Generate specific parameters to appear in SNS email notification in CloudWatch Alarm for a Log Group


I am able to create a CloudWatch alarm that gets triggered from a Metric Filter of "ERROR" in a log group, however, I need to add specific parameters to the email notification that the CW alarm generates. I have created a SNS Topic and SNS Subscription to generate the notification but I cannot figure out how to add the below parameters to the email. I attempted to use Powershell command to do this but received an error of "Delivery protocol [email] does not support raw message delivery." From doing research, it appears that I need to create a Lambda function to do this. I am looking for guidance on how to structure the Lambda function to grab the raw data from the metric filter in the log group and sends that information in an email when the ERROR Cloudwatch Alarm is triggered.

  • "@@t" - time
  • "SourceContext" - the context of the occurred error
  • "MachineName" - server name
  • "@log" - the log group name

Thank you,

1 Answer
Accepted Answer

Currently you can't directly embed the data you are looking for in a CloudWatch alarm notification. However, as you discovered you can enrich the notification by using your own code in the form of a Lambda. CloudWatch alarms supports SNS as a destination, which is straight forward to connect to a Lambda function.

You can see for an example of how to enrich an Alarm with the log event details. Because each metric filter is unique to a log group, you can take advantage of the "Description" field on the alarm to convey the log group. The description comes across on the notification email.

Here is a blog post that explains the end-to-end process:

answered a year ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions