How do I use EventBridge to create a custom response for a CloudWatch alarm?

Short description

You can use CloudWatch alarms that are integrated with EventBridge to automate remediation or recovery of your environment.

You can use your EventBridge rule to monitor a CloudWatch alarm for configuration changes, for example, create, update, or delete. You can also use your rule to monitor state changes, for example, OK, ALARM, or INSUFFICIENT. You can associate your rule with any supported target.

Resolution

Note: If you receive errors when you run AWS Command Line Interface (AWS CLI) commands, then see Troubleshooting errors for the AWS CLI. Also, make sure that you're using the most recent AWS CLI version.

When CloudWatch encounters a state change, it sends an Amazon Simple Notification Service (Amazon SNS) notification or invokes an AWS Lambda Function. Or, it might respond with an Amazon Elastic Compute Cloud (Amazon EC2) or an AWS Auto Scaling action.

You can use an EventBridge rule to create a customized action. When a state change occurs, the EventBridge rule invokes targets to carry out custom responses. You must create the rule in the same Region as the CloudWatch alarm.

Create a resource to run the custom action

Make sure the resource that you create to run your custom action is a supported EventBridge target.

Create a CloudWatch alarm

Complete the following steps:

1. Open the CloudWatch console.
2. In the navigation pane, choose Alarms, and then All alarms.
3. Choose Create alarm.
4. Choose Select metric.
5. Choose the Graphed metrics tab.
6. Select Statistic, for example, Average, Maximum, or p99.
7. Select Period, for example, 1 minute.
8. Choose Select metric.
9. For Conditions, select the values for threshold type, alarm condition, and threshold value.
   Note: These parameters determine when the alarm changes state.
10. Choose Next.
11. On the Configure Actions page, in the Notification section, choose Remove.
    Note: The action's provided by the corresponding EventBridge target.
12. Choose Next.
13. Enter a name and a description for the alarm. Then, choose Next.
14. Under Preview and create, review the alarm configuration. Then, choose Create alarm.

Note: For more information on how to configure CloudWatch alarms, see Create a CloudWatch alarm based on a static threshold.

Create an EventBridge rule

Complete the following steps:

1. Open the EventBridge console.

2. In the navigation pane, choose Rules.

3. Choose Create rule.

4. Enter a Name.

5. (Optional) Enter a description for the rule.

6. For Event bus, choose AWS default event bus.

7. For Rule type, choose Rule with an event pattern.

8. Choose Next.

9. For Creation method, choose Custom pattern (JSON editor).

10. For Event Pattern, copy and customize one of the example event patterns. The following example initiates on CloudWatch Alarm configuration change for updates to a specific alarm:

    {
      "source": ["aws.cloudwatch"],
      "detail-type": ["CloudWatch Alarm Configuration Change"],
      "detail": {
        "alarmName": ["NGiNX 4XX Responses"],
        "operation": ["update"]
      }
    }

    The following example initiates on CloudWatch Alarm configuration change for updates to a specific namespace and metric:

    {
      "source": ["aws.cloudwatch"],
      "detail-type": ["CloudWatch Alarm Configuration Change"],
      "detail": {
        "configuration": {
          "metrics": {
            "metricStat": {
              "metric": {
                "name": ["CPUUtilization"],
                "namespace": ["AWS/EC2"]
              }
            }
          }
        }
      }
    }
    

    The following example initiates on CloudWatch Alarm state change for a specific alarm in the ALARM state:

    {
      "source": ["aws.cloudwatch"],
      "detail-type": ["CloudWatch Alarm State Change"],
      "detail": {
        "alarmName": ["NGiNX 4XX Responses"],
        "state": {
          "value": ["ALARM"]
        }
      }
    }

11. Choose Next.

12. In the Select target(s) section, choose the targets that run the custom logic, and then choose Next.

13. Add any relevant tags to the rule, and then choose Next.

14. Choose Create rule.

Validate the rule

Take the following actions:

• Confirm that the rule initiates for rules that monitor alarm configuration, such as create, update, or delete the alarm.
• Confirm that the rule initiates for rules that monitor the alarm state. Use the SetAlarmState API operation to temporarily change the alarm state.

The following AWS CLI command example forces the alarm into an ALARM state:

aws cloudwatch set-alarm-state \\--alarm-name "NGiNX 4XX Responses" \\  
\--state-value ALARM \\  
\--state-reason "Validation Testing"

To confirm that your EventBridge rule invoked the targets, use the TriggeredRules, Invocations, and FailedInvocations metrics. To locate the metrics, navigate to your rule, and then choose the Monitoring tab in the EventBridge console. Or, view the metrics in the CloudWatch console in the AWS/Events namespace.

Related information

Alarm events and EventBridge