A Terraform module for creating a set of standard CloudWatch alarms for EC2 instances.
module "example" {
source = "github.com/cisagov/instance-cw-alarms-tf-module?ref=v2.0.0"
alarm_actions = ["arn:aws:sns:us-east-1:111122223333:my-topic"]
instance_id = "id-0123456789abcdef0"
insufficient_data_actions = ["arn:aws:sns:us-east-1:111122223333:my-topic"]
ok_actions = ["arn:aws:sns:us-east-1:111122223333:my-topic"]
}| Name | Version |
|---|---|
| terraform | >= 1.1 |
| aws | >= 4.9 |
| Name | Version |
|---|---|
| aws | >= 4.9 |
No modules.
| Name | Description | Type | Default | Required |
|---|---|---|---|---|
| alarm_actions | A list of AWS ARNs corresponding to actions to be taken when a CloudWatch alarm transitions to the ALARM state from any other state (e.g. [arn:aws:sns:us-east-1:111122223333:my-topic]). | list(string) |
[] |
no |
| cpu_utilization_alarm_parameters | An object containing the parameters for the CPU utilization alarm (e.g. {create_alarm = true, datapoints_to_alarm = 6, evaluation_periods = 6, period = 300, statistic = "Maximum", threshold = 90.0}). See the Amazon CloudWatch documentation for an explanation of the parameters. The default is to alarm after 30 straight minutes of over 90% CPU utilization. | object({ create_alarm = bool, datapoints_to_alarm = number, evaluation_periods = number, period = number, statistic = string, threshold = number }) |
{ "create_alarm": true, "datapoints_to_alarm": 6, "evaluation_periods": 6, "period": 300, "statistic": "Maximum", "threshold": 90 } |
no |
| create_cloudwatch_agent_alarms | A Boolean value indicating whether or not to create alarms based on CloudWatch metrics written by the CloudWatch Agent. You will generally want this variable to be set to true; it should only be set to false for instances which are not running the CloudWatch Agent. | bool |
true |
no |
| disk_utilization_alarm_parameters | An object containing the parameters for the disk utilization alarm (e.g. {create_alarm = true, datapoints_to_alarm = 1, evaluation_periods = 1, period = 60, statistic = "Maximum", threshold = 90.0}). See the Amazon CloudWatch documentation for an explanation of the parameters. The default is to alarm for greater than 90% disk utilization. | object({ create_alarm = bool, datapoints_to_alarm = number, evaluation_periods = number, period = number, statistic = string, threshold = number }) |
{ "create_alarm": true, "datapoints_to_alarm": 1, "evaluation_periods": 1, "period": 300, "statistic": "Maximum", "threshold": 90 } |
no |
| instance_id | The ID of the AWS EC2 instance that is to be monitored (e.g. id-0123456789abcdef0). | string |
n/a | yes |
| insufficient_data_actions | A list of AWS ARNs corresponding to actions to be taken when a CloudWatch alarm transitions to the INSUFFICIENT_DATA state from any other state (e.g. [arn:aws:sns:us-east-1:111122223333:my-topic]). | list(string) |
[] |
no |
| memory_utilization_alarm_parameters | An object containing the parameters for the memory utilization alarm (e.g. {create_alarm = true, datapoints_to_alarm = 6, evaluation_periods = 6, period = 300, statistic = "Maximum", threshold = 90.0}). See the Amazon CloudWatch documentation for an explanation of the parameters. The default is to alarm after 30 straight minutes of over 90% memory utilization. | object({ create_alarm = bool, datapoints_to_alarm = number, evaluation_periods = number, period = number, statistic = string, threshold = number }) |
{ "create_alarm": true, "datapoints_to_alarm": 6, "evaluation_periods": 6, "period": 300, "statistic": "Maximum", "threshold": 90 } |
no |
| ok_actions | A list of AWS ARNs corresponding to actions to be taken when a CloudWatch alarm transitions to the OK state from any other state (e.g. [arn:aws:sns:us-east-1:111122223333:my-topic]). | list(string) |
[] |
no |
| Name | Description |
|---|---|
| conntrack_allowance_exceeded | A CloudWatch alarm that triggers when the connection tracking allowance is exceeded. |
| cpu_utilization | A CloudWatch alarm that monitors EC2 CPU utilization. |
| disk_utilization | A CloudWatch alarm that monitors EC2 disk utilization. |
| imdsv1_request | A CloudWatch alarm that triggers on EC2 IMDSv1 requests. |
| inbound_bandwidth_allowance_exceeded | A CloudWatch alarm that triggers when the inbound bandwidth allowance is exceeded. |
| instance_status_check | A CloudWatch alarm that monitors EC2 instance status checks. |
| linklocal_allowance_exceeded | A CloudWatch alarm that triggers when the linklocal packets-per-second allowance is exceeded. This allowance impacts traffic to the DNS service, the Instance Metadata Service, and the Amazon Time Sync Service. |
| memory_utilization | A CloudWatch alarm that monitors EC2 memory utilization. |
| outbound_bandwidth_allowance_exceeded | A CloudWatch alarm that triggers when the outbound bandwidth allowance is exceeded. |
| pps_allowance_exceeded | A CloudWatch alarm that triggers when the overall packets-per-second allowance is exceeded. |
| system_status_check | A CloudWatch alarm that monitors EC2 system status checks. |
Running pre-commit requires running terraform init in every directory that
contains Terraform code. In this repository, these are the main directory and
every directory under examples/.
We welcome contributions! Please see CONTRIBUTING.md for
details.
This project is in the worldwide public domain.
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.