Clouwatch alarm

Hi, you indicate the lambda function is not triggered by the alarm, can you please confirm that you have created a security policy to allow CloudWatch to execute that lambda function? There is an example of how to create that security policy in the Lambda action section on the main alarm documentation page. You need to run something that looks like that - it's a one-off configuration, once you've done it, you don't need to do it again.

The below example allows only one alarm (identified by its arn) to execute a specific function (identified by its name). You can adjust to your needs, for example allowing all alarms (and not just one alarm) from a specific account to execute a specific function.

aws lambda add-permission \
--function-name my-function-name \
--statement-id AlarmAction \
--action 'lambda:InvokeFunction' \
--principal lambda.alarms.cloudwatch.amazonaws.com \
--source-account 111122223333 \
--source-arn arn:aws:cloudwatch:us-east-1:111122223333:alarm:alarm-name

Please verify the whether the Lambda execution role has permission to allow cloudwatch to execute the lambda. How to create required permission could be found at https://repost.aws/knowledge-center/lambda-permissions-issues

Possible Lambda Execution scenario failures could be found at the document https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarms-and-actions

Could you please confirm that the CloudWatch alarm is indeed transitioning from "OK" to "ALARM." You can check the alarm history in the CloudWatch console or use the AWS CLI to get the alarm history :- "aws cloudwatch describe-alarm-history --alarm-name YourAlarmName" Examine the CloudWatch Logs for your Lambda function to see if there are any error messages or information logged when the function is triggered by the CloudWatch alarm. Clouldwatch ->loggroups-> search for lambda based on your configurations

Also, you could try to set the alarm into ALARM state manually and then check the Lambda logs and find out the reason as to why the invocation is not happening. To change the alarm state, you can use the management console CLI or aws cli. An example of the command is shown below:

aws cloudwatch set-alarm-state --alarm-name "myalarm" --state-value ALARM --state-reason "testing purposes"

I found out the issue. I did not allow cloudWatch to invoke the lambda function. This was the error: 'Failed to execute action "CloudWatch Alarms is not authorized to perform: lambda:InvokeFunction on the resource because no resource-based policy allows the lambda:InvokeFunction action" '. I added the permission by going into lambda -> configuration -> permission -> add permission. This will allow the cloudwatch service to invoke this lambda function.