Using a cloudformation YAML template, how can I create an alarm calls a lambda function when the alarm is triggered?

0

Hello,

I'm trying to create an alarm and lambda functions with a cloud formation template (using a YAML file). I want to be able to set an alarm for a Lambda that will check the duration of the lambda, and when a threshold is passed for duration, the alarm action should call a separate lambda function that will eventually post to a teams channel via a web hook.

In my template I'm just trying to prove the concept, I saw this link that very recently AWS have added support for calling a lambda function via alarm actions:

https://aws.amazon.com/about-aws/whats-new/2023/12/amazon-cloudwatch-alarms-lambda-change-action/#:~:text=To%20invoke%20Lambda%20actions%20on,ALARM%20or%20INSUFFICIENT_DATA%20state%20changes.

Which links to:

https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/AlarmThatSendsEmail.html#alarms-and-actions

But I'm unsure of how to get this to work with my example? It doesn't provide a YAML example.

Could someone provide some insight? thanks.

Robert
asked 22 days ago155 views
2 Answers
0

Hi, To create a CloudFormation YAML template that creates an alarm triggering a Lambda function, you can use the AWS::CloudWatch::Alarm resource along with the AWS::Lambda::Permission resource to grant permission for CloudWatch to invoke the Lambda function. Below is an example YAML template:

AWSTemplateFormatVersion: '2010-09-09' Resources: MyLambdaFunction: Type: AWS::Lambda::Function Properties: Handler: index.handler Role: !GetAtt LambdaExecutionRole.Arn Code: S3Bucket: my-lambda-bucket S3Key: lambda-code.zip Runtime: python3.8

LambdaExecutionRole: Type: AWS::IAM::Role Properties: AssumeRolePolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Principal: Service: lambda.amazonaws.com Action: sts:AssumeRole Policies: - PolicyName: LambdaExecutionPolicy PolicyDocument: Version: '2012-10-17' Statement: - Effect: Allow Action: - logs:CreateLogGroup - logs:CreateLogStream - logs:PutLogEvents Resource: '*'

MyAlarm: Type: AWS::CloudWatch::Alarm Properties: AlarmDescription: "Alarm for Lambda errors" Namespace: AWS/Lambda MetricName: Errors Dimensions: - Name: FunctionName Value: !GetAtt MyLambdaFunction.FunctionName Statistic: Sum Period: 300 EvaluationPeriods: 1 Threshold: 1 ComparisonOperator: GreaterThanThreshold AlarmActions: - !Ref MyLambdaInvokePermission

MyLambdaInvokePermission: Type: AWS::Lambda::Permission Properties: Action: lambda:InvokeFunction FunctionName: !GetAtt MyLambdaFunction.Arn Principal: cloudwatch.amazonaws.com SourceArn: !GetAtt MyAlarm.Arn

In this template:

MyLambdaFunction defines your Lambda function.
LambdaExecutionRole defines an IAM role for the Lambda function to execute with necessary permissions.
MyAlarm defines the CloudWatch alarm that triggers when the error count exceeds the threshold.
MyLambdaInvokePermission grants permission for CloudWatch to invoke the Lambda function.

Make sure to replace my-lambda-bucket with the name of your S3 bucket containing the Lambda function code and index.handler with the appropriate handler function in your Lambda code.

profile picture
answered 21 days ago
0

Hello.

I created an example CloudFormation template.
This template configures resource-based policies and creates CloudWatch alarms.
By specifying the ARN of the Lambda function in "AlarmActions" and "OKActions", you can use it as a target for CloudWatch alarms.

AWSTemplateFormatVersion: 2010-09-09

Parameters:
  LambdaName:
    Type: String
  LambdaARN:
    Type: String

Resources:
  LambdaPermission:
    Type: AWS::Lambda::Permission
    Properties:
      Action: "lambda:InvokeFunction"
      FunctionName: !Ref LambdaName
      Principal: "lambda.alarms.cloudwatch.amazonaws.com"
      SourceArn: !GetAtt LambdaAlarm.Arn

  LambdaAlarm:
    Type: AWS::CloudWatch::Alarm
    Properties:
      AlarmName: !Sub "test-lambda-alarm"
      AlarmDescription: "test"
      Namespace: "AWS/Lambda"
      Dimensions:
        - Name: "FunctionName"
          Value: !Ref LambdaName
      MetricName: "Duration"
      Unit: "Milliseconds"
      Period: 300
      Statistic: "Average"
      Threshold: 80
      ComparisonOperator: "GreaterThanOrEqualToThreshold"
      EvaluationPeriods: 1
      DatapointsToAlarm: 1
      TreatMissingData: "missing"
      ActionsEnabled: True
      AlarmActions:
        - !Ref LambdaARN
      OKActions:
        - !Ref LambdaARN
profile picture
EXPERT
answered 21 days ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions