img_blog

Create an Automatic OpsItem When CloudWatch Alarm Enters an Alarm State

Auto-generated OpsItems give detailed information about the alarm for swift remediation.

Key Takeaways:

  • The auto-generated OpsItem offers aggregated information that makes alarm investigation easy
  • This reduces mean time to resolution
  • You can use metrics, anomalies, or events to configure your alarms

Time is always of the essence when solving problems. Ops engineers and IT professionals can reduce the mean time to resolution through integrating Amazon CloudWatch Alarms with OpsCenter to create Operational Work Items (OpsItems) automatically based on CloudWatch Alarms.

The auto-generated OpsItem gives information in context, including the name and ID of the monitored resource, alarm details, alarm history, and an alarm timeline graph. OpsCenter aggregates information from AWS Config, AWS CloudTrail logs, and Amazon CloudWatch Events in one place, which means you won’t have to navigate multiple console pages while investigating. Systems Manager Automation documents can be run in OpsCenter for easy remediation. 

You’re able to use your existing support structure because the new notification action acts in parallel with current notifications. OpsCenter also eliminates duplications of alarm events to avoid “flapping issues” 

Once configured, when an alarm state is triggered, the system automatically creates an OpsItem in OpsCenter and gives detailed information about the alarm. This feature is available via the AWS Management Console, AWS Command Line Interface (AWS CLI), or AWS CloudFormation. You can also build OpsItems manually.

Create a CloudWatch Alarm using the AWS Management Console using metrics

To begin creating an alarm using the AWS Management Console, follow the usual process to create a metric and set the threshold. The new feature appears when you select a notification action and will only be triggered in the alarm state. You will see the new OpsItem Notification Action in addition to the existing Amazon SNS, Auto Scaling, and EC2 actions.

The integration between AWS Systems Manager OpsCenter and Amazon CloudWatch Alarms is available in all regions where Systems Manager is offered. 

Follow these seven steps to create a new alarm:

   1. In the console, click the create alarm button.
   2. To select a metric for CloudWatch to monitor, click the select metric button.
   3. Select the instance you want to monitor and the metric and then click the select metric button.
   4. You’ll next see the “Specify metrics and conditions” screen. Select a metric name and configure the state that will trigger an Alarm.
   5. To create your OpsItem and configure actions for the alarm, first go to the notification section and click the Remove button to delete the default action. Then go to the Systems Manager OpsCenter action section and click the Add Systems Manager OpsCenter action button.
   6. Next, select the severity for the OpsItem. The integration will only trigger when the alarm is in an Alarm state. And OpsItem can’t be created for the Ok or Insufficient conditions. 
   7. Click Next to create the action.

Give the alarm a name and description, then review the alarm settings and click the Create button. This activates the alarm.

Create a CloudWatch Alarm using AWS CLI for anomaly detection

Enabling anomaly detection for a metric means CloudWatch applies machine-learning algorithms to the metric’s historical data and creates a model of the metric’s expected values. Metrics are generated to represent the upper band of normal metric behavior as well as the lower band using a default value of two standard deviations. 

To create an AWS CloudWatch Alarm based on anomaly detection, use AWS Command Line Interface (AWS CLI):

  • Create a JSON file to set your CloudWatch alarm 
  • Save the JSON file as anomaly-alarm.json
  • Run: $ aws cloudwatch put-metric-alarm –cli-input-json file://anomaly-alarm.json to create an alarm that uses the anomaly detection band you specified in the file. 

When you finish creating the alarm, the model is generated. Note that the band you initially see in the graph is an approximation; it could take up to 15 minutes for the detection band generated by the model to emerge in the graph.

Create CloudWatch Alarms using an AWS CloudFormation Template to monitor log file events

CloudWatch metric filters and alarms set to monitor the events in log files can be created after you configure your trail to deliver log files to your CloudWatch log group. Filters and alarms can be created separately or defined all at once using the AWS CloudFormation template

CloudFormation templates can be used as-is or as references when creating your own template. The template has predefined CloudWatch metric filters and alarms. You will receive email notifications when specific security-related API calls are made in your account. 

Amazon EC2 instances, IAM policies, internet gateways, network ACLs, and security groups are the resource types that have defined metric filters that monitor create, update, and delete operations. API calls are monitored by a metric filter, and if the call exceeds your specified threshold, an alarm is triggered and an email notification sent. 

Most of the filters in the template trigger an alarm by default if a monitored event happens within five minutes, but you can modify the thresholds to meet your requirements. To make changes, you would specify the thresholds using the CloudWatch Console.

By integrating CloudWatch Alarms with OpsCenter to create OpsItems automatically, you’ll realize greater speed in issue resolution.

From cloud consulting to managed services and beyond, contact the CloudHesive team today to learn how we can help you build a robust cloud strategy that increases operational efficiencies.