Homepage
About Snyk

CloudWatch alarm has no actions enabled Affecting CloudWatch service in AWS

Severity

0.0
medium
0
10
    Severity Framework
    Snyk CCSS
    Rule category
    Monitoring / Logging

Is your enviroment affected by this misconfiguration?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
    Frameworks
    HIPAA ISO-27001 PCI-DSS
  • Snyk ID SNYK-CC-00160
  • credit Snyk Research Team
Report a new misconfiguration Found a mistake?

Description

CloudWatch alarms should have at least one alarm action, one INSUFFICIENT_DATA action, or one OK action enabled. AWS can invoke an action when a metric alarm changes state. For example, you can configure CloudWatch to send an SNS notification when an EC2 instance's CPU usage exceeds a certain threshold, alerting you to potentially anomalous activity.

How to fix?

Ensure that the aws_cloudwatch_metric_alarm resource has at least one list item in one of alarm_actions, insufficient_data_actions, or ok_actions, specified with an ARN.

Example Configuration

resource "aws_cloudwatch_metric_alarm" "example" {
  alarm_actions = [aws_sns_topic.sns.arn]
  # other required fields here
}