Événements d'alerte et EventBridge
CloudWatch envoie des événements à Amazon EventBridge chaque fois qu'une alerte CloudWatch est créée, mise à jour, supprimée ou change d'état d'alerte. Vous pouvez utiliser EventBridge et ces événements pour écrire des règles d'action, par exemple vous avertir, lorsqu'une alerte change d'état. Pour plus d'informations, consultez Qu'est-ce qu'Amazon EventBridge ?
CloudWatch garantit la livraison des événements de changement d'état d'alerte à EventBridge.
Événements de modification d’état d’alarme
Cette section présente des exemples d’événements envoyés à EventBridge lorsqu’un changement d’état d’alarme se produit. Sélectionnez un onglet pour afficher les différents types d’événements de modification d’état d’alarme.
- Single Metric Alarm
-
Événements générés lorsqu’une alarme à métrique unique change d’état. Ces événements comprennent les champs
stateetpreviousStatecontenant les résultats de l’évaluation de l’alarme.{ "version": "0", "id": "c4c1c1c9-6542-e61b-6ef0-8c4d36933a92", "detail-type": "CloudWatch Alarm State Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2019-10-02T17:04:40Z", "region": "us-east-1", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServerCpuTooHigh" ], "detail": { "alarmName": "ServerCpuTooHigh", "configuration": { "description": "Goes into alarm when server CPU utilization is too high!", "metrics": [ { "id": "30b6c6b2-a864-43a2-4877-c09a1afc3b87", "metricStat": { "metric": { "dimensions": { "InstanceId": "i-12345678901234567" }, "name": "CPUUtilization", "namespace": "AWS/EC2" }, "period": 300, "stat": "Average" }, "returnData": true } ] }, "previousState": { "reason": "Threshold Crossed: 1 out of the last 1 datapoints [0.0666851903306472 (01/10/19 13:46:00)] was not greater than the threshold (50.0) (minimum 1 datapoint for ALARM -> OK transition).", "reasonData": "{\"version\":\"1.0\",\"queryDate\":\"2019-10-01T13:56:40.985+0000\",\"startDate\":\"2019-10-01T13:46:00.000+0000\",\"statistic\":\"Average\",\"period\":300,\"recentDatapoints\":[0.0666851903306472],\"threshold\":50.0}", "timestamp": "2019-10-01T13:56:40.987+0000", "value": "OK" }, "state": { "reason": "Threshold Crossed: 1 out of the last 1 datapoints [99.50160229693434 (02/10/19 16:59:00)] was greater than the threshold (50.0) (minimum 1 datapoint for OK -> ALARM transition).", "reasonData": "{\"version\":\"1.0\",\"queryDate\":\"2019-10-02T17:04:40.985+0000\",\"startDate\":\"2019-10-02T16:59:00.000+0000\",\"statistic\":\"Average\",\"period\":300,\"recentDatapoints\":[99.50160229693434],\"threshold\":50.0}", "timestamp": "2019-10-02T17:04:40.989+0000", "value": "ALARM" } } } - Metric Math Alarm
-
Événements générés lorsqu’une alarme basée sur une expression mathématique de métriques change d’état. Ces événements comprennent les détails de l’expression mathématique dans le champ
