Domain alarms
Amazon OpenSearch Service provides a set of recommended CloudWatch alarms to monitor the health of Amazon OpenSearch Service domains. Centralized Logging with OpenSearch helps you to create the alarms automatically, and send a notification to your email (or SMS) via Amazon SNS.
Create alarms
(Option 1) Using the Centralized Logging with OpenSearch console
- 
                  Log in to the Centralized Logging with OpenSearch console. 
- 
                  In the navigation pane, under Domains, choose OpenSearch domains. 
- 
                  Select the domain from the table. 
- 
                  Under General configuration, choose Enable at the Alarms label. 
- 
                  Enter the Email. 
- 
                  Choose the alarms that you want to create and adjust the settings if necessary. 
- 
                  Choose Create. 
(Option 2) Using the CloudFormation stack
This automated AWS CloudFormation template deploys the Centralized Logging with OpenSearch - Alarms solution in the AWS Cloud.
You can also download the template
+
| Parameter | Default | Description | 
|---|---|---|
| Endpoint | 
                               | The endpoint of the OpenSearch domain, for example,  | 
| DomainName | 
                               | The name of the OpenSearch domain. | 
|  | 
                               | The notification email address. Alarms will be sent to this email address via Amazon SNS. | 
| ClusterStatusRed | 
                               | Whether to enable alarm when at least one primary shard and its replicas are not allocated to a node. | 
| ClusterStatusYellow | 
                               | Whether to enable alarm when at least one replica shard is not allocated to a node. | 
| FreeStorageSpace | 
                               | Whether to enable alarm when a node in your cluster is down to the free storage space you entered in GiB. We recommend setting it to 25% of the storage space for each node. 0 means that the alarm is disabled. | 
| ClusterIndexWritesBlocked | 
                               | Index writes blocked error occurs for >= x times in 5 minutes, 1 consecutive time. Input 0 to disable this alarm. | 
| UnreachableNodeNumber | 
                               | Nodes minimum is < x for 1 day, 1 consecutive time. 0 means that the alarm is disabled. | 
| AutomatedSnapshotFailure | 
                               | Whether to enable alarm when an automated snapshot failed. AutomatedSnapshotFailure maximum is >= 1 for 1 minute, 1 consecutive time. | 
| CPUUtilization | 
                               | Whether to enable alarm when sustained high usage of CPU occurred. CPUUtilization or WarmCPUUtilization maximum is >= 80% for 15 minutes, 3 consecutive times. | 
| JVMMemoryPressure | 
                               | Whether to enable alarm when JVM RAM usage peak occurred. JVMMemoryPressure or WarmJVMMemoryPressure maximum is >= 80% for 5 minutes, 3 consecutive times. | 
| MasterCPUUtilization | 
                               | Whether to enable alarm when sustained high usage of CPU occurred in master nodes. MasterCPUUtilization maximum is >= 50% for 15 minutes, 3 consecutive times. | 
| MasterJVMMemoryPressure | 
                               | Whether to enable alarm when JVM RAM usage peak occurred in master nodes. MasterJVMMemoryPressure maximum is >= 80% for 15 minutes, 1 consecutive time. | 
| KMSKeyError | 
                               | Whether to enable alarm when the AWS KMS encryption key is disabled. KMSKeyError is >= 1 for 1 minute, 1 consecutive time. | 
| KMSKeyInaccessible | 
                               | Whether to enable alarm when the AWS KMS encryption key has been deleted or has revoked its grants to OpenSearch Service. KMSKeyInaccessible is >= 1 for 1 minute, 1 consecutive time. | 
- 
                  Choose Next. 
- 
                  On the Configure stack options page, choose Next. 
- 
                  On the Review and create page, review and confirm the settings. Check the box acknowledging that the template creates AWS Identity and Access Management (IAM) resources. 
- 
                  Choose Submit to deploy the stack. 
You can view the status of the stack in the AWS CloudFormation console in the Status column. You should receive a CREATE_COMPLETE status in approximately 5 minutes.
Once you have created the alarms, a confirmation email will be sent to your email address. You must choose the Confirm link in the email.
Go to the CloudWatch Alarms page by choosing the General configuration > Alarms > CloudWatch Alarms link on the Centralized Logging with OpenSearch console, and the link location is shown as follows:
General configuration screen.
 
                
                
            Make sure that all the alarms are in OK status because you might have missed the notification if the alarms have changed its status before subscription.
Note
The alarm will not send an Amazon SNS notification to your email address if triggered before subscription. We recommend you check the alarms status after enabling the OpenSearch alarms. If you see any alarm, which is in In Alarm status, you should fix that issue first.
Delete alarms
- 
               Log in to the Centralized Logging with OpenSearch console. 
- 
               In the navigation pane, under Domains, choose OpenSearch domains. 
- 
               Select the domain from the table. 
- 
               Choose the Alarms tab. 
- 
               Choose the Delete. 
- 
               On the confirmation prompt, choose Delete. 
