Centralized view of support cases opened from multiple AWS accounts using AWS Systems Manager

AWS Systems Manager Explorer is a customizable operations dashboard that reports information about your AWS resources. Explorer displays an aggregated view of operations data (OpsData) for your AWS accounts and AWS Regions. OpsData also includes information from supporting AWS services, such as AWS Trusted Advisor, AWS Compute Optimizer, and AWS Support Center cases, among other sources.

Customers raise Support cases using AWS Support Center, a hub for managing Support cases. It is recommended to add relevant information in the support cases to help AWS Support Engineers diagnose issues. Customers, specifically CCOE teams from various companies, have reached out to us requesting for a consolidated view of support cases opened by multiple teams across the business, using different AWS accounts and regions.

AWS Systems Manager Explorer provides a summary of Support cases across your AWS accounts, to help you get better visibility into the operational health of your AWS environment. This feature lets you use Systems Manager Explorer to view aggregated Support cases by status across multiple accounts or your entire AWS Organization. Using the Support Widget in the Explorer, you can filter the support cases, export the results into a csv file and focus on specific ones for a detailed investigation.

Note that this feature is only available to Business Support and Enterprise Support plan customers.

This post demonstrates setting up a support case dashboard in your AWS environment by leveraging the Systems Manager Explorer functionality.

Prerequisites

The following prerequisites are necessary to follow along with this post:

• Before you get started, make sure that you have a Business or Enterprise support plan for your AWS accounts.
• For aggregating data across multiple accounts, they must reside within a single AWS Organization.
• As a security best practice, configure a Delegated Administrator to limit the number of Explorer administrators and avoid using Organization’s Management Account to administer resources.

Enabling Systems Manager Explorer

You must be logged into your AWS Organization’s Management Account or into a Delegated Administrator account for gathering data on support cases across multiple accounts. If you’re configuring Systems Manager only for a specific AWS account, you can log in directly to the account.

For the purpose of this post, the following steps are performed directly from the Organization’s Management Account.

1. Head to the Systems Manager Console in the AWS Region of your choice.
2. Under Operations Management, choose Explorer.
3. Choose Get started.

4. In the Explorer setup screen, scroll down and choose Enable Explorer.

Creating Resource Data Sync for data aggregation

Follow these steps to create a resource data sync for data aggregation:

1. Choose the Create resource data sync button in the Explorer setup screen in the top right-hand corner.

Resource data sync aggregates data from accounts and multiple AWS Regions for Explorer to report. Resource Data Sync doesn’t happen in real-time, but it happens periodically in the backend.

2. In Configure resource data sync, enter the Resource data sync name.
3. In the Add accounts section, choose an option.

You can choose the current AWS account or configure Explorer to aggregate data from multiple accounts. This option requires that you set up and configure AWS Organizations. You can also select organization units within the Organization.

Suppose you choose one of the following Organization options. In that case, you must be signed in to the Organization’s Management Account or be a Delegated Administrator in Organizations.

4. Create the service-linked role for Systems Manager account discovery. Systems Manager uses the service-linked role AWSServiceRoleForAmazonSSM_AccountDiscovery to call other AWS services to discover AWS account information. You can create the service-linked role by choosing the Create role button.

5. Furthermore, choose the Enable access button to enable the integration of Systems Manager service with Organizations and enable OpsData Sync service access.

6. In the Regions to include section, choose one of the following options:
   • Choose the Include all current and future regions button to automatically sync data from all of the existing AWS Regions and any new Regions that come online in the future.
   • Choose All regions to sync data from all current AWS Regions automatically.
   • You can Individually choose the Regions that you want to include.

7. Choose the Create resource data sync button.
8. In the Systems Manager console, under Operations Management, choose Explorer.
9. Under OpsData Filter, choose the DataSync that you just created on the Explorer page.

10. Support Cases summary is available on the Explorer page. Note that aggregated data collection may take some time to complete depending on the number of AWS Regions and Accounts across which the collection must be done. If there are issues loading the data, or if the data hasn’t loaded even after an extended amount of time, then see Troubleshooting Explorer.

11. Once the data is loaded, choose View all cases. The following table lists the Status of the support case, the account that opened the case, the AWS Service involved, the Severity of the case, the Time Created,

12. Choose Export Table to export support cases as a comma-separated value (.csv) file to an Amazon Simple Storage Service (Amazon S3) bucket. When you configure data export, you must specify an Amazon SNS topic that exists in the same AWS Region where you want to export the data. Systems Manager sends a notification to the Amazon SNS topic when the export completes.

You can configure OpsData Filter to filter support cases by Support Case Status, Subject, Source, and Region, among other properties.

13. To customize the location of the Support Cases widget, you can hold the widget and then drag it to its new location.

14. Suppose you want to enable or disable specific widgets on the Explorer page. In that case, you can select Configure Dashboard under Dashboard actions. Note that the Support Center widget isn’t enabled in the AWS Accounts without Business or Enterprise Support plans.

Conclusion

Systems Manager Explorer is an operations dashboard that provides a view of your OpsData across your AWS accounts and Regions to track, investigate, and remediate operational issues. Several teams within your company may work on different business requirements and open up Support cases with the AWS Support team for general guidance or production-impacting issues. It’s a common requirement that management teams or CCOE teams within a business want to view a summary of the support cases opened from multiple AWS Accounts or Regions and a centralized console. Systems Manager Explorer functionality lets you set up a single case dashboard across your entire organization. This capability can aggregate the data from different AWS accounts and regions. Moreover, this can be useful for identifying patterns or specific areas where your teams may need additional help and for prioritizing issues that impact your business.

In addition to using Systems Manager for support cases, you can also view OpsData from different data sources, such as Compute Optimizer, Trusted Advisor, Amazon Elastic Compute Cloud (Amazon EC2), and other supported data sources by getting started with Systems Manager Explorer and Ops Center.

Author: