Aspect Workflows’ “Support and Alerting” feature streamlines incident response and support by Aspect’s on-call engineers. It introduces a well-defined hierarchy of support roles, each with tailored access levels to the customer’s Workflows infrastructure. Additionally, it configures alert routing to promptly notify Aspect of critical issues, ensuring faster and more effective issue resolution.Documentation Index
Fetch the complete documentation index at: https://docs.aspect.build/llms.txt
Use this file to discover all available pages before exploring further.
Why Workflows needs support roles and alerting
The “Workflows support and alerting” feature formalizes the process by which Aspect’s on-call engineers can efficiently assist in diagnosing and resolving issues within the customer’s Workflows installation.- Faster Incident Response The core motivation is to grant Aspect engineers scoped access, which “greatly aids in speeding up investigations.”
- Default Alert Routing Workflows automatically sets up the credentials and routing necessary to send system alerts to Aspect upon the initial Terraform apply. Customers must explicitly opt-out if they don’t want alerts routed to Aspect.
- Strictly Scoped Access Any access granted to Aspect engineers via the defined roles is “strictly scoped to the resources Workflows creates and owns.”
Support role hierarchy
Aspect provides a tiered system of roles that define the level of access granted to its on-call engineers, ranging from read-only to co-maintainer capabilities.| Role | Access Level | Purpose & Key Permissions - AWS Examples |
|---|---|---|
| Support Role | Read-Only Access | Speeds up investigations during incidents. Allows Read/List on Systems Manager parameters, Describe on Auto Scaling Groups (ASGs), and Get on log streams with the aw_ prefix. |
| Operator Role | Read + Limited Write Access | A superset of the Support role. Allows management of EC2 hosts for rebooting/terminating and management of the Redis cache for update/delete/snapshot. It also allows Systems Manager access to running instances and port forwarding for Grafana, but is off by default. |
| Co-maintainer Role | Superset of Support & Operator | GCP only. Provides the highest level of access, allowing Aspect engineers to apply the Terraform workspace for your installation. |
Access management for Aspect engineers
Access request approval manages membership in the support and operator groups likegroup:workflows-support@aspect.build and group:workflows-operator@aspect.build for Aspect’s on-call engineers, ensuring controlled access.