How do I use Amazon EventBridge to create a custom response for an Amazon CloudWatch alarm?

4 minute read
0

I want my Amazon CloudWatch alarm to perform a custom action instead of sending an Amazon Simple Notification Service (Amazon SNS) message or responding with an Amazon Elastic Compute Cloud (Amazon EC2) or Amazon Auto Scaling action.

Short description

CloudWatch alarms are integrated with EventBridge, which offers targets such as an AWS Lambda Function, a Step Function, or the AWS Systems Manager Run Command. You can deploy these alarms to automate remediation or recovery of your environment.

An EventBridge rule can monitor a CloudWatch alarm for configuration changes (for example, create, update, or delete). Or, the rule can monitor state changes (for example, OK, ALARM, or INSUFFICIENT). Associate the rule with any supported target to satisfy the use case.

Resolution

By default, when CloudWatch encounters a state change, it sends an Amazon Simple Service (Amazon SNS) notification. Or, it might respond with an Amazon EC2 or an AWS Auto Scaling action.

Use an EventBridge rule to create a customized action. When a state change occurs, the EventBridge rule invokes targets to carry out the custom responses.
Note: To make sure that the EventBridge rule is triggered, create the rule in the same Region as the CloudWatch alarm.

Create a resource to run the desired logic

Make sure that this resource is a supported Amazon EventBridge target. For example, it might be a Lambda Function, a Step Function, or a Systems Manager Run Command that implements the custom action.

Create a CloudWatch alarm

  1. Open the CloudWatch console.
  2. In the navigation pane, choose Alarms, All alarms.
  3. Choose Create alarm.
  4. Choose Select Metric.
  5. Choose the Graphed metrics tab.
    Select Statistic (for example, Average, Maximum, or p99).
    Select Period (for example, 1 minute)
    Choose Select metric.
  6. For Conditions, select the appropriate values for threshold type, alarm condition, and threshold value. These parameters determine when the alarm changes state.
  7. Choose Next.
  8. On the Configure Actions page, in the Notification section, choose Remove.
    Note: The action isn't configured from the CloudWatch perspective. In this case, the action's provided by the corresponding EventBridge target.
  9. Choose Next.
  10. Enter a name and a description for the alarm. Then, choose Next.
  11. Under Preview and create, review the alarm configuration. Then, choose Create alarm.

For more information on configuring CloudWatch alarms, see Create a CloudWatch alarm based on a static threshold.

Create an EventBridge rule

  1. Open the EventBridge console.
  2. In the navigation pane, choose Rules.
  3. Choose Create rule.
  4. Enter a Name and, optionally, a Description for the rule.
    For Event bus, select AWS default event bus.
  5. For Rule type, choose Rule with an event pattern.
  6. Choose Next
  7. For Creation method, select Custom pattern (JSON editor).
  8. For Event Pattern, copy and customize (for example, alarmName, operation, or state) one of the example event patterns.
    • This code example triggers on CloudWatch Alarm configuration change for updates to a specific alarm:

      {
        "source": ["aws.cloudwatch"],
        "detail-type": ["CloudWatch Alarm Configuration Change"],
        "detail": {
          "alarmName": ["NGiNX 4XX Responses"],
          "operation": ["update"]
        }
      }
    • This code example triggers on CloudWatch Alarm configuration change for updates to a specific namespace and metric:

      {
        "source": ["aws.cloudwatch"],
        "detail-type": ["CloudWatch Alarm Configuration Change"],
        "detail": {
          "configuration": {
            "metrics": {
              "metricStat": {
                "metric": {
                  "name": ["CPUUtilization"],
                  "namespace": ["AWS/EC2"]
                }
              }
            }
          }
        }
      }
    • This code example triggers on CloudWatch Alarm state change for a specific alarm in the ALARM state:

      {
        "source": ["aws.cloudwatch"],
        "detail-type": ["CloudWatch Alarm State Change"],
        "detail": {
          "alarmName": ["NGiNX 4XX Responses"],
          "state": {
            "value": ["ALARM"]
          }
        }
      }
  9. Choose Next
  10. Under Select target(s), select the targets that run the custom logic, and then choose Next.
  11. Add any relevant tags to the rule, and then choose Next.
  12. Review the rule configuration, and then choose Create rule.

Validate the rule

  • Confirm that the rule triggers for rules monitoring alarm configuration, such as create, update, or delete the alarm.
  • Confirm that the rule triggers for rules monitoring the alarm state. Use the SetAlarmState API to temporarily change the alarm state.

This example of an AWS Command Line Interface (AWS CLI) command forces the alarm into an ALARM state:

aws cloudwatch set-alarm-state \
--alarm-name "NGiNX 4XX Responses" \
--state-value ALARM \
--state-reason "Validation Testing"

Confirm that the EventBridge rule triggered and invoked the targets using TriggeredRules, Invocations, and FailedInvocations metrics. These metrics are available in the EventBridge console. Navigate to the rule and use the Monitoring tab to locate the metrics. Or, view the metrics in the CloudWatch console under the AWS/Events namespace.

Related information

Alarm events and EventBridge

AWS OFFICIAL
AWS OFFICIALUpdated a year ago