3

我在 CloudWatch 警报状态更改时触发 Cloudwatch 规则时遇到问题。这是规则的事件模式。它不会向 SNS 发送状态更改的消息。

{
  "detail-type": [
    "CloudWatch Alarm State Change"
  ],
  "resources": [
    !Sub "arn:aws:cloudwatch:${AWS:Region}:${AWS:AccountId}:alarm:Admin dead"
  ],
  "source": [
    "aws.cloudwatch"
  ],
  "detail": {
    "state": [
      "ALARM"
    ]
  }
}

警报本身正常工作并并行向 SNS 发送消息。另外,如果我将删除这部分:

"detail": {
    "state": [
      "ALARM"
    ]
  }

那么该规则适用于每个状态变化。但我只需要将其更改为“处于警报状态”(因为它显示在 UI 中)。

感谢您的任何建议

4

2 回答 2

5

调试此问题的一个好方法是删除“详细信息”部分,并使用电子邮件或 lambda 函数或类似函数订阅 SNS 主题以查看实际的警报事件内容。

看起来您的“详细信息”规则缺少“值”参数,以下规则有效:

{
    "source": [
        "aws.cloudwatch"
    ],
    "detail-type": [
        "CloudWatch Alarm State Change"
    ],
    "detail": {
        "state": {
            "value": [
                "ALARM"
            ]
        }
    }
}

据此,示例事件如下所示

{
  "version": "0",
  "id": "2dde0eb1-528b-d2d5-9ca6-6d590caf2329",
  "detail-type": "CloudWatch Alarm State Change",
  "source": "aws.cloudwatch",
  "account": "123456789012",
  "time": "2019-10-02T17:20:48Z",
  "region": "us-east-1",
  "resources": [
    "arn:aws:cloudwatch:us-east-1:123456789012:alarm:TotalNetworkTrafficTooHigh"
  ],
  "detail": {
    "alarmName": "TotalNetworkTrafficTooHigh",
    "configuration": {
      "description": "Goes into alarm if total network traffic exceeds 10Kb",
      "metrics": [...]
    },
    "previousState": {
      "reason": "Unchecked: Initial alarm creation",
      "timestamp": "2019-10-02T17:20:03.642+0000",
      "value": "INSUFFICIENT_DATA"
    },
    "state": {
      "reason": "Threshold Crossed: 1 out of the last 1 datapoints [45628.0 (02/10/19 17:10:00)] was greater than the threshold (10000.0) (minimum 1 datapoint for OK -> ALARM transition).",
      "reasonData": "{\"version\":\"1.0\",\"queryDate\":\"2019-10-02T17:20:48.551+0000\",\"startDate\":\"2019-10-02T17:10:00.000+0000\",\"period\":300,\"recentDatapoints\":[45628.0],\"threshold\":10000.0}",
      "timestamp": "2019-10-02T17:20:48.554+0000",
      "value": "ALARM"
    }
  }
}
于 2020-02-26T12:48:44.220 回答
2

下面的技巧对我有用。我想通过云监视规则获取所有处于警报状态的警报。

{
    "source": [
        "aws.cloudwatch"
    ],
    "detail-type": [
        "CloudWatch Alarm State Change"
    ],
    "detail": {
        "state": {
            "value": [
                "ALARM"
            ]
        }
    }
}
于 2020-09-14T08:42:54.797 回答