# What is AWS Unified Operations
AWS Unified Operations combines proven expertise with AI-powered insights to help reduce operational and security risks, resolve issues faster, and help you architect more resilient cloud solutions from the start—accelerating your most critical cloud initiatives. Designated AWS specialists act as an extension of your team through your preferred collaboration channels—conducting workload reviews, providing strategic guidance, and optimizing performance through deep contextual knowledge. With 24/7 security and performance monitoring, we detect and mitigate incidents early while reducing alert volume. A five-minute, context-aware response for critical incidents further shortens resolution time and helps maintain peak operational performance.
## AWS Unified Operations pricing
AWS Unified Operations pricing is based on your specific requirements and workload complexity. For detailed pricing information, see [AWS Support Plan Pricing](https://aws.amazon.com/premiumsupport/pricing/).
**Contents**
+ [
## AWS Unified Operations pricing
](#unified-operations-pricing)
+ [
# Benefits of Unified Operations
](unified-operations-benefits.md)
+ [
# Unified Operations Team
](unified-operations-team.md)
+ [
## Technical Account Manager
](unified-operations-team.md#uo-personas-tam)
+ [
## Domain Specialist Engineer
](unified-operations-team.md#uo-key-personas-dse)
+ [
## Senior Billing and Account Specialist
](unified-operations-team.md#uo-personas-sbas)
+ [
## Incident Management Engineer
](unified-operations-team.md#uo-personas-ime)
+ [
## Migrations and Events Engineer
](unified-operations-team.md#uo-personas-ms)
+ [
## AWS Customer Incident Response Team
](unified-operations-team.md#uo-personas-cirt)
+ [
## Specialist Support Engineer
](unified-operations-team.md#uo-personas-sse)
+ [
# Unified Operations life cycle
](unified-operations-phases.md)
+ [
# Unified Operations pre-onboarding
](uops-pre-onboarding.md)
+ [
# Unified Operations onboarding
](uops-onboarding.md)
+ [
# Unified Operations Pre-event or migration planning
](uops-pre-event-planning.md)
+ [
# Unified Operations Event migration or cutover
](uops-event-migration-cutover.md)
+ [
# Unified Operations Post Go-live or event
](uops-event-post-golive.md)
+ [
# Unified Operations Workload incident management
](uops-workload-inc-management.md)
+ [
# Unified Operations Post incident
](uops-post-incident.md)
+ [
# Unified Operations Continuous improvement
](uops-continuous-improvement.md)
+ [
# Getting started with Unified Operations
](unified-operations-getting-started.md)
+ [
# Unified Operations Getting started: Prerequisites
](uops-gs-prerequisites.md)
+ [
# Unified Operations Getting started: Onboard critical alarms to rapid incident management
](uops-gs-onboard-alarms.md)
+ [
# Unified Operations Getting started: How to request 5-minute incident response
](uo-gs-incident-response.md)
+ [
# Unified Operations Getting started: Plan for domain coverage
](uo-gs-domain-coverage.md)
+ [
# Unified Operations Getting started: Onboard your account to proactive security incident management
](uops-gs-proactive-sec-man.md)
+ [
# Unified Operations Getting started: AWS expectations from you
](uops-gs-expectations-customers.md)
+ [
# Unified Operations Getting started: What you can expect from AWS
](uops-gs-aws-expectations.md)
# Benefits of Unified Operations
Unified Operations offers several key benefits.
+ **Designated AWS experts:** Your AWS team includes designated Technical Account Managers (TAMs), AWS Domain Specialist Engineer, and Senior Billing and Account Specialist. Your AWS team integrates with your collaboration tools like Slack or Microsoft Teams.
+ **Deep technical guidance:** Your AWS team helps you strengthen your resiliency through application-specific deep dives, readiness assessments, guided testing support, and custom runbooks tailored to your environment. Your AWS team provides workload focused financial management and aligns costs strategically with your business objectives.
+ **Migrations, events, and launch support:** Accelerate your critical cloud migrations and business events with designated AWS engineers who help mitigate risks proactively, guiding you from planning through execution. Real-time assistance for scheduled events, increasing migration velocity and successful launches.
