🛡️ AWS CloudWatch Metric Alarm does not have any actions configured🟢

• Contextual name: 🛡️ Metric Alarm does not have any actions configured🟢
• ID: /ce/ca/aws/cloudwatch/metric-alarm-without-actions
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: RELIABILITY, SECURITY

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 AWS CloudWatch Metric Alarm
  • 🔌 AWS CloudWatch Metric Alarm - object.extracts.yaml
  • 🧪 test-data.json

Similar Policies

• AWS Security Hub: [CloudWatch.17] CloudWatch alarm actions should be activated

Description

Open File

Description

This policy identifies AWS CloudWatch Metric Alarms that do not have at least one action configured for any of the following states: ALARM, INSUFFICIENT_DATA, or OK.

AWS CloudWatch alarms monitor a single metric over a defined time period and can trigger one or more actions based on the metric’s value relative to a specified threshold. Actions typically include sending notifications (for example, to an Amazon SNS topic) or initiating automated responses (such as an EC2 Auto Scaling policy).

Rationale

Alarms without configured actions are ineffective because they do not generate notifications or trigger automated responses when their state changes. This lack of response increases the risk of critical performance issues, security events, or system failures going undetected, potentially resulting in prolonged downtime or security breaches.

Impact

Without actions, there is an increased risk of critical performance issues, security events, or system failures going undetected, potentially resulting in prolonged downtime or security breaches.

... see more

Remediation

Open File

Remediation

To remediate this issue, you must configure at least one action for your CloudWatch alarm. The most common action is to send a notification to an Amazon SNS topic.

Configure an Action

From Command Line

Each action is specified as an Amazon Resource Name (ARN).

aws cloudwatch put-metric-alarm 
    --alarm-name cpu-mon 
    --alarm-description "{{alarm-description}}"
    --actions-enabled 
    [--ok-actions {{list-of-actions}}]
    [--alarm-actions {{list-of-actions}}]
    [--insufficient-data-actions {{list-of-actions}}]
    --evaluation-periods 2 
    --comparison-operator {{GreaterThanOrEqualToThreshold | LessThanLowerOrGreaterThanUpperThreshold }}

Valid Actions

EC2 actions

• arn:aws:automate:*region* :ec2:stop
• arn:aws:automate:*region* :ec2:terminate
• arn:aws:automate:*region* :ec2:reboot
• arn:aws:automate:*region* :ec2:recover
• arn:aws:swf:*region* :*account-id* :action/actions/AWS_EC2.InstanceId.Stop/1.0
• arn:aws:swf:*region* :*account-id* :action/actions/AWS_EC2.InstanceId.Terminate/1.0

... see more

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 AWS Well-Architected → 💼 OPS04-BP05 Implement distributed tracing			1		no data
💼 AWS Well-Architected → 💼 OPS09-BP02 Communicate status and trends to ensure visibility into operation			1		no data
💼 AWS Well-Architected → 💼 REL11-BP06 Send notifications when events impact availability			1		no data
💼 Cloudaware Framework → 💼 Alerting and Notification			27		no data
💼 FedRAMP High Security Controls → 💼 AU-6(1) Automated Process Integration (M)(H)			3		no data
💼 FedRAMP High Security Controls → 💼 AU-6(5) Integrated Analysis of Audit Records (H)			2		no data
💼 FedRAMP High Security Controls → 💼 CA-7 Continuous Monitoring (L)(M)(H)	2		13		no data
💼 FedRAMP High Security Controls → 💼 IR-4(1) Automated Incident Handling Processes (M)(H)			1		no data
💼 FedRAMP High Security Controls → 💼 SI-2 Flaw Remediation (L)(M)(H)	2	7	14		no data
💼 FedRAMP High Security Controls → 💼 SI-4(5) System-generated Alerts (M)(H)			2		no data
💼 FedRAMP High Security Controls → 💼 SI-4(12) Automated Organization-generated Alerts (H)			1		no data
💼 FedRAMP Low Security Controls → 💼 CA-7 Continuous Monitoring (L)(M)(H)	1		13		no data
💼 FedRAMP Low Security Controls → 💼 SI-2 Flaw Remediation (L)(M)(H)			14		no data
💼 FedRAMP Moderate Security Controls → 💼 AU-6(1) Automated Process Integration (M)(H)			3		no data
💼 FedRAMP Moderate Security Controls → 💼 CA-7 Continuous Monitoring (L)(M)(H)	2		13		no data
💼 FedRAMP Moderate Security Controls → 💼 IR-4(1) Automated Incident Handling Processes (M)(H)			1		no data
💼 FedRAMP Moderate Security Controls → 💼 SI-2 Flaw Remediation (L)(M)(H)	2		14		no data
💼 FedRAMP Moderate Security Controls → 💼 SI-4(5) System-generated Alerts (M)(H)			2		no data
💼 NIST CSF v2.0 → 💼 DE.AE-02: Potentially adverse events are analyzed to better understand associated activities			35		no data
💼 NIST CSF v2.0 → 💼 DE.AE-03: Information is correlated from multiple sources			50		no data
💼 NIST CSF v2.0 → 💼 DE.CM-01: Networks and network services are monitored to find potentially adverse events			150		no data
💼 NIST CSF v2.0 → 💼 DE.CM-02: The physical environment is monitored to find potentially adverse events			13		no data
💼 NIST CSF v2.0 → 💼 DE.CM-03: Personnel activity and technology usage are monitored to find potentially adverse events			85		no data
💼 NIST CSF v2.0 → 💼 DE.CM-06: External service provider activities and services are monitored to find potentially adverse events			35		no data
💼 NIST CSF v2.0 → 💼 DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events			149		no data
💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations			26		no data
💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties			40		no data
💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities			41		no data
💼 NIST CSF v2.0 → 💼 ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded			31		no data
💼 NIST CSF v2.0 → 💼 ID.RA-07: Changes and exceptions are managed, assessed for risk impact, recorded, and tracked			31		no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-6(1) Audit Record Review, Analysis, and Reporting _ Automated Process Integration		1	3		no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-6(5) Audit Record Review, Analysis, and Reporting _ Integrated Analysis of Audit Records			2		no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring	6		13		no data
💼 NIST SP 800-53 Revision 5 → 💼 IR-4(1) Incident Handling _ Automated Incident Handling Processes			1		no data
💼 NIST SP 800-53 Revision 5 → 💼 IR-4(5) Incident Handling _ Automatic Disabling of System			1		no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-2 Flaw Remediation	6	6	11		no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-4(5) System Monitoring _ System-generated Alerts			2		no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-4(12) System Monitoring _ Automated Organization-generated Alerts			1		no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-20 Tainting			2		no data