By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Using a cloudformation YAML template, how can I create an alarm calls a lambda function when the alarm is triggered?

0

Hello,

I'm trying to create an alarm and lambda functions with a cloud formation template (using a YAML file). I want to be able to set an alarm for a Lambda that will check the duration of the lambda, and when a threshold is passed for duration, the alarm action should call a separate lambda function that will eventually post to a teams channel via a web hook.

In my template I'm just trying to prove the concept, I saw this link that very recently AWS have added support for calling a lambda function via alarm actions:

https://aws.amazon.com/about-aws/whats-new/2023/12/amazon-cloudwatch-alarms-lambda-change-action/#:~:text=To%20invoke%20Lambda%20actions%20on,ALARM%20or%20INSUFFICIENT_DATA%20state%20changes.

Which links to:

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarms-and-actions

But I'm unsure of how to get this to work with my example? It doesn't provide a YAML example.

Could someone provide some insight? thanks.

Topics
ServerlessComputeManagement & Governance
Tags
AWS LambdaAWS CloudFormationAmazon CloudWatch
Language
English
Robert
asked 3 months ago342 views
2 Answers
0

Hi, To create a CloudFormation YAML template that creates an alarm triggering a Lambda function, you can use the AWS::CloudWatch::Alarm resource along with the AWS::Lambda::Permission resource to grant permission for CloudWatch to invoke the Lambda function. Below is an example YAML template:

AWSTemplateFormatVersion: '2010-09-09' Resources: MyLambdaFunction: Type: AWS::Lambda::Function Properties: Handler: index.handler Role: !GetAtt LambdaExecutionRole.Arn Code: S3Bucket: my-lambda-bucket S3Key: lambda-code.zip Runtime: python3.8

LambdaExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: lambda.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: LambdaExecutionPolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Resource: '*'

MyAlarm: Type: AWS::CloudWatch::Alarm Properties: AlarmDescription: "Alarm for Lambda errors" Namespace: AWS/Lambda MetricName: Errors Dimensions: - Name: FunctionName Value: !GetAtt MyLambdaFunction.FunctionName Statistic: Sum Period: 300 EvaluationPeriods: 1 Threshold: 1 ComparisonOperator: GreaterThanThreshold AlarmActions: - !Ref MyLambdaInvokePermission

MyLambdaInvokePermission: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: !GetAtt MyLambdaFunction.Arn Principal: cloudwatch.amazonaws.com SourceArn: !GetAtt MyAlarm.Arn

In this template:

MyLambdaFunction defines your Lambda function.
LambdaExecutionRole defines an IAM role for the Lambda function to execute with necessary permissions.
MyAlarm defines the CloudWatch alarm that triggers when the error count exceeds the threshold.
MyLambdaInvokePermission grants permission for CloudWatch to invoke the Lambda function.

Make sure to replace my-lambda-bucket with the name of your S3 bucket containing the Lambda function code and index.handler with the appropriate handler function in your Lambda code.

profile picture
Hari Priya Reddy Maddi
answered 3 months ago
profile picture
EXPERT
Giovanni Lauria
reviewed 25 days ago
0

Hello.

I created an example CloudFormation template.
This template configures resource-based policies and creates CloudWatch alarms.
By specifying the ARN of the Lambda function in "AlarmActions" and "OKActions", you can use it as a target for CloudWatch alarms.

AWSTemplateFormatVersion: 2010-09-09

Parameters:
  LambdaName:
    Type: String
  LambdaARN:
    Type: String

Resources:
  LambdaPermission:
    Type: AWS::Lambda::Permission
    Properties:
      Action: "lambda:InvokeFunction"
      FunctionName: !Ref LambdaName
      Principal: "lambda.alarms.cloudwatch.amazonaws.com"
      SourceArn: !GetAtt LambdaAlarm.Arn

  LambdaAlarm:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmName: !Sub "test-lambda-alarm"
      AlarmDescription: "test"
      Namespace: "AWS/Lambda"
      Dimensions:
        - Name: "FunctionName"
          Value: !Ref LambdaName
      MetricName: "Duration"
      Unit: "Milliseconds"
      Period: 300
      Statistic: "Average"
      Threshold: 80
      ComparisonOperator: "GreaterThanOrEqualToThreshold"
      EvaluationPeriods: 1
      DatapointsToAlarm: 1
      TreatMissingData: "missing"
      ActionsEnabled: True
      AlarmActions:
        - !Ref LambdaARN
      OKActions:
        - !Ref LambdaARN
profile picture
EXPERT
Riku_Kobayashi
answered 3 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content