configuration.{ "version": "0", "id": "2dde0eb1-528b-d2d5-9ca6-6d590caf2329", "detail-type": "CloudWatch Alarm State Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2019-10-02T17:20:48Z", "region": "us-east-1", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:TotalNetworkTrafficTooHigh" ], "detail": { "alarmName": "TotalNetworkTrafficTooHigh", "configuration": { "description": "Goes into alarm if total network traffic exceeds 10Kb", "metrics": [ { "expression": "SUM(METRICS())", "id": "e1", "label": "Total Network Traffic", "returnData": true }, { "id": "m1", "metricStat": { "metric": { "dimensions": { "InstanceId": "i-12345678901234567" }, "name": "NetworkIn", "namespace": "AWS/EC2" }, "period": 300, "stat": "Maximum" }, "returnData": false }, { "id": "m2", "metricStat": { "metric": { "dimensions": { "InstanceId": "i-12345678901234567" }, "name": "NetworkOut", "namespace": "AWS/EC2" }, "period": 300, "stat": "Maximum" }, "returnData": false } ] }, "previousState": { "reason": "Unchecked: Initial alarm creation", "timestamp": "2019-10-02T17:20:03.642+0000", "value": "INSUFFICIENT_DATA" }, "state": { "reason": "Threshold Crossed: 1 out of the last 1 datapoints [45628.0 (02/10/19 17:10:00)] was greater than the threshold (10000.0) (minimum 1 datapoint for OK -> ALARM transition).", "reasonData": "{\"version\":\"1.0\",\"queryDate\":\"2019-10-02T17:20:48.551+0000\",\"startDate\":\"2019-10-02T17:10:00.000+0000\",\"period\":300,\"recentDatapoints\":[45628.0],\"threshold\":10000.0}", "timestamp": "2019-10-02T17:20:48.554+0000", "value": "ALARM" } } } - Outlier Detection Alarm
-
Événements générés lorsqu’une alarme de détection de valeurs aberrantes change d’état. Ces événements comprennent les limites supérieure et inférieure du seuil dans le champ
reasonData.{ "version": "0", "id": "daafc9f1-bddd-c6c9-83af-74971fcfc4ef", "detail-type": "CloudWatch Alarm State Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2019-10-03T16:00:04Z", "region": "us-east-1", "resources": ["arn:aws:cloudwatch:us-east-1:123456789012:alarm:EC2 CPU Utilization Anomaly"], "detail": { "alarmName": "EC2 CPU Utilization Anomaly", "state": { "value": "ALARM", "reason": "Thresholds Crossed: 1 out of the last 1 datapoints [0.0 (03/10/19 15:58:00)] was less than the lower thresholds [0.020599444741798756] or greater than the upper thresholds [0.3006915352732461] (minimum 1 datapoint for OK -> ALARM transition).", "reasonData": "{\"version\":\"1.0\",\"queryDate\":\"2019-10-03T16:00:04.650+0000\",\"startDate\":\"2019-10-03T15:58:00.000+0000\",\"period\":60,\"recentDatapoints\":[0.0],\"recentLowerThresholds\":[0.020599444741798756],\"recentUpperThresholds\":[0.3006915352732461]}", "timestamp": "2019-10-03T16:00:04.653+0000" }, "previousState": { "value": "OK", "reason": "Thresholds Crossed: 1 out of the last 1 datapoints [0.166666666664241 (03/10/19 15:57:00)] was not less than the lower thresholds [0.0206719426210418] or not greater than the upper thresholds [0.30076870222143803] (minimum 1 datapoint for ALARM -> OK transition).", "reasonData": "{\"version\":\"1.0\",\"queryDate\":\"2019-10-03T15:59:04.670+0000\",\"startDate\":\"2019-10-03T15:57:00.000+0000\",\"period\":60,\"recentDatapoints\":[0.166666666664241],\"recentLowerThresholds\":[0.0206719426210418],\"recentUpperThresholds\":[0.30076870222143803]}", "timestamp": "2019-10-03T15:59:04.672+0000" }, "configuration": { "description": "Goes into alarm if CPU Utilization is out of band", "metrics": [{ "id": "m1", "metricStat": { "metric": { "namespace": "AWS/EC2", "name": "CPUUtilization", "dimensions": { "InstanceId": "i-12345678901234567" } }, "period": 60, "stat": "Average" }, "returnData": true }, { "id": "ad1", "expression": "ANOMALY_DETECTION_BAND(m1, 0.8)", "label": "CPUUtilization (expected)", "returnData": true }] } } } - Composite Alarm
