Getting Started

Step 1 - Add the app from marketplace


Launch the app from the AWS marketplace or the cloudformation stack an Ephemeral Systems Sales engineer has provided you.

Step 2 - Run the Cloudformation Template


  • A DNS name you'd like to use.
  • An ACM Certificate to setup SSL for the site.
  • An SSH Key uploaded to EC2

Insert the parameters into cloudformation as shown. Select an appropriate instance size for the ec2 instance and RDS database.


Follow the rest of the cloudformation wizard to complete.


Note that you'll need to allow the stack to create IAM resources with custom names.

Step 3 - Wait for the Stack to Complete


Wait for the stack to finish creation. Look for all the incident pony stacks to say "CREATE_COMPLETE".

Step 4 - Get the DNS name of the ALB


In the cloudformation console retrieve the name of the application load balancer from the deliver server nested stack outputs. Use this to setup DNS.

Setup Dns to point to the ALB using a cname.

You'll need to setup DNS using your own system: bind, route53, etc.

Step 5 - Retrieve the invitation token

When the stack is complete navigate to the EC2 console and select Parameter Store.


Scroll to the bottom right and look for your invitation token. Copy the Value to login your first user.

Step 6 - Register your first user


Navigate to the URL for your app and setup your first user with the invitation token.


Fill out the requisite fields and login.

Step 7 - Add an account


Navigate to the Accounts node under Settings.


Click on "Add Account"


Enter the account id and name of the account you would like to onboard then click "Create Read Role." This will launch an auto-templated cloudformation stack creation. Note: You may need to sign-in to the console of the target account to complete setup.


Follow the cloudformation wizard once again acknowledging that this stack will create IAM roles.


When the stack is "CREATE_COMPLETE" in state gather the role arn from the Outputs tab. Paste this back into the account creation form.


Follow the same process for the "Create Write Role" button.


With both ARNs in place click "Save".

Step 8 - Verify the roles are assumable


Navigate back to the accounts menu to see if the read and write role can be assumed by incident pony running in this account. Repeat this process for as many accounts as you need to onboard.

Step 9 - Setup your predefined plans


Incident pony allows you to setup runbooks of plans to auto-execute. Feel free to create these for keys or hosts.

Step 10 - Process an incident


Open an incident to test the system.


From this screen you may choose a variety of actions: Remediate hosts or keys in addition to logging arbitrary events. You may also elect to upload additional assets to the case file.


The above is an example of setting up an instance to be remediated using a custom plan.