I have a number of AWS Alarms setup in CloudWatch. When one of these alarms is tripped, I currently send a notification to ServiceNow. I would like to send some custom parameters in this notification, something like:
{
"source":"machineName",
"dataUrl": "someUrl"
}
My challenge is, I do not see a way to add custom parameters via the AWS Console for an alarm. Is there a way for me to send custom parameters to an SNS topic that will get sent to the target from an AWS CloudWatch Alarm?
Related
I'm pretty new to AWS but I did some research about my issue and I couldn't find an answer anywhere so hopefully someone can help me with this.
I would like to be notified on Slack whenever someone logs in with a Root account on any of my AWS accounts. I have set up Cloudtrail at the Organisation level to monitor cloudtrail logs on all my AWS account. I have set up a Cloudwatch alarm to trigger whenever a root account is used, the alarm is then sent to a SNS topic that sends it to a Lambda that triggers a message to Slack.
All of this is working fine. However, the message I receive from SNS is basically the following: The alarm (root_login) has been trigerred
Ideally I would want to receive the Cloudwatch event that shows me more information like the IP Address of the user, the AWS account where it occured, etc...
Basically I would like to receive the Cloudwatch event log to the lambda instead of the Cloudwatch alarm trigger. Is that something that is possible?
Thanks
Yes that is possible. Here are some instructions from the AWS site on the aws-sns-to-slack-publisher. The page contains the steps you need to take to deploy .
Here is an example of publishing a health event to slack.
You will ofcourse need to modify the code to meet your requirements.
I have to monitor CloudWatch logs for particular lambda. When the specific error message such as HTTP-50X is logged to CloudWatch, then we need to send an email notification to alert that the something is wrong.
We need help to create alert email in AWS to monitor manually the logs to see if there is any such error logged.
This is exactly what metric filter is for. Create a metric filter that monitors your log group for specific pattern. Then create a CloudWatch alarm based on a new metric and configure it with an SNS action. Then simply subscribe your email to that SNS topic.
All of this can be easily done via CloudFormation(Metric filter, Alarm, SNS). You can also use CDK.
You can process/monitor logs in real-time using lambda functions. Checkout Using AWS Lambda with Amazon CloudWatch Logs and Real-time Processing of Log Data with Subscriptions for details.
I am new with AWS and I m trying to find a way to get alarms from cloud watch. I set up an SNS topic and set a server endpoint but I relize that this needs confirmation of subscription.Do you know how to set up the webhook or if there is a call for getting alarms?
Go to CloudWatch
Choose Alarms from the left menu
Create Alarm
Select your metric
Specify metric and conditions then next
In the Configure actions part you may select an SNS Topic from the dropdown list.
Fill name, description on the next step
Preview and create.
Edit:
For subscription part; i've created a topic and a lambda for it's subscription which will get SNS event and send it to slack. There are other options such as http(s) calls, email, sms etc.
Is it possible to configure AWS CloudWatch with a filter/monitor that "listens" or watches for a particular type of log message (ideally with granular or regex-like control where I can tell CloudWatch to look for a particular pattern in the log message) so that it forwards the log message off to a particular SNS endpoint?
Meaning:
My app publishes log messages to CloudWatch
CloudWatch is configured with this filter/monitor to listen for log messages matching a particular regex/pattern
Any messages matching this pattern get forwarded on to an SNS endpoint of my choosing
The best I could find was this article which shows how to have CloudWatch send email through SNS, but not sure if the alarm they use can be configured to watch for message patterns, and not sure if SNS can be configured to do non-SES/email related downstream work.
CloudWatch logs can have subscriptions. The targets can currently be setup for Kinesis streams or Lambda functions, but you could define the subscription filter to send matching messages to a lambda function that puts them onto the SNS topic, if that is required.
For example:
aws logs put-subscription-filter --log-group-name /aws/ecs/mycontainer --destination-arn arn:aws:lambda:us-east-1:123456:function:my-log-watch-sns-feeder --filter-name container-errors --filter-pattern "ERROR"
This would setup a subscription filter that sends log messages from an ECS container called mycontainer that contain the string ERROR to the lambda function named my-log-watch-sns-feeder.
For more information:
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/Subscriptions.html
https://docs.aws.amazon.com/AmazonCloudWatch/latest/logs/FilterAndPatternSyntax.html
I'm using AWS Cloudwatch to monitor application log files on my AWS EC2 instances. Is there a way to include Custom data (I.E. stack trace) in the Cloudwatch Alert when it is triggered by the metric I define?
I ended up routing the alert event to a REST service I wrote rather than to the SNS notification group. The web service uses the "event name" and timestamp to generate a custom notification. It pulls diagnostic information from several services, including our ELK stack, and includes it in the custom notification along with the typical Cloudwatch Alert data. The web service then sends the custom notification to the original SNS notification group to be distributed.