AURA Incident Commander

Inspiration Modern security and SRE teams are overwhelmed by noisy alerts from services like CloudWatch, GuardDuty, and Security Hub, while still coordinating incidents in chat and manual runbooks. AURA was inspired by the idea of giving every team an AI Incident Commander that can keep everyone aligned under pressure and turn raw AWS signals into clear, shared situational awareness. ​

What it does AURA ingests alerts and logs from AWS, groups related signals into incidents, and generates concise summaries that explain what is happening and why it matters. It recommends prioritized next actions, orchestrates safe runbooks through services like Lambda and Systems Manager, and maintains a live timeline so responders always know the current state. ​

How we built it We implemented an ingestion and enrichment service that normalizes alerts from AWS sources into a unified incident model. On top of that, we built an AI analysis layer that uses LLMs to summarize context, correlate alerts, and suggest response steps, plus an orchestration layer that calls AWS services to execute guarded playbooks, all exposed through a web dashboard for responders. ​

Challenges we ran into Designing prompts and data structures that produce consistent, actionable recommendations instead of vague summaries was a major challenge with noisy, multi‑alert incidents. We also had to carefully decide which actions could be safely automated versus which required explicit human approval to align with responsible AI and security guidance on AWS. ​

Accomplishments that we're proud of We are proud that AURA follows AWS’s reference pattern for generative‑AI‑assisted incident response while still being practical enough to run as a hackathon project. We also turned abstract “AI copilot” ideas into a concrete Incident Commander that actually helps teams move faster and more safely during cloud incidents. ​

What we learned We learned how to break incident response into clear layers—ingestion, enrichment, AI, orchestration, and knowledge base—and map each to specific AWS services and patterns. We also saw that AI is most valuable when it explains decisions, logs its suggestions, and fits into existing workflows instead of acting as a black box. ​

What's next for AURA Incident Commander Next, we want to deepen integrations with more AWS and third‑party tools, add richer context like asset and identity data, and better cover generative‑AI workloads. We also plan to add more agentic multi‑step playbooks, collaboration features, and automated post‑incident reports so AURA can become the central hub for security and reliability incidents. ​

Built With

• amazon-eventbridge
• amazon-web-services
• aws-cloudwatch
• aws-lambda
• aws-systems-manager
• django/flask
• fastapi
• github
• mongodb
• next.js
• python
• react
• typescript