+ **24x7 Proactive workload monitoring:** Onboard application and infrastructure level alarms from your existing AWS and third-party tools to detect early warning signs and drive proactive mitigation with your team.
+ **Engage AWS incident managers within 5 mins for business-critical system down issues:** Receive proactive support from Incident Management Engineers within 5 minutes of alarms, workload alerts, or business-critical system down issues.
+ **Context-specific case response:** Access to context-aware support engineers to drive incident resolution. Runbooks and incident response playbooks customized for your workflows, streamlining problem diagnosis and resolution for your specific business needs.
+ **Security guidance and support:** Proactive monitoring of security events with automated triage and investigation, along with 24/7 access to the AWS Customer Incident Response Team to prepare for, respond to, and recover from security events in your AWS environment.
# Unified Operations Team
AWS Unified Operations brings together a designated team of specialized experts who work together to support your cloud journey. Each role is carefully designed to provide comprehensive coverage across technical, financial, operational, and security dimensions of your cloud environment. From strategic guidance to technical support, from financial optimization to rapid incident response, these experts act as an extension of your team, available 24/7 to ensure your cloud operations run efficiently and securely.
**Contents**
+ [
## Technical Account Manager
](#uo-personas-tam)
+ [
## Domain Specialist Engineer
](#uo-key-personas-dse)
+ [
## Senior Billing and Account Specialist
](#uo-personas-sbas)
+ [
## Incident Management Engineer
](#uo-personas-ime)
+ [
## Migrations and Events Engineer
](#uo-personas-ms)
+ [
## AWS Customer Incident Response Team
](#uo-personas-cirt)
+ [
## Specialist Support Engineer
](#uo-personas-sse)
## Technical Account Manager
Your designated cloud strategist, the Technical Account Manager (TAM) orchestrates the overall engagement and drives business outcomes. TAMs lead strategic planning, conduct quarterly business reviews, provide resiliency guidance, and coordinate across specialized teams to ensure your cloud initiatives succeed. They serve as your primary point of contact for escalations and strategic decisions.
## Domain Specialist Engineer
A Domain Specialist Engineer (DSE) is a technical expert who deeply understands your specific workload architecture and AWS services. DSEs conduct critical workload reviews, create technical documentation, develop troubleshooting guides, and provide ongoing technical consultation. They analyze incidents to prevent recurrence and maintain global knowledge sharing to make sure that there is consistent support quality.
## Senior Billing and Account Specialist
Your Senior Billing and Account Specialist (SBAS) is a designated financial optimization expert who helps balance performance with cost. They manage cost optimization strategies, oversee reserved instance and savings plan portfolios, conduct financial business reviews, and provide detailed spend analytics to maximize your cloud investment efficiency.
## Incident Management Engineer
Incident Management Engineers (IME) are rapid response specialists who coordinate critical incident resolution. IMEs provide 5-minute response times, orchestrate technical teams during incidents, manage stakeholder communications. During active incidents, IMEs conduct real-time assessments of incident handling and response effectiveness, upon request they document the sequence of events, decisions made, and immediate outcomes. They observe and evaluate the execution of response protocols, team coordination, and the application of existing playbooks while the incident is still unfolding.
## Migrations and Events Engineer
On-demand experts who guide critical transitions like launches and migrations. They validate architectures, create detailed execution plans, provide real-time monitoring during events, and conduct post-event analysis to capture learnings and optimize future operations.
## AWS Customer Incident Response Team
The AWS Customer Incident Response Team (CIRT) are security experts providing 24/7 specialized assistance for security events. They monitor security findings, provide guided response within minutes of detection, and enhance your security operations capabilities through expert investigation support and best practices guidance.
## Specialist Support Engineer
Specialist Support Engineers (SSE) are highly experienced technical experts using advanced contextual tools to deliver precise support solutions. They leverage AI-powered systems and deep technical knowledge to quickly understand your environment and resolve complex technical challenges.
# Unified Operations life cycle
The Unified Operations Support plan contains different phases, from pre-onboarding, through continuous improvement, that help you get the most our of your cloud environment. This topic covers key points of each phase.
