⭐ Repository → 📁 Compliance Engine → 📁 CloudAware → 📁 AWS → 📁 CloudWatch

🛡️ AWS CloudWatch Metric Alarm does not have any actions configured🟢

• Contextual name: 🛡️ Metric Alarm does not have any actions configured🟢
• ID: /ce/ca/aws/cloudwatch/metric-alarm-without-actions
• Tags:
  • 🟢 Policy with categories
  • 🟢 Policy with type
  • 🟢 Production policy
• Policy Type: COMPLIANCE_POLICY
• Policy Categories: RELIABILITY, SECURITY

Logic

• 🧠 prod.logic.yaml🟢
  • 📗 AWS CloudWatch Metric Alarm
  • 🔌 AWS CloudWatch Metric Alarm - object.extracts.yaml
  • 🧪 test-data.json

Similar Policies

• AWS Security Hub: [CloudWatch.17] CloudWatch alarm actions should be activated

Description

Open File

Description

This policy identifies AWS CloudWatch Metric Alarms that do not have at least one action configured for any of the following states: ALARM, INSUFFICIENT_DATA, or OK.

AWS CloudWatch alarms monitor a single metric over a defined time period and can trigger one or more actions based on the metric’s value relative to a specified threshold. Actions typically include sending notifications (for example, to an Amazon SNS topic) or initiating automated responses (such as an EC2 Auto Scaling policy).

Rationale

Alarms without configured actions are ineffective because they do not generate notifications or trigger automated responses when their state changes. This lack of response increases the risk of critical performance issues, security events, or system failures going undetected, potentially resulting in prolonged downtime or security breaches.

Impact

Without actions, there is an increased risk of critical performance issues, security events, or system failures going undetected, potentially resulting in prolonged downtime or security breaches.

... see more

Remediation

Open File

Remediation

To remediate this issue, you must configure at least one action for your CloudWatch alarm. The most common action is to send a notification to an Amazon SNS topic.

Configure an Action

From Command Line

Each action is specified as an Amazon Resource Name (ARN).

aws cloudwatch put-metric-alarm 
    --alarm-name cpu-mon 
    --alarm-description "{{alarm-description}}"
    --actions-enabled 
    [--ok-actions {{list-of-actions}}]
    [--alarm-actions {{list-of-actions}}]
    [--insufficient-data-actions {{list-of-actions}}]
    --evaluation-periods 2 
    --comparison-operator {{GreaterThanOrEqualToThreshold | LessThanLowerOrGreaterThanUpperThreshold }}

Valid Actions

EC2 actions

• arn:aws:automate:*region* :ec2:stop
• arn:aws:automate:*region* :ec2:terminate
• arn:aws:automate:*region* :ec2:reboot
• arn:aws:automate:*region* :ec2:recover
• arn:aws:swf:*region* :*account-id* :action/actions/AWS_EC2.InstanceId.Stop/1.0
• arn:aws:swf:*region* :*account-id* :action/actions/AWS_EC2.InstanceId.Terminate/1.0

... see more

policy.yaml

Open File

Linked Framework Sections

Section	Sub Sections	Internal Rules	Policies	Flags	Compliance
💼 AWS Well-Architected → 💼 OPS04-BP05 Implement distributed tracing			1		no data
💼 Cloudaware Framework → 💼 Alerting and Notification			27		no data
💼 FedRAMP High Security Controls → 💼 AU-6(1) Automated Process Integration (M)(H)			3		no data
💼 FedRAMP High Security Controls → 💼 AU-6(5) Integrated Analysis of Audit Records (H)			2		no data
💼 FedRAMP High Security Controls → 💼 CA-7 Continuous Monitoring (L)(M)(H)	2		12		no data
💼 FedRAMP High Security Controls → 💼 SI-2 Flaw Remediation (L)(M)(H)	2	7	12		no data
💼 FedRAMP High Security Controls → 💼 SI-4(12) Automated Organization-generated Alerts (H)			1		no data
💼 FedRAMP Low Security Controls → 💼 CA-7 Continuous Monitoring (L)(M)(H)	1		12		no data
💼 FedRAMP Low Security Controls → 💼 SI-2 Flaw Remediation (L)(M)(H)			12		no data
💼 FedRAMP Moderate Security Controls → 💼 AU-6(1) Automated Process Integration (M)(H)			3		no data
💼 FedRAMP Moderate Security Controls → 💼 CA-7 Continuous Monitoring (L)(M)(H)	2		12		no data
💼 FedRAMP Moderate Security Controls → 💼 SI-2 Flaw Remediation (L)(M)(H)	2		12		no data
💼 NIST CSF v2.0 → 💼 DE.AE-02: Potentially adverse events are analyzed to better understand associated activities			33		no data
💼 NIST CSF v2.0 → 💼 DE.AE-03: Information is correlated from multiple sources			48		no data
💼 NIST CSF v2.0 → 💼 DE.CM-01: Networks and network services are monitored to find potentially adverse events			120		no data
💼 NIST CSF v2.0 → 💼 DE.CM-02: The physical environment is monitored to find potentially adverse events			12		no data
💼 NIST CSF v2.0 → 💼 DE.CM-03: Personnel activity and technology usage are monitored to find potentially adverse events			83		no data
💼 NIST CSF v2.0 → 💼 DE.CM-06: External service provider activities and services are monitored to find potentially adverse events			33		no data
💼 NIST CSF v2.0 → 💼 DE.CM-09: Computing hardware and software, runtime environments, and their data are monitored to find potentially adverse events			139		no data
💼 NIST CSF v2.0 → 💼 ID.IM-01: Improvements are identified from evaluations			24		no data
💼 NIST CSF v2.0 → 💼 ID.IM-02: Improvements are identified from security tests and exercises, including those done in coordination with suppliers and relevant third parties			37		no data
💼 NIST CSF v2.0 → 💼 ID.IM-03: Improvements are identified from execution of operational processes, procedures, and activities			38		no data
💼 NIST CSF v2.0 → 💼 ID.RA-01: Vulnerabilities in assets are identified, validated, and recorded			29		no data
💼 NIST CSF v2.0 → 💼 ID.RA-07: Changes and exceptions are managed, assessed for risk impact, recorded, and tracked			30		no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-6(1) Audit Record Review, Analysis, and Reporting _ Automated Process Integration		1	3		no data
💼 NIST SP 800-53 Revision 5 → 💼 AU-6(5) Audit Record Review, Analysis, and Reporting _ Integrated Analysis of Audit Records			2		no data
💼 NIST SP 800-53 Revision 5 → 💼 CA-7 Continuous Monitoring	6		12		no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-2 Flaw Remediation	6	6	9		no data
💼 NIST SP 800-53 Revision 5 → 💼 SI-4(12) System Monitoring _ Automated Organization-generated Alerts			1		no data