steampipe plugin install awssteampipe plugin install aws

Table: aws_ssmincidents_response_plan - Query AWS SSM Incidents Response Plan using SQL

AWS SSM Incidents response plan automates the initial response to incidents. A response plan engages contacts, starts chat channel collaboration, and initiates runbooks at the beginning of an incident.

Table Usage Guide

The aws_ssmincidents_response_plan table in Steampipe allows you to query information about each response plan in your AWS account. This table provides you, as a DevOps engineer or system administrator, with response plan specific details, including the ARN, name, chat channel, incident template, and more. You can utilize this table to gather insights on response plans.

Examples

Basic info

Analyze the settings to understand the comprehensive overview of the response plans configured in AWS Systems Manager Incident Manager, aiding in effective incident response and management. This information is particularly useful for assessing the setup of your incident response infrastructure, ensuring that all necessary components are in place and properly configured.

select
  name,
  arn,
  display_name,
  chat_channel,
  incident_template,
  integrations,
  title
from
  aws_ssmincidents_response_plan;

select
  name,
  arn,
  display_name,
  chat_channel,
  incident_template,
  integrations,
  title
from
  aws_ssmincidents_response_plan;

List response plans with chat channel configured

Focuses on retrieving information about AWS Systems Manager Incident Manager response plans that have an associated chat channel. It helps organizations to assess and manage their incident response strategies, especially in the context of communication readiness and efficiency.

select
  name,
  arn,
  display_name,
  chat_channel,
  incident_template,
  integrations,
  title
from
  aws_ssmincidents_response_plan
where
  chat_channel is not null;

select
  name,
  arn,
  display_name,
  chat_channel,
  incident_template,
  integrations,
  title
from
  aws_ssmincidents_response_plan
where
  chat_channel is not null;

Get incident template details of a response plan

Retrieve detailed information about a specific AWS Systems Manager Incident Manager response plan, particularly focusing on various aspects of the incident template.

select
  name,
  arn,
  display_name,
  incident_template -> 'Impact' as incident_template_impact,
  incident_template -> 'Title' as incident_template_title,
  incident_template -> 'DedupeString',
  incident_template -> 'IncidentTags' as incident_template_tags,
  incident_template -> 'NotificationTargets' as incident_notification_targets,
  incident_template -> 'Summary' as incident_template_summary,
  title
from
  aws_ssmincidents_response_plan
where
  incident_template is not null
  and arn = 'arn:aws:ssm-incidents::111111111111:response-plan/response-plan-test';

select
  name,
  arn,
  display_name,
  json_extract(incident_template, '$.Impact') as incident_template_impact,
  json_extract(incident_template, '$.Title') as incident_template_title,
  json_extract(incident_template, '$.DedupeString'),
  json_extract(incident_template, '$.IncidentTags') as incident_template_tags,
  json_extract(incident_template, '$.NotificationTargets') as incident_notification_targets,
  json_extract(incident_template, '$.Summary') as incident_template_summary,
  title
from
  aws_ssmincidents_response_plan
where
  incident_template is not null
  and arn = 'arn:aws:ssm-incidents::111111111111:response-plan/response-plan-test';

Get the details of integrations associated to the response plans

Involves collecting and understanding all pertinent information about the external services and tools that are linked to specific incident response plans, with the aim of understanding how these integrations support the overall incident management process.

select
  name,
  arn,
  display_name,
  jsonb_pretty(integrations),
  title
from
  aws_ssmincidents_response_plan
where
  integrations is not null;

select
  name,
  arn,
  display_name,
  json_extract(integrations, '$') as integrations,
  title
from
  aws_ssmincidents_response_plan
where
  integrations is not null;

Get details of engagements associated to the response plans

Analyzing the engagements associated with response plans, you can gain insights into how an organization prepares for and manages incident responses. This includes understanding the communication protocols, roles and responsibilities, and other coordination strategies embedded in the response plans.

select
  name,
  arn,
  display_name,
  jsonb_pretty(engagements),
  title
from
  aws_ssmincidents_response_plan
where
  engagements is not null;

select
  name,
  arn,
  display_name,
  json_extract(engagements, '$') as engagements,
  title
from
  aws_ssmincidents_response_plan
where
  engagements is not null;

Schema for aws_ssmincidents_response_plan

Name	Type	Operators	Description
_ctx	jsonb		Steampipe context in JSON form.
account_id	text	=, !=, ~~, ~~, !~~, !~~	The AWS Account ID in which the resource is located.
actions	jsonb		The actions that this response plan takes at the beginning of the incident.
akas	jsonb		Array of globally unique identifier strings (also known as) for the resource.
arn	text	=	The Amazon Resource Name (ARN) of the response plan.
chat_channel	jsonb		The Chatbot chat channel used for collaboration during an incident.
display_name	text		The human readable name of the response plan.
engagements	jsonb		The Amazon Resource Name (ARN) for the contacts and escalation plans that the response plan engages during an incident.
incident_template	jsonb		Details used to create the incident when using this response plan.
integrations	jsonb		Information about third-party services integrated into the Incident Manager response plan.
name	text		The name of the response plan.
partition	text		The AWS partition in which the resource is located (aws, aws-cn, or aws-us-gov).
region	text	=	The AWS Region in which the resource is located.
sp_connection_name	text	=, !=, ~~, ~~, !~~, !~~	Steampipe connection name.
sp_ctx	jsonb		Steampipe context in JSON form.
title	text		Title of the resource.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- aws

You can pass the configuration to the command with the --config argument:

steampipe_export_aws --config '<your_config>' aws_ssmincidents_response_plan