**Contents**
+ [
# Unified Operations pre-onboarding
](uops-pre-onboarding.md)
+ [
# Unified Operations onboarding
](uops-onboarding.md)
+ [
# Unified Operations Pre-event or migration planning
](uops-pre-event-planning.md)
+ [
# Unified Operations Event migration or cutover
](uops-event-migration-cutover.md)
+ [
# Unified Operations Post Go-live or event
](uops-event-post-golive.md)
+ [
# Unified Operations Workload incident management
](uops-workload-inc-management.md)
+ [
# Unified Operations Post incident
](uops-post-incident.md)
+ [
# Unified Operations Continuous improvement
](uops-continuous-improvement.md)
# Unified Operations pre-onboarding
During the pre-onboarding phases, AWS gathers information from you needed to start the onboarding process, including the following information:
**Environment discovery and technical validation**
+ Understanding of your workload architecture and your key AWS services.
+ Your future planning needs, such as migration or events.
+ Pre-requisites, such as a list of your AWS accounts and AWS Regions.
+ Your specific business needs.
# Unified Operations onboarding
**Onboarding kickoff**
+ Meet the team (customer and AWS allocated resources).
**Onboarding workshop**
+ Identify critical workloads.
+ Conduct deep architecture review of the workloads.
+ Review roles and responsibilities (RACI review – AWS and your roles and responsibilities).
+ Review Incident and Change management workflows (ITSM).
+ Communication protocol - tooling and processes, escalation path, on-call schedules
+ Identify and define the critical alarms (in Amazon CloudWatch, your 3rd party APM or custom monitoring tool).
+ Build runbooks for critical alarms.
**Service onboarding**
+ Your AWS account onboarding to AWS Security Incident Response.
+ Critical alarm onboarding to rapid Incident Management.
# Unified Operations Pre-event or migration planning
Pre-event or migration planning in AWS Unified Operations includes the following key elements.
+ **Context gathering :** Workload discovery and architecture.
+ **Operational Readiness Review (ORR):** Systematic assessment against AWS best practices and runbooks to identify potential issues before they impact the event.
+ **Risk assessments:** Identify, list potential risks, and mitigation plans.
+ **Review Events:** Secure the cut-over or migration event support.
# Unified Operations Event migration or cutover
Event migration or cutover in Unified Operations includes the following key elements.
+ **Real-time bridge to resolution:** AWS experts join your communication channels to monitor events and resolve issues during critical business periods.
+ **24/7 comprehensive support:** Round-the-clock expert assistance with immediate guidance for resource scaling needs. .
+ **AWS engineering:** Work directly with engineers who understand your business, delivering tailored solutions.
# Unified Operations Post Go-live or event
The post go-live or post event process in Unified Operations includes the following key elements:
+ Spin-down engagement and event-specific resources.
+ Conduct event reviews.
+ Update runbooks and documentation based on learnings.
+ Perform retrospectives to identify areas for improvement.
# Unified Operations Workload incident management
Workload incident management includes the following key elements:
+ AWS Support case creation.
+ Engagement with you and an AWS Incident Management Engineer (IME) for context-aware incident management.
+ Joining or creation of incident bridge call.
+ Monitoring of AWS service health and large-scale event (LSE).
+ Rapid recovery of critical applications or workloads.
# Unified Operations Post incident
Post-incident analysis for critical incidents is conducted by the assigned Domain Specialist Engineer (DSE). DSE takes a broader analytical approach after resolution, conducting comprehensive root cause analysis to identify any gaps in processes or tooling. The DSE transforms insights into actionable improvements by updating response playbooks, recommending preventive measures, and suggesting architectural enhancements to help prevent similar incidents in the future.
# Unified Operations Continuous improvement
Continuous improvement includes the following key elements:
+ Update Critical Workload Reviews, proposing AWS service-specific recommendations and resilience guidance .
+ Review old and new cases on a continuous basis, and provide troubleshooting guides for identified technical issues.
+ Apply lessons and oversee implementations and testing.
+ Discuss technical issues, configurations, past, and upcoming projects and milestones.
+ Review new feature implementation plans with risk assessments and performance optimizations.
+ Conduct Monthly or Quarterly Business Review (MBR / QBR).
