AWS CloudWatch alarms should have at least one alarm action, one INSUFFICIENT_DATA action, or one OK action enabled

Description

AWS can invoke an action when a metric alarm changes state. For example, you can configure CloudWatch to send an SNS notification when an EC2 instance’s CPU usage exceeds a certain threshold, alerting you to potentially anomalous activity.

Remediation Steps

AWS Console

• Navigate to CloudWatch.

• In the left pane, select Alarms.

• Select the noncompliant alarm.

• Select Edit.

• The Specify metric and conditions page appears. Select Next.

• Under Auto Scaling action or EC2 action, edit the actions taken when the alarm is triggered.

• Select Update Alarm.

AWS CLI

Note that when you update an existing alarm, its state is left unchanged, but the update completely overwrites the previous configuration of the alarm.

Follow the format below, replacing YOURALARMNAME with your alarm name and including at least one of --alarm-actions <value>, --insufficient-data-actions <value>, or --ok-actions <value>:

• aws cloudwatch put-metric-alarm --alarm-name YOURALARMNAME --evaluation-periods <value> --comparison-operator <value> --alarm-actions <value> --insufficient-data-actions <value> --ok-actions <value>

For example, this command configures an alarm action to send an Amazon Simple Notification Service email message when CPU utilization exceeds 70 percent:

• aws cloudwatch put-metric-alarm --alarm-name cpu-mon --alarm-description "Alarm when CPU exceeds 70 percent" --metric-name CPUUtilization --namespace AWS/EC2 --statistic Average --period 300 --threshold 70 --comparison-operator GreaterThanThreshold  --dimensions "Name=InstanceId,Value=i-12345678" --evaluation-periods 2 --alarm-actions arn:aws:sns:us-east-1:111122223333:MyTopic --unit Percent

CloudFormation

JSON

• Ensure that AWS::CloudWatch::Alarm contains the following:

{
  "Properties" : {
    "AlarmActions" : "arn:aws:sns:region:account-id:sns-topic-name",
    "ComparisonOperator" : "GreaterThanOrEqualToThreshold",
    "EvaluationPeriods" : 1
    }
  }
}

JSON Example Configuration

{
  "Type" : "AWS::CloudWatch::Alarm",
    "Properties" : {
      "AlarmActions" : "arn:aws:sns:region:account-id:sns-topic-name",
      "ComparisonOperator" : "GreaterThanOrEqualToThreshold",
      "EvaluationPeriods" : 1
      }
    }
  # other required fields here
}

YAML

• Ensure that AWS::CloudWatch::Alarm contains the following:

Properties:
  AlarmActions: arn:aws:sns:region:account-id:sns-topic-name
  ComparisonOperator: GreaterThanOrEqualToThreshold
  EvaluationPeriods: 1

YAML Example Configuration

Type: AWS::CloudWatch::Alarm
Properties:
  AlarmActions: arn:aws:sns:region:account-id:sns-topic-name
  ComparisonOperator: GreaterThanOrEqualToThreshold
  EvaluationPeriods: 1
# other required fields here

Terraform

• Ensure that the aws_cloudwatch_metric_alarm resource has at least one list item in one of alarm_actions, insufficient_data_actions, or ok_actions, specified with an ARN.

Example Configuration

resource "aws_cloudwatch_metric_alarm" "example" {
  alarm_actions = [aws_sns_topic.sns.arn]
  # other required fields here
}

Documentation Links

Runtime

• Console: Editing or Deleting a CloudWatch Alarm

• CLI: put-metric-alarm

CloudFormation

• AWS::CloudWatch::Alarm

Terraform

• Resource: aws_cloudwatch_metric_alarm

  • Field: alarm_actions

  • Field: insufficient_data_actions

  • Field: ok_actions