Guided Walkthroughs
Step-by-step configuration wizards for your environment
Dedicated Security Account
AWS Backup Strategy
VPC Connectivity Setup
Automated Patching
All Guides
CloudFormation guard rules template for CloudWatch Alarm resources
The following rules are included:
let cloudwatch_metricalarms = Resources.*[
Type == "AWS::CloudWatch::Alarm"
]
let cloudwatch_compositealarms = Resources.*[
Type == "AWS::CloudWatch::CompositeAlarm"
]
rule cloudwatch_alarm_action_enabled when %cloudwatch_metricalarms !empty OR %cloudwatch_compositealarms !empty {
when %cloudwatch_metricalarms !empty {
%cloudwatch_metricalarms {
Properties {
ActionsEnabled !exists OR
ActionsEnabled exists
when ActionsEnabled exists {
ActionsEnabled == true <<Alarm Actions are disabled.>>
when ActionsEnabled == true {
AlarmActions exists OR
InsufficientDataActions exists OR
OKActions exists <<Alarm actions are enabled but no configured actions found.>>
}
}
}
}
}
when %cloudwatch_compositealarms !empty {
%cloudwatch_compositealarms {
Properties {
ActionsEnabled !exists OR
ActionsEnabled exists
when ActionsEnabled exists {
ActionsEnabled == true <<Alarm Actions are disabled.>>
when ActionsEnabled == true {
AlarmActions exists OR
InsufficientDataActions exists OR
OKActions exists <<Alarm actions are enabled but no configured actions found.>>
}
}
}
}
}
}