CloudWatch alarm has no actions enabled Affecting CloudWatch service in AWS
CCSS (Common Configuration Scoring System) is a set of measures used to determine the severity of the rule.
Each rule is associated with a high-level category. For example IAM, Container, Monitoring, Logging, Network, etc.
Is your environment affected by this misconfiguration?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk IDSNYK-CC-00160
- creditSnyk Research Team
Description
CloudWatch alarms should have at least one alarm action, one INSUFFICIENT_DATA action, or one OK action enabled. AWS can invoke an action when a metric alarm changes state. For example, you can configure CloudWatch to send an SNS notification when an EC2 instance's CPU usage exceeds a certain threshold, alerting you to potentially anomalous activity.
How to fix?
Ensure that the aws_cloudwatch_metric_alarm resource has at least one list item in one of alarm_actions, insufficient_data_actions, or ok_actions, specified with an ARN.
###Example configuration:
resource "aws_cloudwatch_metric_alarm" "example" {
alarm_actions = [aws_sns_topic.sns.arn]
# other required fields here
}
Ensure that AWS::CloudWatch::Alarm contains the following: arn:aws:sns:region:account-id:sns-topic-name in the AlarmActions field, GreaterThanOrEqualToThreshold in the ComparisonOperator field, 1 in the EvaluationPeriods field.
Example configuration:
JSON example configuration:
{
"Type" : "AWS::CloudWatch::Alarm",
"Properties" : {
"AlarmActions" : "arn:aws:sns:region:account-id:sns-topic-name",
"ComparisonOperator" : "GreaterThanOrEqualToThreshold",
"EvaluationPeriods" : 1
}
# other required fields here
}
YAML example configuration:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmActions: arn:aws:sns:region:account-id:sns-topic-name
ComparisonOperator: GreaterThanOrEqualToThreshold
EvaluationPeriods: 1
# other required fields here