tech-advisor / training /data /raw /configuring-capabilities-for-aws-devops-agent-invoking-devops-agent-through-webhook.md
A newer version of the Gradio SDK is available: 6.20.0
Invoking DevOps Agent through Webhook
Webhooks allow external systems to automatically trigger AWS DevOps Agent investigations.
Webhook types
- Integration-specific webhooks – Auto-generated with third-party integrations
- Generic webhooks – Manually created, use HMAC authentication
- Grafana alert webhooks – Through Grafana contact points
Authentication methods
HMAC authentication – Used by Dynatrace and generic webhooks Bearer token authentication – Used by Splunk, Datadog, New Relic, ServiceNow, Slack, Grafana
| Consideration | HMAC | Bearer token |
|---|---|---|
| Setup complexity | More complex | Simpler |
| Payload integrity | Verified | Not verified |
| Replay protection | Built-in | Not built-in |
| Secret exposure risk | Lower | Higher |
Webhook request format
HMAC (Version 1)
Headers: Content-Type, x-amzn-event-signature, x-amzn-event-timestamp
Bearer token (Version 2)
Headers: Content-Type, Authorization: Bearer
Payload schema
{
"eventType": "incident",
"incidentId": "string",
"action": "created | updated | closed | resolved",
"priority": "CRITICAL | HIGH | MEDIUM | LOW | MINIMAL",
"title": "string",
"description": "string",
"timestamp": "string",
"service": "string",
"data": {}
}
Example (cURL, HMAC)
TIMESTAMP=$(date -u +%Y-%m-%dT%H:%M:%S.000Z)
PAYLOAD='{"eventType":"incident","incidentId":"test-123","action":"created","priority":"HIGH","title":"Test Alert"}'
SIGNATURE=$(echo -n "${TIMESTAMP}:${PAYLOAD}" | openssl dgst -sha256 -hmac "$SECRET" -binary | base64)
curl -X POST "$WEBHOOK_URL" -H "Content-Type: application/json" -H "x-amzn-event-timestamp: $TIMESTAMP" -H "x-amzn-event-signature: $SIGNATURE" -d "$PAYLOAD"
Troubleshooting
- No 200 response: Check authentication/headers
- 200 but no investigation: Check payload format, ensure unique incidentId/timestamp
- Investigation immediately cancelled: May have hit monthly limit