-
Événements générés lorsqu’une alarme composite change d’état. Ces événements comprennent les informations de suppression dans les champs
actionsSuppressedByetactionsSuppressedReason.{ "version": "0", "id": "d3dfc86d-384d-24c8-0345-9f7986db0b80", "detail-type": "CloudWatch Alarm State Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2022-07-22T15:57:45Z", "region": "us-east-1", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServiceAggregatedAlarm" ], "detail": { "alarmName": "ServiceAggregatedAlarm", "state": { "actionsSuppressedBy": "WaitPeriod", "actionsSuppressedReason": "Actions suppressed by WaitPeriod", "value": "ALARM", "reason": "arn:aws:cloudwatch:us-east-1:123456789012:alarm:SuppressionDemo.EventBridge.FirstChild transitioned to ALARM at Friday 22 July, 2022 15:57:45 UTC", "reasonData": "{\"triggeringAlarms\":[{\"arn\":\"arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServerCpuTooHigh\",\"state\":{\"value\":\"ALARM\",\"timestamp\":\"2022-07-22T15:57:45.394+0000\"}}]}", "timestamp": "2022-07-22T15:57:45.394+0000" }, "previousState": { "value": "OK", "reason": "arn:aws:cloudwatch:us-east-1:123456789012:alarm:SuppressionDemo.EventBridge.Main was created and its alarm rule evaluates to OK", "reasonData": "{\"triggeringAlarms\":[{\"arn\":\"arn:aws:cloudwatch:us-east-1:123456789012:alarm:TotalNetworkTrafficTooHigh\",\"state\":{\"value\":\"OK\",\"timestamp\":\"2022-07-14T16:28:57.770+0000\"}},{\"arn\":\"arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServerCpuTooHigh\",\"state\":{\"value\":\"OK\",\"timestamp\":\"2022-07-14T16:28:54.191+0000\"}}]}", "timestamp": "2022-07-22T15:56:14.552+0000" }, "configuration": { "alarmRule": "ALARM(ServerCpuTooHigh) OR ALARM(TotalNetworkTrafficTooHigh)", "actionsSuppressor": "ServiceMaintenanceAlarm", "actionsSuppressorWaitPeriod": 120, "actionsSuppressorExtensionPeriod": 180 } } }
Événements de modification de configuration d’alarme
Cette section présente des exemples d’événements envoyés à EventBridge lorsqu’une modification de configuration d’alarme se produit. Les modifications de configuration incluent la création, la mise à jour ou la suppression d’alarmes.
- Creation Events
-
Événements générés lors de la création de nouvelles alarmes. Ces événements incluent la configuration initiale de l’alarme dans le champ
configuration, avec la valeuroperationdéfinie sur « create ».Exemple d’alarme composite
{ "version": "0", "id": "91535fdd-1e9c-849d-624b-9a9f2b1d09d0", "detail-type": "CloudWatch Alarm Configuration Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2022-03-03T17:06:22Z", "region": "us-east-1", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServiceAggregatedAlarm" ], "detail": { "alarmName": "ServiceAggregatedAlarm", "operation": "create", "state": { "value": "INSUFFICIENT_DATA", "timestamp": "2022-03-03T17:06:22.289+0000" }, "configuration": { "alarmRule": "ALARM(ServerCpuTooHigh) OR ALARM(TotalNetworkTrafficTooHigh)", "alarmName": "ServiceAggregatedAlarm", "description": "Aggregated monitor for instance", "actionsEnabled": true, "timestamp": "2022-03-03T17:06:22.289+0000", "okActions": [], "alarmActions": [], "insufficientDataActions": [] } } }Exemple d’alarme composite avec suppresseur
