Recently I developed a new feature for this Github Action to automate the creation of AWS Cloudwatch alarms.
Next steps I will show you the settings you need to add to your project to automate creation of CloudWatch alarms.
Prerequisites
1- Your project should use the github actions
2- Your user must have permissions to create an OpenID Connect IDP, policies, and roles in your AWS account.
3- AWS CLI installed on your computer to make it easier to create IAM policies, roles, and a new IDP to connect to the GitHub account.
More informations about other features and prerequisites is available at Automate Dashboards Quick Start
Quick Start
Before starting, add the code snipet to your Github Actions file:
#... before code
# *** ADD THE CODE SNIPET BELOW ***
jobs:
AssumeRoleAndCallIdentity:
runs-on: ubuntu-latest
steps:
# Add this step to authenticate on the AWS account
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v1.7.0
with:
role-to-assume: arn:aws:iam::AWS_ACCOUNT_ID:role/to_enable_creating_dashbaords
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ env.AWS_REGION }}
# Add this step to load the github action
- name: create dash
env:
ACTION_NAME: ${{ secrets.ACTION_NAME }} # Create a new environment in your repository with the SNS ARN value
uses: "JonasBarros1998/automate-dashboards@latest"
#... after code
The full Github workflow file should look similar to this:
# File location: .github/workflows/action.yml
name: Connect to an AWS role from a GitHub repository and install the action to create dashbaord in the CloudWatch
# Execute the action when the user opens a new issue
on:
issues:
types: [opened]
# Change the region to your current region
env:
AWS_REGION: "us-east-1"
permissions:
id-token: write
contents: read
# *** ADD THE CODE SNIPPET BELOW ***
jobs:
AssumeRoleAndCallIdentity:
runs-on: ubuntu-latest
steps:
# Add this step to authenticate with AWS account
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v1.7.0
with:
role-to-assume: arn:aws:iam::AWS_ACCOUNT_ID:role/to_enable_creating_dashbaords
role-session-name: GitHub_to_AWS_via_FederatedOIDC
aws-region: ${{ env.AWS_REGION }}
# Add this step to load the Github Action
- name: create dash
env:
ACTION_NAME: ${{ secrets.ACTION_NAME }} # Create a new environment in your repository with the SNS ARN value
uses: "JonasBarros1998/automate-dashboards@latest"
${{ secrets.ACTION_NAME }}: Add a new repository secret to your Github repository with your SNS ARN value. Create an SNS topic to send notifications to you when an alarm status is triggered.
**If your project is public, we highly recommend creating a Github repository secret to safely store the ARN value of your SNS topic.
How to execute the action to create alarms in AWS CloudWatch alarms
To automate AWS CloudWatch Alarms, you need to open a new issue with the title Create Dashboard. In body of the issue, add the JSON configuration specifyng the settings for your new alarms.
For example, you can send this json if you want to create a new alarm for an AWS Lambda.
{
"title": "dashboard-services",
"region": "us-east-1",
"services": [
{
"enable": false,
"serviceName": "change-data-capture",
"serviceType": "Lambda",
"alarms": [
{
"metric": "Duration",
"period": 600,
"statistic": "Average",
"condition": "GreaterThanOrEqualToThreshold",
"threshold": 1
},
{
"metric": "Invocations",
"period": 600,
"statistic": "Sum",
"condition": "LessThanOrEqualToThreshold",
"threshold": 1
},
{
"metric": "Errors",
"period": 600,
"statistic": "Sum",
"condition": "GreaterThanThreshold",
"threshold": 1
}
]
}
]
}
If you wish to add 2 or more services, use the JSON format below:
{
"title": "dashboard-services",
"region": "us-east-1",
"services": [
{
"enable": false,
"serviceName": "change-data-capture",
"serviceType": "Lambda",
"alarms": [
{
"metric": "Duration",
"period": 600,
"statistic": "Average",
"condition": "GreaterThanOrEqualToThreshold",
"threshold": 1
},
{
"metric": "Invocations",
"period": 600,
"statistic": "Sum",
"condition": "LessThanOrEqualToThreshold",
"threshold": 1
},
{
"metric": "Errors",
"period": 600,
"statistic": "Sum",
"condition": "GreaterThanThreshold",
"threshold": 1
}
]
},
{
"enable": true,
"serviceName": "dashboard",
"serviceType": "Dynamodb",
"alarms": [
{
"metric": "ConsumedReadCapacityUnits",
"period": 600,
"statistic": "Sum",
"condition": "GreaterThanThreshold",
"threshold": 1
},
{
"metric": "ConsumedWriteCapacityUnits",
"period": 600,
"statistic": "Sum",
"condition": "GreaterThanThreshold",
"threshold": 1
}
]
},
{
"enable": false,
"serviceName": "my-topic-dashboards",
"serviceType": "SNS",
"alarms": [
{
"metric": "NumberOfNotificationsFailed",
"period": 600,
"statistic": "Sum",
"condition": "GreaterThanThreshold",
"threshold": 1
},
{
"metric": "NumberOfMessagesPublished",
"period": 600,
"statistic": "Sum",
"condition": "GreaterThanThreshold",
"threshold": 1
}
]
}
]
}
Yout opened issue should should look similar to this example
More informations about the JSON attributes
enable:
description: If set `true`, it enables the creation of a new CloudWatch dashboard, but if to set `false`, the action will create a new CloudWatch alarm instead.
type: boolean
accept values: true or false
metric:
description: The metric name for the CloudWatch alarm
type: String
accept values: NumberOfObjects, BucketSizeBytes, NumberOfMessagesSent, NumberOfMessagesReceiver, NumberEmptyMessages, NumberOfNotificationsFailed, NumberOfMessagesPublished, Duration, Invocations, Errors, ConsumedReadCapacityUnits, ConsumedWriteCapacityUnits, CPUUtilization, StatusCheckFailed_Instance.
period:
description: To monitoring period specified in seconds
type: Integer
requiriment values: Any value greather than 0. For example 600 seconds is equivalent to 10 minutes
statistic:
description: The metric statistic
type: String
requiriment values: We currently accept the `Sum` value.
condition:
decsription: The alarm condition. If the condition is met, the alarm triggers and sends a notification to the specified SNS topic.
type: String
requiriment values: "GreaterThanThreshold", "LessThanOrEqualToThreshold", "GreaterThanOrEqualToThreshold", "LessThanLowerThreshold"
Once you have completed all steps, create your issue and monitor the workflow execution.
The issue format should follow the example provided below.
Example
Open a new issue if you search some problem after executed the workflow.
Currently supported AWS services for CloudWatch alarm automation:
- AWS Lambda
- AWS Dynamodb
- AWS EC2
- AWS SNS
- AWS SQS
- AWS S3
Top comments (0)