Risk Level: High (not acceptable risk)
Ensure that all your Amazon CloudWatch alarms have active actions (ActionEnabled: true).
Security
Reliability
Cost
optimisation
optimisation
Performance
efficiency
efficiency
Operational
excellence
excellence
Automated alarm actions will promptly notify you whenever a monitored metric exceeds the set threshold. If the alarm action is disabled, no procedures will be initiated upon alarm state changes, thus missing notifications about fluctuations in monitored metrics. We strongly recommend enabling Amazon CloudWatch alarm actions to quickly address both security and operational concerns.
Audit
To determine if Amazon CloudWatch alarms have active actions (ActionEnabled: true), perform the following operations:
Remediation / Resolution
To ensure that all your Amazon CloudWatch alarms have active actions (i.e. ActionEnabled: true), perform the following operations:
References
- AWS Documentation
- Amazon CloudWatch concepts
- Using Amazon CloudWatch alarms
- AWS Command Line Interface (CLI) Documentation
- describe-alarms
- enable-alarm-actions
Publication date Sep 1, 2023