Integrations
Sigma is designed to allow hollistic control of your environment. Through various Compute, ITSM and AI integrations, Sigma allows you to centrally manage your Infrastructure.
Compute
Depending on your license, you can integrate Sigma with various Compute environments. Each Compute environment has unique API requirements and parameters required for a successful Simga integration.
Supported Compute environments:
AWS (Amazon Web Services)
Sigma requires an API key generated from the AWS console with sufficient AWS IAM permissions to view and manage AWS resources. Below are instructions on how to set up the AWS IAM permissions.
AWS IAM Permissions
If you don’t already have a user account to be used for the Sigma integration, create a new AWS user account.
For Sigma to view and manage AWS resources, add the following AWS IAM permissions:
- EC2: - DescribeInstances: Allows Sigma to describe instances in the various regions. - DescribeRegions: Allows Sigma to describe AWS regions. - DescribeVpcs: Allows Sigma to describe VPCs. - DescribeSecurityGroups: Allows Sigma to describe security groups. - StartInstances: Allows Sigma to start instances. - StopInstances : Allows Sigma to stop instances. - RebootInstances : Allows Sigma to reboot instances. - TerminateInstances : Allows Sigma to terminate instances. - S3: - ListAllMyBuckets: Allows Sigma to list S3 buckets. - CloudWatch: - GetMetricData: Allows Sigma to retrieve utilization metrics. - Systems Manager: - SendCommand: Allows Sigma to execute scripts on EC2 instances. - GetCommandInvocation: Allows Sigma to get command status on EC2 instances.Alternatively, you may copy the below JSON to configure the required IAM policies using the AWS Policy editor:
{ "Version": "2012-10-17", "Statement": [ { "Sid": "VisualEditor0", "Effect": "Allow", "Action": [ "ec2:RebootInstances", "ssm:SendCommand", "ec2:DescribeInstances", "ec2:TerminateInstances", "ec2:StartInstances", "s3:ListAllMyBuckets", "cloudwatch:GetMetricData", "ec2:DescribeVpcs", "ec2:DescribeRegions", "ec2:StopInstances", "ec2:DescribeSecurityGroups", "ssm:GetCommandInvocation" ], "Resource": "*" } ] }
Note
Important: The above permissions apply to all resources. If you wish to limit the scope of resources, use the AWS console to manually select the resources that Sigma will be authorized to manage.
Creating AWS Access Key
Sign in to the AWS Management Console and open the IAM Console.
In the navigation pane, choose Users.
Choose the user account whose AWS IAM permissions were set up for the Sigma connection, and then choose the Security credentials tab.
In the Access keys section, choose Create access key. If you already have two access keys, this button is deactivated and you must delete an access key before you can create a new one.
On the Retrieve access keys page, choose either Show to reveal the value of your user’s secret access key, or Download .csv file. This is your only opportunity to save your secret access key. After you’ve saved your secret access key in a secure location, choose Done.
For the Sigma connection, you will need the AWS Access Key ID as well as the Secret Access Key.
Adding AWS Environment
Login to your Sigma instance.
In the navigation bar, click Administration > Environments.
Select the Compute tab (Default).
Select the “Click to add” button on the bottom of the Compute tab.
Select AWS from the Compute product dropdown.
Provide a Connection Name. This will be used to identify this specific AWS connection.
Provide the Access key ID and the Secret Access Key in the specific fields and select Connect.
If the connection is successful, the AWS connection will display in the environments page, as well as under the Compute > AWS tab.
OCI (Oracle Cloud Infrastructure)
Sigma requires an API key generated from the OCI console with sufficient IAM policies to view and manage OCI resources. Below are instructions on how to set up the OCI IAM policies.
OCI IAM Policies
If you don’t already have a user account to be used for the Sigma integration, create a new OCI user account.
