Generate specific parameters to appear in SNS email notification in CloudWatch Alarm for a Log Group

Question

I am able to create a CloudWatch alarm that gets triggered from a Metric Filter of "ERROR" in a log group, however, I need to add specific parameters to the email notification that the CW alarm generates. I have created a SNS Topic and SNS Subscription to generate the notification but I cannot figure out how to add the below parameters to the email. I attempted to use Powershell command to do this but received an error of "Delivery protocol [email] does not support raw message delivery." From doing research, it appears that I need to create a Lambda function to do this. I am looking for guidance on how to structure the Lambda function to grab the raw data from the metric filter in the log group and sends that information in an email when the ERROR Cloudwatch Alarm is triggered.

"@@t" - time
"SourceContext" - the context of the occurred error
"MachineName" - server name
"@log" - the log group name

Thank you,

*   "@@t" - time
  *   "SourceContext" - the context of the occurred error
  *   "MachineName" - server name
  *   "@log" - the log group name

Thank you,

Accepted Answer

Currently you can't directly embed the data you are looking for in a CloudWatch alarm notification.  However, as you discovered you can enrich the notification by using your own code in the form of a Lambda.  CloudWatch alarms supports SNS as a destination, which is straight forward to connect to a Lambda function.

You can see https://github.com/awslabs/cloudwatch-logs-customize-alarms for an example of how to enrich an Alarm with the log event details.  Because each metric filter is unique to a log group, you can take advantage of the "Description" field on the alarm to convey the log group.  The description comes across on the notification email.

Here is a blog post that explains the end-to-end process: https://aws.amazon.com/blogs/mt/customize-amazon-cloudwatch-alarm-notifications-to-your-local-time-zone-part-1/

Generate specific parameters to appear in SNS email notification in CloudWatch Alarm for a Log Group

相關內容