# Getting started with Unified Operations
This topic discusses the steps to onboard to AWS Unified Operations.
**Contents**
+ [
# Unified Operations Getting started: Prerequisites
](uops-gs-prerequisites.md)
+ [
# Unified Operations Getting started: Onboard critical alarms to rapid incident management
](uops-gs-onboard-alarms.md)
+ [
# Unified Operations Getting started: How to request 5-minute incident response
](uo-gs-incident-response.md)
+ [
# Unified Operations Getting started: Plan for domain coverage
](uo-gs-domain-coverage.md)
+ [
# Unified Operations Getting started: Onboard your account to proactive security incident management
](uops-gs-proactive-sec-man.md)
+ [
# Unified Operations Getting started: AWS expectations from you
](uops-gs-expectations-customers.md)
+ [
# Unified Operations Getting started: What you can expect from AWS
](uops-gs-aws-expectations.md)
# Unified Operations Getting started: Prerequisites
The following items are required to onboard to AWS Unified Operations
**A signed AWS Unified Operations contract. For more information, contact your AWS sales representative.**
+ Identified business needs, such as migration, modernization, events, target uptime, and so on.
+ A list of your workloads.
+ A list of your AWS accounts and associated AWS Regions.
+ Identified stakeholders across Application, Architecture, Operations, and Security teams.
# Unified Operations Getting started: Onboard critical alarms to rapid incident management
To help quickly notify you of critical incidents, complete the following steps to onboard your alarms to AWS Incident Detection and Response
1. Define and configure your critical alarms for rapid incident management. For detailed information, see [Define and configure alarms in Incident Detection and Response](https://docs.aws.amazon.com/IDR/latest/userguide/idr-gs-alarms.html) in the *Incident Detection and Response User Guide*.
1. For steps to set up alarms using Amazon CloudWatch, see [Define and configure alarms in Incident Detection and Response](https://docs.aws.amazon.com/IDR/latest/userguide/idr-gs-alarms.html) in the *Incident Detection and Response User Guide*. For AWS recommendations on critical alarm types for various AWS services, see [Incident Detection and Response (IDR)](https://repost.aws/selections/KP6FA7iQgVSVeSNq1jAcjwxg/incident-detection-and-response-idr). Contact your AWS Unified Operations team if you want AWS to automate the creation of critical AWS alarms for your tagged AWS resources.
1. To redirect or ingest critical alarms from 3rd party APM tools with [direct Amazon EventBridge integration](https://aws.amazon.com/eventbridge/integrations/), such as DataDog, NewRelic, and so on, see [Ingest alarms from APMs that have direct integration with Amazon EventBridge](https://docs.aws.amazon.com/IDR/latest/userguide/idr-gs-ingest_alarms_from_apm_to_eventbridge.html) in the *AWS Incident Detection and Response User Guide*. You must deploy a set of AWS resources (AWS Lambda and Amazon EventBridge event bus rules) to transform and redirect your alarm (event) to AWS Incident Detection and Response. Your AWS Unified Operations team can help provide the CloudFormation template to install these resources.
1. Redirect or ingest critical alarms from your custom monitoring tool through a 3rd party APM tool that doesn’t have direct integration with Amazon EventBridge. For more information, see [Use webhooks to ingest alarms from APMs without direct integration with Amazon EventBridge](https://docs.aws.amazon.com/IDR/latest/userguide/idr-ingesting-alarms-using-webhooks.html) in the *AWS Incident Detection and Response User Guide*. You must deploy a set of AWS resources (API Gateway AWS Lambda functions, and Amazon EventBridge event bus rules) to transform and redirect your alarm (event) to AWS Incident Detection and Response. Your AWS Unified Operations team can help provide the CloudFormation template to install these resources.
1. Provide workload architecture details, point of contact information and runbook information on mitigation actions for critical alarms. To do this, complete the following steps:
1. Download and complete the [AWS Incident Detection and Response Workload onboarding questionnaire](https://docs.aws.amazon.com/IDR/latest/userguide/idr-gs-questionnaire.html) for each critical workload or application and the [Alarm ingestion questionnaire](https://docs.aws.amazon.com/IDR/latest/userguide/idr-gs-questionnaire.html) related to each unique workload.
The information in these questionnaires helps the AWS team develop an incident remediation runbook. This runbook enables appropriate actions to be taken to quickly troubleshoot and remediate critical alarms before they cause business downtime. For examples and sample information, see [Workload onboarding and alarm ingestion questionnaires in AWS Incident Detection and Response](https://docs.aws.amazon.com/IDR/latest/userguide/idr-gs-questionnaire.html).
1. Provide access to onboard your critical alarms to AWS Incident Detection and Response
1. Deploy the `AWSServiceRoleForHealth_EventProcessor` service-linked role (SLR) in your AWS account running the critical workload to be monitored by the AWS incident management team. For more information, see [Provision access for alert ingestion to AWS Incident Detection and Response](https://docs.aws.amazon.com/IDR/latest/userguide/idr-gs-access-prov.html).
**Note**
To assist your with onboarding of large AWS accounts, AWS can provide you with a AWS Command Line Interface script to fast track the provisioning of this SLR.
1. (Optional) If your alarms are in Amazon CloudWatch, make sure that the AWS Identity and Access Management user or role that's used for alarm testing (before go-live) has the `cloudwatch:SetAlarmState` IAM permission in your AWS account that's running the critical workload. This is needed for alarm testing (gameday) post onboarding. For more information, see [Test onboarded workloads in AWS Incident Detection and Response](https://docs.aws.amazon.com/IDR/latest/userguide/idr-workloads-testing.html).
1. Create a AWS Support case to subscribe a workload for rapid incident management. Note that your AWS account is automatically enabled for inbound rapid incident management, which means you can raise a case to the Unified Operations Incident Detection and Response queue through the Support Center Console, the AWS Command Line Interface, or the AWS SDK for quick action. For AWS to proactively monitor and create incidents with an outbound AWS Support case, create an AWS Support case for your critical workload. To do this, complete the following steps:
1. Sign in to the [AWS Support Center Console](https://console.aws.amazon.com/support), select **Create case**, and then select **Technical support**.
1. For **Service** select **Incident Detection and Response**.
1. For **Category** select **Onboard new workload**.
1. For **Severity** select **General guidance**.
1. Attached the Workload and Alarm questionnaires that you completed in the previous step.
# Unified Operations Getting started: How to request 5-minute incident response
AWS Unified Operations offers 5-minute incident response for your critical incidents. To request a 5-minute inbound response you can [create a support case from a support interaction](create-support-case-from-interaction.md) or use the [legacy support case creation method](case-management-legacy.md#creating-a-support-case-legacy). When you create your case, make sure that you enter the following information to ensure that your case receives a response within 5 minutes:
1. For **Case type**, choose **Technical**.
1. For **Service**, choose **AWS Incident Detection and Response**.
1. For **Category**, choose **Active Incident**.
1. For **Severity**, choose **Business-critical system down**.
1. In the **Description**, include the following information
1. Technical information
+ Workload name
+ Affected AWS Resource ARN(s)
1. Business information
+ Description of impact to the business
+ (Optional) Customer bridge details
# Unified Operations Getting started: Plan for domain coverage
AWS Unified Operations provides specialized expertise through a domain-based coverage approach. Each domain is supported by a team of AWS Domain Specialists who provide the following services:
+ **Specialized expertise** aligned to your specific technology areas.
+ **Continuous coverage ** with availability through your preferred collaboration tools (Slack or Microsoft Teams) during business days.
+ **Proactive guidance** on architecture, best practices, and optimization opportunities.
+ **Enhanced incident response** through deep domain knowledge and workload familiarity.
+ **Consistent experience** maintained by a coordinated team rather than individuals.
This approach to domain coverage enables AWS specialists to maintain deep familiarity with your critical workloads while providing comprehensive support across your technology stack.
To select the domains, organizations maintain decision authority from a choice of 23 AWS Domains and consider the following factors in their decision:
+ Primary AWS services running critical workloads
+ Critical AWS service dependencies (such as Amazon EC2, Amazon EKS, or Amazon RDS)
+ Major upcoming events requiring 24x7 support coverage (migrations, launches) planned within 3-6 months
This information, combined with guidance from your Technical Account Manager, enables precise alignment of domain expertise with your specific organizational needs, helping you maintain optimal support for mission-critical workloads.
