured integration, OpsCenter can generate large numbers of OpsItems, at a cost. Here are more specific details related to OpsItems generated by Security Hub CSPM findings:
+ If you are logged into the Security Hub CSPM administrator account when you configure OpsCenter and Security Hub CSPM integration, the system creates OpsItems for findings in the administrator *and* all member accounts. The OpsItems are all created *in the administrator account*. Depending on a variety of factors, this can lead to an unexpectedly large bill from AWS.
If you are logged into a member account when you configure integration, the system only creates OpsItems for findings in that individual account. For more information about the Security Hub CSPM administrator account, member accounts, and their relation to the EventBridge event feed for findings, see [Types of Security Hub CSPM integration with EventBridge](https://docs.aws.amazon.com/securityhub/latest/userguide/securityhub-cwe-integration-types.html) in the *AWS Security Hub User Guide*.
+ For each finding that creates an OpsItem, you are charged the regular price for creating the OpsItem. You are also charged if you edit the OpsItem or if the corresponding finding is updated in Security Hub CSPM (which triggers an OpsItem update).
+ OpsItems that are created by an integration with AWS Security Hub CSPM are *not* currently limited by the maximum quota of 500,000 OpsItems per account in a Region. It is therefore possible for Security Hub CSPM alerts to create more than 500,000 chargeable OpsItems in each Region in an account.
For high-production environments, we therefore recommend limiting the scope of Security Hub CSPM findings to high severity issues only.
**Important**
If you believe a large number of OpsItems were created in error and your AWS bill is unwarranted, contact Support.
Use the following procedure if you no longer want the system to create OpsItems for Security Hub CSPM findings.
**To stop receiving OpsItems for Security Hub CSPM findings**
1. Open the AWS Systems Manager console at [https://console.aws.amazon.com/systems-manager/](https://console.aws.amazon.com/systems-manager/).
1. In the navigation pane, choose **OpsCenter**.
1. Choose **Settings**.
1. In the **Security Hub CSPM findings** section, choose **Edit.**
1. Choose the slider to change **Enabled** to **Disabled**. If you aren't able to toggle the slider, Security Hub CSPM hasn't been enabled for your AWS account.
1. Choose **Save** to save your configuration. OpsCenter no longer creates OpsItems based on Security Hub CSPM findings.
**Important**
If OpsCenter toggles the setting back to **Enabled** and continues to create OpsItems for findings, log into the Systems Manager delegated administrator account or the AWS Organizations management account and repeat this procedure. If you don't have permission to log into either of those accounts, contact your administrator and ask them to repeat this procedure to disable integration for your account.