By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Clouwatch alarm

0

I have created an AWS CloudWatch alarm and added an AWS lambda function to be triggered when the alarm is in "alarm" state but the lambda function is not getting triggered when the alarm state changes from "OK" to "alarm". The lambda function runs fine when I test it manually.

Topics
ServerlessComputeManagement & GovernanceDevOps
Tags
AWS LambdaAmazon CloudWatchDevOps
Language
English
harsh pratap singh
asked 3 months ago744 views
5 Answers
2

Hi, you indicate the lambda function is not triggered by the alarm, can you please confirm that you have created a security policy to allow CloudWatch to execute that lambda function? There is an example of how to create that security policy in the Lambda action section on the main alarm documentation page. You need to run something that looks like that - it's a one-off configuration, once you've done it, you don't need to do it again.

The below example allows only one alarm (identified by its arn) to execute a specific function (identified by its name). You can adjust to your needs, for example allowing all alarms (and not just one alarm) from a specific account to execute a specific function.

aws lambda add-permission \
--function-name my-function-name \
--statement-id AlarmAction \
--action 'lambda:InvokeFunction' \
--principal lambda.alarms.cloudwatch.amazonaws.com \
--source-account 111122223333 \
--source-arn arn:aws:cloudwatch:us-east-1:111122223333:alarm:alarm-name
profile pictureAWS
Jsc
answered 3 months ago
2

Please verify the whether the Lambda execution role has permission to allow cloudwatch to execute the lambda. How to create required permission could be found at https://repost.aws/knowledge-center/lambda-permissions-issues

Possible Lambda Execution scenario failures could be found at the document https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarms-and-actions

AWS
Phani_L
answered 3 months ago
1

Could you please confirm that the CloudWatch alarm is indeed transitioning from "OK" to "ALARM." You can check the alarm history in the CloudWatch console or use the AWS CLI to get the alarm history :- "aws cloudwatch describe-alarm-history --alarm-name YourAlarmName" Examine the CloudWatch Logs for your Lambda function to see if there are any error messages or information logged when the function is triggered by the CloudWatch alarm. Clouldwatch ->loggroups-> search for lambda based on your configurations

profile picture
EXPERT
Adeleke Adebowale J
answered 3 months ago
1

Also, you could try to set the alarm into ALARM state manually and then check the Lambda logs and find out the reason as to why the invocation is not happening. To change the alarm state, you can use the management console CLI or aws cli. An example of the command is shown below:

aws cloudwatch set-alarm-state --alarm-name "myalarm" --state-value ALARM --state-reason "testing purposes"

AWS
Takeda
answered 3 months ago
0

I found out the issue. I did not allow cloudWatch to invoke the lambda function. This was the error: 'Failed to execute action "CloudWatch Alarms is not authorized to perform: lambda:InvokeFunction on the resource because no resource-based policy allows the lambda:InvokeFunction action" '. I added the permission by going into lambda -> configuration -> permission -> add permission. This will allow the cloudwatch service to invoke this lambda function.

harsh pratap singh
answered 3 months ago
  • Takeda
    3 months ago

    Happy to know that you found the issue !

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content