Rule: CloudWatch Alarm Action Should Be Enabled
This rule ensures that CloudWatch alarm actions are enabled to maintain security standards.
| Rule | CloudWatch alarm action should be enabled |
| Framework | FedRAMP Moderate Revision 4 |
| Severity | ✔ High |
Rule Description
This rule pertains to the FedRAMP Moderate Revision 4 compliance standard in the AWS environment. It requires that all CloudWatch alarms have actions enabled to ensure timely notification and response to any triggered alarms.
Remediation Steps
To comply with this rule, you need to enable at least one action for each of your CloudWatch alarms.
Follow the below steps to enable CloudWatch alarm actions:
Step 1: Identify CloudWatch Alarms
Identify all the CloudWatch alarms that are currently active in your AWS environment.
Step 2: Enable Actions
For each identified CloudWatch alarm, enable at least one action.
A) Using AWS Management Console:
- 1.Go to the Amazon CloudWatch service console.
- 2.Select "Alarms" from the navigation pane.
- 3.Select the desired alarm from the list.
- 4.Select the "Actions" tab.
- 5.Click on "Create new action" or "Edit action" if an action already exists.
- 6.Add a valid action, such as sending an SNS notification or executing an AWS Lambda function.
- 7.Save the changes.
B) Using AWS CLI:
- 1.Open the AWS CLI or a terminal.
- 2.Execute the following command to enable actions for a specific alarm:
aws cloudwatch put-metric-alarm --alarm-name <alarm-name> --alarm-actions <action-arn>
Replace
<alarm-name><action-arn>- 1.Repeat the above command for each CloudWatch alarm that requires an action.
Troubleshooting Steps
1. Alarm Not Triggering Actions
If you are experiencing issues with your CloudWatch alarm not triggering actions, consider the following troubleshooting steps:
- Validate the alarm configuration to ensure proper settings are in place.
- Verify that the alarm state matches the trigger criteria. If the metric data doesn't meet the threshold, the alarm won't trigger the action.
- Check if your action targets (e.g., SNS topic or Lambda function) are correctly configured.
- Ensure the necessary permissions are granted for the alarm to invoke the specified action.
- Validate any dependencies, such as network connectivity or resource availability, that might prevent actions from executing.
2. Incorrect Alarm Action
If the alarm action is not meeting the desired outcome or needs to be updated, follow the below steps:
- Review the alarm configuration to determine if the chosen action is appropriate for the triggered event.
- Edit the CloudWatch alarm action in the AWS Management Console or update the action using the AWS CLI, as described in the earlier remediation steps.
Compliance
To confirm that this rule is enforced and working as expected, regularly monitor the CloudWatch alarms for any alarms without enabled actions. Use the steps provided in the remediation section to enable or correct actions as needed.
Summary
Enabling CloudWatch alarm actions for FedRAMP Moderate Revision 4 compliance ensures that proper notifications are triggered when alarms are activated. Following the provided remediation steps ensures that alarms have at least one action enabled, allowing for timely response and remediation when necessary. Regularly monitoring and validating the alarm configuration and actions will help maintain compliance with this rule.