Skip to main content

⭐ Repository β†’ πŸ“ Compliance Engine β†’ πŸ“ CloudAware β†’ πŸ“ AWS β†’ πŸ“ CloudWatch

πŸ›‘οΈ AWS CloudWatch Metric Alarm does not have any actions configured🟒

  • Contextual name: πŸ›‘οΈ Metric Alarm does not have any actions configured🟒
  • ID: /ce/ca/aws/cloudwatch/metric-alarm-without-actions
  • Tags:
  • Policy Type: COMPLIANCE_POLICY
  • Policy Categories: RELIABILITY, SECURITY

Logic​

Similar Policies​

Description​

Open File

Description​

This policy identifies AWS CloudWatch Metric Alarms that do not have at least one action configured for any of the following states: ALARM, INSUFFICIENT_DATA, or OK.

AWS CloudWatch alarms monitor a single metric over a defined time period and can trigger one or more actions based on the metric’s value relative to a specified threshold. Actions typically include sending notifications (for example, to an Amazon SNS topic) or initiating automated responses (such as an EC2 Auto Scaling policy).

Rationale​

Alarms without configured actions are ineffective because they do not generate notifications or trigger automated responses when their state changes. This lack of response increases the risk of critical performance issues, security events, or system failures going undetected, potentially resulting in prolonged downtime or security breaches.

Impact​

Without actions, there is an increased risk of critical performance issues, security events, or system failures going undetected, potentially resulting in prolonged downtime or security breaches.

... see more

Remediation​

Open File

Remediation​

To remediate this issue, you must configure at least one action for your CloudWatch alarm. The most common action is to send a notification to an Amazon SNS topic.

Configure an Action​

From Command Line​

Each action is specified as an Amazon Resource Name (ARN).

aws cloudwatch put-metric-alarm 
    --alarm-name cpu-mon 
    --alarm-description "{{alarm-description}}"
    --actions-enabled 
    [--ok-actions {{list-of-actions}}]
    [--alarm-actions {{list-of-actions}}]
    [--insufficient-data-actions {{list-of-actions}}]
    --evaluation-periods 2 
    --comparison-operator {{GreaterThanOrEqualToThreshold | LessThanLowerOrGreaterThanUpperThreshold }}

Valid Actions​

EC2 actions​
  • arn:aws:automate:*region* :ec2:stop
  • arn:aws:automate:*region* :ec2:terminate
  • arn:aws:automate:*region* :ec2:reboot
  • arn:aws:automate:*region* :ec2:recover
  • arn:aws:swf:*region* :*account-id* :action/actions/AWS_EC2.InstanceId.Stop/1.0
  • arn:aws:swf:*region* :*account-id* :action/actions/AWS_EC2.InstanceId.Terminate/1.0

... see more

policy.yaml​

Open File

Linked Framework Sections​

SectionSub SectionsInternal RulesPoliciesFlagsCompliance
πŸ’Ό AWS Well-Architected β†’ πŸ’Ό OPS04-BP05 Implement distributed tracing1no data
πŸ’Ό Cloudaware Framework β†’ πŸ’Ό Alerting and Notification27no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό AU-6(1) Automated Process Integration (M)(H)3no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό AU-6(5) Integrated Analysis of Audit Records (H)2no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό CA-7 Continuous Monitoring (L)(M)(H)212no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SI-2 Flaw Remediation (L)(M)(H)2712no data
πŸ’Ό FedRAMP High Security Controls β†’ πŸ’Ό SI-4(12) Automated Organization-generated Alerts (H)1no data
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό CA-7 Continuous Monitoring (L)(M)(H)112no data
πŸ’Ό FedRAMP Low Security Controls β†’ πŸ’Ό SI-2 Flaw Remediation (L)(M)(H)12no data
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό AU-6(1) Automated Process Integration (M)(H)3no data
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό CA-7 Continuous Monitoring (L)(M)(H)212no data
πŸ’Ό FedRAMP Moderate Security Controls β†’ πŸ’Ό SI-2 Flaw Remediation (L)(M)(H)212no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.AE-02: Potentially adverse events are analyzed to better understand associated activities33no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.AE-03: Information is correlated from multiple sources48no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-01: Networks and network services are monitored to find potentially adverse events120no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-02: The physical environment is monitored to find potentially adverse events12no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-03: Personnel activity and technology usage are monitored to find potentially adverse events83no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-06: External service provider activities and services are monitored to find potentially adverse events33no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events139no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-01: Improvements are identified from evaluations24no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties37no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities38no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded29no data
πŸ’Ό NIST CSF v2.0 β†’ πŸ’Ό ID.RA-07: Changes and exceptions are managed, assessed for risk impact, recorded, and tracked30no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-6(1) Audit Record Review, Analysis, and Reporting _ Automated Process Integration13no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό AU-6(5) Audit Record Review, Analysis, and Reporting _ Integrated Analysis of Audit Records2no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό CA-7 Continuous Monitoring612no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-2 Flaw Remediation669no data
πŸ’Ό NIST SP 800-53 Revision 5 β†’ πŸ’Ό SI-4(12) System Monitoring _ Automated Organization-generated Alerts1no data