A Terraform module for creating a set of standard CloudWatch alarms for EC2 instances.
module "example" {
source = "github.com/cisagov/instance-cw-alarms-tf-module"
alarm_actions = ["arn:aws:sns:us-east-1:111122223333:my-topic"]
instance_ids = ["id-0123456789abcdef0", "id-0123456789abcdef1"]
insufficient_data_actions = ["arn:aws:sns:us-east-1:111122223333:my-topic"]
ok_actions = ["arn:aws:sns:us-east-1:111122223333:my-topic"]
}
Name | Version |
---|---|
terraform | ~> 1.0 |
aws | ~> 4.9 |
Name | Version |
---|---|
aws | ~> 4.9 |
No modules.
Name | Description | Type | Default | Required |
---|---|---|---|---|
alarm_actions | A list of AWS ARNs corresponding to actions to be taken when a CloudWatch alarm transitions to the ALARM state from any other state (e.g. [arn:aws:sns:us-east-1:111122223333:my-topic]). | list(string) |
[] |
no |
cpu_utilization_alarm_parameters | An object containing the parameters for the CPU utilization alarm (e.g. {create_alarm = true, datapoints_to_alarm = 6, evaluation_periods = 6, period = 300, statistic = "Maximum", threshold = 90.0}). See here for an explanation of the parameters. The default is to alarm after 30 straight minutes of over 90% CPU utilization. | object({ create_alarm = bool, datapoints_to_alarm = number, evaluation_periods = number, period = number, statistic = string, threshold = number }) |
{ "create_alarm": true, "datapoints_to_alarm": 6, "evaluation_periods": 6, "period": 300, "statistic": "Maximum", "threshold": 90 } |
no |
create_cloudwatch_agent_alarms | A Boolean value indicating whether or not to create alarms based on CloudWatch metrics written by the CloudWatch Agent. You will generally want this variable to be set to true; it should only be set to false for instances which are not running the CloudWatch Agent. | bool |
true |
no |
disk_utilization_alarm_parameters | An object containing the parameters for the disk utilization alarm (e.g. {create_alarm = true, datapoints_to_alarm = 1, evaluation_periods = 1, period = 60, statistic = "Maximum", threshold = 90.0}). See here for an explanation of the parameters. The default is to alarm for greater than 90% disk utilization. | object({ create_alarm = bool, datapoints_to_alarm = number, evaluation_periods = number, period = number, statistic = string, threshold = number }) |
{ "create_alarm": true, "datapoints_to_alarm": 1, "evaluation_periods": 1, "period": 300, "statistic": "Maximum", "threshold": 90 } |
no |
instance_ids | A list of AWS EC2 instance IDs that are to be monitored (e.g. [id-0123456789abcdef0, id-0123456789abcdef1]). | list(string) |
n/a | yes |
insufficient_data_actions | A list of AWS ARNs corresponding to actions to be taken when a CloudWatch alarm transitions to the INSUFFICIENT_DATA state from any other state (e.g. [arn:aws:sns:us-east-1:111122223333:my-topic]). | list(string) |
[] |
no |
memory_utilization_alarm_parameters | An object containing the parameters for the memory utilization alarm (e.g. {create_alarm = true, datapoints_to_alarm = 6, evaluation_periods = 6, period = 300, statistic = "Maximum", threshold = 90.0}). See here for an explanation of the parameters. The default is to alarm after 30 straight minutes of over 90% memory utilization. | object({ create_alarm = bool, datapoints_to_alarm = number, evaluation_periods = number, period = number, statistic = string, threshold = number }) |
{ "create_alarm": true, "datapoints_to_alarm": 6, "evaluation_periods": 6, "period": 300, "statistic": "Maximum", "threshold": 90 } |
no |
ok_actions | A list of AWS ARNs corresponding to actions to be taken when a CloudWatch alarm transitions to the OK state from any other state (e.g. [arn:aws:sns:us-east-1:111122223333:my-topic]). | list(string) |
[] |
no |
Name | Description |
---|---|
conntrack_allowance_exceeded | CloudWatch alarms that trigger when the connection tracking allowance is exceeded. |
cpu_utilization | CloudWatch alarms that monitor EC2 CPU utilization. |
disk_utilization | CloudWatch alarms that monitor EC2 disk utilization. |
imdsv1_request | CloudWatch alarms that trigger on EC2 IMDSv1 requests. |
inbound_bandwidth_allowance_exceeded | CloudWatch alarms that trigger when the inbound bandwidth allowance is exceeded. |
instance_status_check | CloudWatch alarms that monitor EC2 instance status checks. |
linklocal_allowance_exceeded | CloudWatch alarms that trigger when the linklocal packets-per-second allowance is exceeded. This allowance impacts traffic to the DNS service, the Instance Metadata Service, and the Amazon Time Sync Service. |
memory_utilization | CloudWatch alarms that monitor EC2 memory utilization. |
outbound_bandwidth_allowance_exceeded | CloudWatch alarms that trigger when the outbound bandwidth allowance is exceeded. |
pps_allowance_exceeded | CloudWatch alarms that trigger when the overall packets-per-second allowance is exceeded. |
system_status_check | CloudWatch alarms that monitor EC2 system status checks. |
Running pre-commit
requires running terraform init
in every directory that
contains Terraform code. In this repository, these are the main directory and
every directory under examples/
.
We welcome contributions! Please see CONTRIBUTING.md
for
details.
This project is in the worldwide public domain.
This project is in the public domain within the United States, and copyright and related rights in the work worldwide are waived through the CC0 1.0 Universal public domain dedication.
All contributions to this project will be released under the CC0 dedication. By submitting a pull request, you are agreeing to comply with this waiver of copyright interest.