Automating the creation of work items in Azure DevOps for applications errors using AWS Lambda and SNS

Nanthan Rasiah
3 min readAug 14, 2022

--

Azure DevOps is a language, platform and cloud provider agnostic Software as a service (SaaS) system from Microsoft that provides an end-to-end DevOps toolchain for developing and deploying software. It provides a range of services and one of the popular one is Azure Board which provides agile planning, work item tracking, visualisation and reporting. Most of small and medium-sized enterprises are started using Azure Board for agile project management but running the workloads AWS cloud which offers more services, and more features within those services, than any other cloud provider.

As a best practice, we want to automate the most of process. AWS cloud provides great monitoring and alerting tools. But, still manual action is needed to resolve alerts and project manager wants the visibility on how an application alerts are handled and resolved. As project manager are using Azure DevOps Board to plan, track, and collaborate between team members, they prefers to create work item (incident) for each alerts on the board so that they can allocate available resource to resolve the alerts and track progress.

In this post, let’s see how we can automatically create work item on Azure Board for the alerts that are generated from the workload running on AWS cloud, using AWS Lambda function and SNS topics.

Assume, we have implemented data visualisation platform on AWS cloud as depicted in the architecture diagram below.

Visualisation platform processes are described below.

  1. User upload data via SFTP to S3 bucket.
  2. Microservices deployed in AWS Fargate environment will process the files and write the data into Amazon Redshift, which is cloud data warehouse.
  3. Amazon QuickSight is configured to use Amazon Redshift as datasource.
  4. User will use Amazon QuickSight to visualise the data to get actionable insights.
  5. Microservices will send error notifications to a SNS topic if any error occurred while processing and loading data.
  6. CloudWatch alarms can be configured to send alerts to a SNS topic.
  7. AWS Lambda function, which is subscribed to SNS topic, will process error notifications and alerts and create work item automatically on Azure Board.
  8. Azure DevOps Personal Access Token (PAT), which contains the security credentials for Azure DevOps, is stored in AWS secret manager and lambda function uses secret from AWS secret manager to establish connection to Azure DevOps.

Data visualisation solution is described at high level for your reference and you can see how services can be configured to send error notification to SNS topic. Depending on you architecture, you can design the system to send error notification in a standard message format provided below to a SNS topic.

You can use the CloudFormation below to create AWS Lambda function to create work item automatically on Azure DevOps Board. You have to define the following parameters for the CloudFormation.

You can provide your SNS topic ARN so that lambda function receive notification sent by your services.

You can add Azure DevOps secret to AWS secret manager via AWS console and provide customer managed KMS key that you create. You have to provide secret ARN, secret Key and CMK ARN as parameter to the CloudFormation.

Also, we are creating python based lambda function and it needs requests and pandas libraries and they can be configured as lambda layers with python 3.9 runtime. You need to provide these lambda layer ARNs as parameter to the CloudFormation.

You also need to provide Azure DevOps Project URL to create work item and user email address to assign the work item.

We assume that service send notifications in the below format. Feel free to change as per your need and update lambda function.

Here is the complete CloudFormation template to create lambda functions and the necessary resources, which allows to create work item (incident) automatically on Azure Board.

This blog post explains how you can implement error notification in your system and how to create work item(incident) automatically in Azure DevOps Board for the notification and assign it to a user to take action.

--

--

Nanthan Rasiah

Ex. AWS APN Ambassador | Architect | AWS Certified Pro | GCP Certified Pro | Azure Certified Expert | AWS Certified Security & Machine Learning Specialty