# Unified Operations Getting started: Onboard your account to proactive security incident management
Unified Operations entitles you to AWS Security Incident Response to help you quickly prepare for, respond to, and recover from security incidents, such as account takeovers, data breaches, and ransomware attacks. AWS Security Incident Response triages findings, escalates events, and manages critical cases, while also providing access to the AWS Customer Incident Response Team (CIRT) to investigate impacted resources. This access helps you to effectively mitigate and resolve security incidents, minimizing the impact on your operations. To onboard to this service feature, complete the following steps:
1. Create a centralized AWS account for AWS Security Incident Response. This AWS account will be used to configure all other AWS accounts that you want monitored, to manage your incident response team, and to create and view security events. We recommend that you to align this account with the account that you use for other security services such as Amazon GuardDuty and AWS Security Hub CSPM. You can use an [AWS Organizations](https://docs.aws.amazon.com/whitepapers/latest/organizing-your-aws-environment/aws-organizations.html) management account, or an AWS Organizations delegated administrator account as the Security Incident Response membership account. For more information, see [Select a membership account](https://docs.aws.amazon.com/security-ir/latest/userguide/select-a-membership-account.html) in the *AWS Security Incident Response User Guide*.
1. Choose basic membership details. For more information, see [Setup membership details](https://docs.aws.amazon.com/security-ir/latest/userguide/setup-membership-details.html) in the *AWS Security Incident Response User Guide*.
1. Choose how you want to associate accounts with AWS Organizations. For more information, see [Associate accounts with AWS Organizations](https://docs.aws.amazon.com/security-ir/latest/userguide/associate-accounts-with-aws-organizations.html) in the *AWS Security Incident Response User Guide*.
1. (Optional) You can optionally enable proactive response and alert triaging workflow to enable within your organization to monitor and investigate alerts generated from Amazon GuardDuty and AWS Security Hub CSPM integrations. For more information, see [Setup proactive response and alert triaging workflows](https://docs.aws.amazon.com/security-ir/latest/userguide/setup-monitoring-and-investigation-workflows.html) in the *AWS Security Incident Response User Guide*.
1. (Optional) Enable the proactive containment of a potential security incident. AWS can perform containment actions to quickly mitigate impact, such as isolating compromised hosts or rotating credentials. To turn on this feature, you must first grant the necessary permissions to the service. To do this, deploy an [Step Functions StackSet](https://docs.aws.amazon.com/security-ir/latest/userguide/working-with-stacksets.html).
# Unified Operations Getting started: AWS expectations from you
For Unified Operations to deliver maximum value, we recommend the following collaborative approach:
**Team engagement**
+ Identify subject matter experts from your team to collaborate with AWS engineers during onboarding and ongoing engagement.
+ Participate in initial discovery calls and subsequent meetings to share architecture details and operational requirements.
+ Establish regular touchpoints to review architecture updates or workload changes.
**Operational integration**
+ Configure critical alarms in your account to enable effective incident management.
+ Implement recommended action items provided by AWS specialists,
+ Participate in gameday exercises to validate incident response processes.
This collaborative framework helps you maximize the value of Unified Operations, achieve your uptime goals, mitigate operational risks, and receive comprehensive support for your mission-critical workloads.
# Unified Operations Getting started: What you can expect from AWS
When you onboard to Unified Operations, you can expect the following from AWS.
+ Provide a team of designated AWS experts with deep technical expertise in the your workload domain and services.
+ Offer proactive guidance, ongoing optimization, and continuous improvement recommendations to enhance workload performance and resiliency and accelerate path to migrations and modernization.
+ Help provide rapid incident response, with context-aware engineers engaged within 5 minutes of a critical incident.
+ Offer comprehensive support throughout the application lifecycle, from design and migration to production launch and long-term operations.
+ Proactively monitor security threats with auto-triaging, reducing false positives, and raising incidents for potential security incidents.
+ Assist in trouble and joint mitigation of AWS or your identified security incident.