Add the user to a group that has the below required IAM permissions:
- manage instance-family in tenancy: Allows Sigma to manage instance-related resources across the tenancy. - use instance-family in tenancy: Allows Sigma to use instance-related resources within the tenancy. - manage instances in tenancy: Allows Sigma with management capabilities specifically on instances within the tenancy. - use instances in tenancy: Allows Sigma to utilize instances within the tenancy. - manage virtual-network-family in tenancy: Allows Sigma management capabilities for virtual network resources within the tenancy. - use virtual-network-family in tenancy: Allows Sigma to use virtual network resources within the tenancy. - read app-catalog-listing in tenancy: Allows Sigma to read app catalog listings within the tenancy. - manage app-catalog-listing in tenancy: Allows Sigma to manage capabilities for app catalog listings within the tenancy. - manage app-catalog-listings in tenancy: Allows Sigma with management capabilities for app catalog listings within the tenancy. - use volume-family in tenancy: Allows Sigma to use volume-related resources within the tenancy. - use instance-agent in tenancy: Allows Sigma to use instance agent resources within the tenancy. - manage object-family in tenancy: Allows Sigma to manage object-related resources within the tenancy. - manage instance-agent-command-family in tenancy: Allows Sigma with management capabilities for instance agent commands within the tenancy. - manage instance-agent-command-execution-family in tenancy: Allows Sigma to manage instance agent command executions within the tenancy. - use instance-agent-command-execution-family in tenancy: Allows Sigma to use instance agent command executions. - manage all-resources in tenancy: Allows Sigma management capabilities for all resources within the tenancy. - manage compute-capacity-reports in tenancy: Allows Sigma to manage compute capacity reports within the tenancy. - use dedicated-vm-hosts in tenancy: Allows Sigma to use dedicated VM hosts within the tenancy. - inspect instance-images in tenancy: Allows Sigma to inspect instance images within the tenancy. - manage objects in tenancy: Allows Sigma management capabilities for objects (files) within the tenancy. - inspect marketplace-listings in tenancy: Allows Sigma to inspect marketplace listings within the tenancy. - {INSTANCE_IMAGE_READ} in tenancy: Allows Sigma to read image details. - read marketplace-listings in tenancy: Allows Sigma to read marketplace listings within the tenancy. - read marketplace-community-listings in tenancy: Allows Sigma to read community marketplace listings within the tenancy. - use marketplace-listings in tenancy: Allows Sigma to use marketplace listings within the tenancy. - use marketplace-community-listings in tenancy: Allows Sigma to use community marketplace listings within the tenancy. - inspect compartments in tenancy: Allows Sigma to inspect compartments (organizational units) within the tenancy. - manage repos in tenancy: Allows Sigma management capabilities for repositories within the tenancy. - manage orm-stack in tenancy: Allows Sigma to manage ORM (Object-Relational Mapping) stacks within the tenancy.
Alternatively, you may copy the below policy block to configure the required IAM policies using the OCI Policy Builder:
Note
Important: Please ensure to replace ‘Default’/’My Group’ with the name of your group that contains the Sigma user account, and ensure to replace ‘VMGroup’ with your dynamic group that contains the virtual machines that Sigma will manage.
Allow group 'Default'/'My Group' to manage instance-family in tenancy Allow group 'Default'/'My Group' to use instance-family in tenancy Allow group 'Default'/'My Group' to manage instances in tenancy Allow group 'Default'/'My Group' to use instances in tenancy Allow group 'Default'/'My Group' to manage virtual-network-family in tenancy Allow group 'Default'/'My Group' to use virtual-network-family in tenancy Allow group 'Default'/'My Group' to read app-catalog-listing in tenancy Allow group 'Default'/'My Group' to manage app-catalog-listing in tenancy Allow group 'Default'/'My Group' to manage app-catalog-listings in tenancy Allow group 'Default'/'My Group' to use volume-family in tenancy Allow group 'Default'/'My Group' to use instance-agent in tenancy Allow group 'Default'/'My Group' to manage object-family in tenancy Allow group 'Default'/'My Group' to manage instance-agent-command-family in tenancy Allow group 'Default'/'My Group' to manage instance-agent-command-execution-family in tenancy Allow dynamic-group 'VMGroup' to use instance-agent-command-execution-family in tenancy where request.instance.id=target.instance.id Allow group 'Default'/'My Group' to manage all-resources in tenancy Allow group 'Default'/'My Group' to manage compute-capacity-reports in tenancy Allow group 'Default'/'My Group' to use dedicated-vm-hosts in tenancy Allow group 'Default'/'My Group' to inspect instance-images in tenancy Allow group 'Default'/'My Group' to manage objects in tenancy Allow group 'Default'/'My Group' to inspect marketplace-listings in tenancy Allow group 'Default'/'My Group' to {INSTANCE_IMAGE_READ} in tenancy Allow group 'Default'/'My Group' to read marketplace-listings in tenancy Allow group 'Default'/'My Group' to read marketplace-community-listings in tenancy Allow group 'Default'/'My Group' to use marketplace-listings in tenancy Allow group 'Default'/'My Group' to use marketplace-community-listings in tenancy Allow group 'Default'/'My Group' to inspect compartments in tenancy Allow group 'Default'/'My Group' to manage repos in tenancy Allow group 'Default'/'My Group' to manage orm-stack in tenancy Allow group 'Default'/'My Group' to manage orm-job in tenancy
Creating OCI API Key
Sign in to the OCI Console with the username that has the required OCI IAM Policies.