{ "version": "0", "id": "454773e1-09f7-945b-aa2c-590af1c3f8e0", "detail-type": "CloudWatch Alarm Configuration Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2022-07-14T13:59:46Z", "region": "us-east-1", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServiceAggregatedAlarm" ], "detail": { "alarmName": "ServiceAggregatedAlarm", "operation": "create", "state": { "value": "INSUFFICIENT_DATA", "timestamp": "2022-07-14T13:59:46.425+0000" }, "configuration": { "alarmRule": "ALARM(ServerCpuTooHigh) OR ALARM(TotalNetworkTrafficTooHigh)", "actionsSuppressor": "ServiceMaintenanceAlarm", "actionsSuppressorWaitPeriod": 120, "actionsSuppressorExtensionPeriod": 180, "alarmName": "ServiceAggregatedAlarm", "actionsEnabled": true, "timestamp": "2022-07-14T13:59:46.425+0000", "okActions": [], "alarmActions": [], "insufficientDataActions": [] } } } - Update Events
-
Événements générés lorsque les alarmes existantes sont modifiées. Ces événements contiennent les deux champs
configurationetpreviousConfigurationpour indiquer les éléments qui ont été modifiés.Exemple d’alarme métrique
{ "version": "0", "id": "bc7d3391-47f8-ae47-f457-1b4d06118d50", "detail-type": "CloudWatch Alarm Configuration Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2022-03-03T17:06:34Z", "region": "us-east-1", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServerCpuTooHigh" ], "detail": { "alarmName": "ServerCpuTooHigh", "operation": "update", "state": { "value": "INSUFFICIENT_DATA", "timestamp": "2022-03-03T17:06:13.757+0000" }, "configuration": { "evaluationPeriods": 1, "threshold": 80, "comparisonOperator": "GreaterThanThreshold", "treatMissingData": "ignore", "metrics": [ { "id": "86bfa85f-b14c-ebf7-8916-7da014ce23c0", "metricStat": { "metric": { "namespace": "AWS/EC2", "name": "CPUUtilization", "dimensions": { "InstanceId": "i-12345678901234567" } }, "period": 300, "stat": "Average" }, "returnData": true } ], "alarmName": "ServerCpuTooHigh", "description": "Goes into alarm when server CPU utilization is too high!", "actionsEnabled": true, "timestamp": "2022-03-03T17:06:34.267+0000", "okActions": [], "alarmActions": [], "insufficientDataActions": [] }, "previousConfiguration": { "evaluationPeriods": 1, "threshold": 70, "comparisonOperator": "GreaterThanThreshold", "treatMissingData": "ignore", "metrics": [ { "id": "d6bfa85f-893e-b052-a58b-4f9295c9111a", "metricStat": { "metric": { "namespace": "AWS/EC2", "name": "CPUUtilization", "dimensions": { "InstanceId": "i-12345678901234567" } }, "period": 300, "stat": "Average" }, "returnData": true } ], "alarmName": "ServerCpuTooHigh", "description": "Goes into alarm when server CPU utilization is too high!", "actionsEnabled": true, "timestamp": "2022-03-03T17:06:13.757+0000", "okActions": [], "alarmActions": [], "insufficientDataActions": [] } } }Exemple d’alarme métrique avec suppresseur
{ "version": "0", "id": "4c6f4177-6bd5-c0ca-9f05-b4151c54568b", "detail-type": "CloudWatch Alarm Configuration Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2022-07-14T13:59:56Z", "region": "us-east-1", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServiceAggregatedAlarm" ], "detail": { "alarmName": "ServiceAggregatedAlarm", "operation": "update", "state": { "actionsSuppressedBy": "WaitPeriod", "value": "ALARM", "timestamp": "2022-07-14T13:59:46.425+0000" }, "configuration": { "alarmRule": "ALARM(ServerCpuTooHigh) OR ALARM(TotalNetworkTrafficTooHigh)", "actionsSuppressor": "ServiceMaintenanceAlarm", "actionsSuppressorWaitPeriod": 