This pipeline is designed to instantly respond to a security alert an EC2 instance.
The pipeline works asynchronously and performs the following actions:
- Creates a restricted security group for the affected EC2 instance to prevent any information leaking from the instance during the snapshot and log retrieval process
- Creates a snapshot
- Downloads the application/system logs from the instance, archives and uploads them to an S3 Bucket
- Stops and terminates the instance after creating a snapshot and getting logs from it.
- Creates an incident in PagerDuty with a link to the log archive