Click on your profile icon in the top-right corner of the console.
Click My Profile at the top-right corner.
Under Resources at the bottom-left, select API Keys and click Add API Key.
The Add API Key dialog is displayed. Select Generate API Key Pair to create a new key pair.
Click Download Private Key. A .pem file is saved to your local device. You will need this later.
Click Add.
Copy the API fingerprint of the generated key. You will need this later.
Copy the User OCID under User infmormation. You will need this later.
Click on your profile icon in the top-right corner of the console.
Select “Tenancy: <your_tenancy_name>” from the dropdown menu.
Copy the tenancy OCID under Tenancy infmormation. You will need this later.
Adding OCI Environment
Login to your Sigma instance.
In the navigation bar, click Administration > Environments.
Select the Compute tab (Default).
Select the “Click to add” button on the bottom of the Compute tab.
Select OCI from the Compute product dropdown.
Provide a Connection Name. This will be used to identify this specific OCI connection.
Provide the Tenancy ID, Region (example: Ashburn), User Id and the API Fingerprint in the specific fields.
Click inside the PEM File Upload zone, and upload the previously saved .pem file, then select Connect.
If the connection is successful, the OCI connection will display in the environments page, as well as under the Compute > OCI tab.
Microsoft Azure
Sigma requires an API key generated from the Azure console with sufficient IAM permissions to view and manage Azure resources.
Registering Azure Application
Log in to the Microsoft Entra Admin Center.
Under Application, select App registrations.
Click on New registration.
Enter a name for the application (e.g., “Sigma Integration”).
Select the Accounts in this organizational directory only option.
Click Register.
After registering the application, navigate to Certificates & secrets.
Click on New client secret.
Add a description and select an expiry period.
Click Add.
Copy the Value of the client secret. You will need this later.
Under Overview, copy the application ID. You will need this later.
Adding Role Assignments
Log in to the Microsoft Azure portal.
Select the Subscriptions service.
Select the subscription you wish to grant Sigma access.
Click on Access control (IAM).
Click Add > Add role assignment.
- Select the following roles:
- Virtual Machine Contributor: Allows Sigma to manage virtual machines. - Monitoring Reader: Allows Sigma to retrieve utilization metrics.
Click Next then under Assign access to, select User, group, or service principal.
Under Select, search for your application by name and select it.
Click Review + assign.
Go back to the Microsoft Azure portal homepage.
Select the Tenant Properties service.
Copy the Tenant ID. You will need this later.
Adding Azure Environment
Login to your Sigma instance.
In the navigation bar, click Administration > Environments.
Select the Compute tab (Default).
Select the “Click to add” button on the bottom of the Compute tab.
Select Azure from the Compute product dropdown.
Provide a Connection Name. This will be used to identify this specific Azure connection.
Provide the Tenant ID, Application ID and the Secret Access Key in the specific fields and select Connect.
If the connection is successful, the Azure connection will display in the environments page, as well as under the Compute > Azure tab.
ITSM
ServiceNow
Instructions for API connections with ServiceNow.
Jira
Instructions for API connections with Jira.
AI
ChatGPT
Instructions for API connections with ChatGPT.