120, "actionsSuppressorExtensionPeriod": 360, "alarmName": "ServiceAggregatedAlarm", "actionsEnabled": true, "timestamp": "2022-07-14T13:59:56.290+0000", "okActions": [], "alarmActions": [], Remove "insufficientDataActions": [] }, "previousConfiguration": { "alarmRule": "ALARM(ServerCpuTooHigh) OR ALARM(TotalNetworkTrafficTooHigh)", "actionsSuppressor": "ServiceMaintenanceAlarm", "actionsSuppressorWaitPeriod": 120, "actionsSuppressorExtensionPeriod": 180, "alarmName": "ServiceAggregatedAlarm", "actionsEnabled": true, "timestamp": "2022-07-14T13:59:46.425+0000", "okActions": [], "alarmActions": [], "insufficientDataActions": [] } } } - Deletion Events
-
Événements générés lorsque les alarmes sont supprimées. Ces événements incluent la configuration finale de l’alarme et définissent
operationsur « delete ».Exemple d’alarme d’expression mathématique de métriques
{ "version": "0", "id": "f171d220-9e1c-c252-5042-2677347a83ed", "detail-type": "CloudWatch Alarm Configuration Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2022-03-03T17:07:13Z", "region": "us-east-*", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:TotalNetworkTrafficTooHigh" ], "detail": { "alarmName": "TotalNetworkTrafficTooHigh", "operation": "delete", "state": { "value": "INSUFFICIENT_DATA", "timestamp": "2022-03-03T17:06:17.672+0000" }, "configuration": { "evaluationPeriods": 1, "threshold": 10000, "comparisonOperator": "GreaterThanThreshold", "treatMissingData": "ignore", "metrics": [{ "id": "m1", "metricStat": { "metric": { "namespace": "AWS/EC2", "name": "NetworkIn", "dimensions": { "InstanceId": "i-12345678901234567" } }, "period": 300, "stat": "Maximum" }, "returnData": false }, { "id": "m2", "metricStat": { "metric": { "namespace": "AWS/EC2", "name": "NetworkOut", "dimensions": { "InstanceId": "i-12345678901234567" } }, "period": 300, "stat": "Maximum" }, "returnData": false }, { "id": "e1", "expression": "SUM(METRICS())", "label": "Total Network Traffic", "returnData": true } ], "alarmName": "TotalNetworkTrafficTooHigh", "description": "Goes into alarm if total network traffic exceeds 10Kb", "actionsEnabled": true, "timestamp": "2022-03-03T17:06:17.672+0000", "okActions": [], "alarmActions": [], "insufficientDataActions": [] } } }Exemple d’alarme d’expression mathématique de métriques avec suppresseur
{ "version": "0", "id": "e34592a1-46c0-b316-f614-1b17a87be9dc", "detail-type": "CloudWatch Alarm Configuration Change", "source": "aws.cloudwatch", "account": "123456789012", "time": "2022-07-14T14:00:01Z", "region": "us-east-*", "resources": [ "arn:aws:cloudwatch:us-east-1:123456789012:alarm:ServiceAggregatedAlarm" ], "detail": { "alarmName": "ServiceAggregatedAlarm", "operation": "delete", "state": { "actionsSuppressedBy": "WaitPeriod", "value": "ALARM", "timestamp": "2022-07-14T13:59:46.425+0000" }, "configuration": { "alarmRule": "ALARM(ServerCpuTooHigh) OR ALARM(TotalNetworkTrafficTooHigh)", "actionsSuppressor": "ServiceMaintenanceAlarm", "actionsSuppressorWaitPeriod": 120, "actionsSuppressorExtensionPeriod": 360, "alarmName": "ServiceAggregatedAlarm", "actionsEnabled": true, "timestamp": "2022-07-14T13:59:56.290+0000", "okActions": [], "alarmActions": [], "insufficientDataActions": [] } } }
Lancement d’une enquête CloudWatch à partir d’une alarme
Gérer les alarmes