PagerDuty

Set up PagerDuty for use in the Sym SDK

Overview

With Sym and PagerDuty, you can take advantage of your existing Incident Response workflows to speed up break-glass escalations in a secure way, and tie access requests to incidents for better auditable visibility.

Common uses of the PagerDuty Integration include checking if a User is on call for conditional logic, and routing requests to individuals on call for a certain schedule.

πŸ“˜

Using PagerDuty in your Flows

Once you've got PagerDuty integrated, check out the PagerDuty SDK docs to see what you can do with it!

Setup

In order to grant Sym access to PagerDuty, you'll need to create a new API Token.

  1. Log into your PagerDuty account.
  2. In the upper right corner, click on the settings menu.
  1. Developer Tools -> API Access.
  1. Click the "Create New API Key" button.
  1. Add a description, like "Sym API Key for Schedules". If you want Sym to be able to create and modify incidents, DO NOT check the "read-only" api key box.
  1. Click the "Create Key" button.
  2. Copy the key from the modal that pops up, and store it in your Secrets Manager (or some other secure place).
  1. Close the modal.

Implementing PagerDuty

Share your PagerDuty API Key with Sym

You'll store your API Key in a value in AWS Secrets Manager in the same account where you provisioned your Runtime Connector. Contact us if you'd like to use an alternative secrets store.

  • Runtime Connectors support optional permissions using the addon input. Ensure that your Runtime Connector is provisioned with the aws/secretsmgr addon enabled.
resource "aws_secretsmanager_secret" "pagerduty" {
  name        = "/symops.com/connector/pagerduty"
  description = "PagerDuty API Key for Sym"

  tags = {
    "SymEnv" = var.environment
  }
}

Add the PagerDuty integration

Now that you have a PagerDuty secret available, you can invoke it as a sym_secret and use it in the declaration of a sym_integration.

# Add a key/value pair to your shared sym secret with your PagerDuty details
resource "sym_secret" "pagerduty_api_key" {
  path      = local.resolved_secret_path
  source_id = sym_secrets.this.id

  settings = {
    json_key = var.pagerduty_key_name
  }
}

resource "sym_integration" "pagerduty" {
  type = "pagerduty"
  name = var.runtime_name

  external_id = var.pagerduty_team_name

  settings = {
    api_token_secret = sym_secret.pagerduty_api_key.id
  }
}

Include the PagerDuty integration in your environment

Finally, add the PagerDuty integration to your sym_environment. This will ensure that the sym_integration, authenticated with your sym_secret, is available for use in your Flows.

resource "sym_environment" "this" {
  name            = var.runtime_name
  runtime_id      = sym_runtime.this.id
  error_logger_id = sym_error_logger.slack.id

  integrations = {
    pagerduty_id = sym_integration.pagerduty.id
    slack_id     = sym_integration.slack.id
  }
}

Using PagerDuty in your Flows

Now you can use information about oncalls in your Flows.

Example implementations

Allow self-approvals when a User is on call

from sym.sdk.annotations import hook, reducer
from sym.sdk.integrations import pagerduty, slack

@reducer
def get_approvers(evt):
    # In this example, being on call allows for self-approvals.
    
    # This branch is triggered if the User is on call 
    # in any escalation policy of the PagerDuty account
    if pagerduty.is_on_call(evt.user):
        # This is a self-approval in a DM
        return slack.user(evt.user)

Fetch an on-call schedule of managers to route an approval

from sym.sdk.annotations import hook, reducer
from sym.sdk.integrations import pagerduty, slack

@reducer
def get_approvers(evt):
    # In this example, the manager schedule is fetched,
    # and every User currently on call is put in a group
    # to approve the request.
        on_call_mgrs = pagerduty.users_on_call(escalation_policy_name="mgr_on_call")
        return slack.group(on_call_mgrs)

What’s Next
Did this page help you?