tech-advisor / training /data /raw /configuring-capabilities-for-aws-devops-agent-invoking-devops-agent-through-webhook.md
aslanconfig's picture
Initial commit: Tech Advisor fine-tuned on AWS DevOps Agent docs
975da6d
|
Raw
History Blame Contribute Delete
2.01 kB
# Invoking DevOps Agent through Webhook
Webhooks allow external systems to automatically trigger AWS DevOps Agent investigations.
## Webhook types
+ **Integration-specific webhooks** – Auto-generated with third-party integrations
+ **Generic webhooks** – Manually created, use HMAC authentication
+ **Grafana alert webhooks** – Through Grafana contact points
## Authentication methods
**HMAC authentication** – Used by Dynatrace and generic webhooks
**Bearer token authentication** – Used by Splunk, Datadog, New Relic, ServiceNow, Slack, Grafana
| Consideration | HMAC | Bearer token |
| --- | --- | --- |
| Setup complexity | More complex | Simpler |
| Payload integrity | Verified | Not verified |
| Replay protection | Built-in | Not built-in |
| Secret exposure risk | Lower | Higher |
## Webhook request format
### HMAC (Version 1)
Headers: Content-Type, x-amzn-event-signature, x-amzn-event-timestamp
### Bearer token (Version 2)
Headers: Content-Type, Authorization: Bearer <token>
### Payload schema
```json
{
"eventType": "incident",
"incidentId": "string",
"action": "created | updated | closed | resolved",
"priority": "CRITICAL | HIGH | MEDIUM | LOW | MINIMAL",
"title": "string",
"description": "string",
"timestamp": "string",
"service": "string",
"data": {}
}
```
## Example (cURL, HMAC)
```bash
TIMESTAMP=$(date -u +%Y-%m-%dT%H:%M:%S.000Z)
PAYLOAD='{"eventType":"incident","incidentId":"test-123","action":"created","priority":"HIGH","title":"Test Alert"}'
SIGNATURE=$(echo -n "${TIMESTAMP}:${PAYLOAD}" | openssl dgst -sha256 -hmac "$SECRET" -binary | base64)
curl -X POST "$WEBHOOK_URL" -H "Content-Type: application/json" -H "x-amzn-event-timestamp: $TIMESTAMP" -H "x-amzn-event-signature: $SIGNATURE" -d "$PAYLOAD"
```
## Troubleshooting
+ No 200 response: Check authentication/headers
+ 200 but no investigation: Check payload format, ensure unique incidentId/timestamp
+ Investigation immediately cancelled: May have hit monthly limit