AWS CloudWatch Integration

Receive CloudWatch alarms in OpsKnight via Amazon SNS.

Endpoint

POST /api/integrations/cloudwatch?integrationId=YOUR_INTEGRATION_ID

Setup

Step 1: Create Integration in OpsKnight

Go to Services and select your service
Click Integrations tab
Click Add Integration
Select AWS CloudWatch
Copy the Integration ID

In AWS Console, go to SNS → Topics
Click Create topic
Choose Standard type
Name it (e.g., opsknight-alerts)
Click Create topic

Step 3: Create HTTPS Subscription

Open your SNS topic
Click Create subscription
Configure:

Field	Value
Protocol	HTTPS
Endpoint	`https://YOUR_OPSKNIGHT_URL/api/integrations/cloudwatch?integrationId=YOUR_INTEGRATION_ID`

Click Create subscription

Step 4: Confirm Subscription

Important: OpsKnight does NOT auto-confirm SNS subscriptions for security.

To confirm the subscription:

Check OpsKnight audit logs or server logs for the SubscribeURL
Visit the URL once to confirm
Or confirm manually in AWS Console if visible

Step 5: Configure CloudWatch Alarms

Go to CloudWatch → Alarms
Create or edit an alarm
Under Notification, add the SNS topic you created
Save the alarm

Payload Format

CloudWatch alarms are wrapped in SNS notifications:

{
  "Type": "Notification",
  "MessageId": "abc123",
  "TopicArn": "arn:aws:sns:us-east-1:123456789:opsknight-alerts",
  "Message": "{...CloudWatch alarm JSON...}",
  "Timestamp": "2024-01-15T10:00:00Z"
}

CloudWatch Alarm Message

{
  "AlarmName": "High CPU Usage",
  "AlarmDescription": "CPU usage exceeded 90% - CRITICAL",
  "NewStateValue": "ALARM",
  "NewStateReason": "Threshold crossed: CPU > 90%",
  "StateChangeTime": "2024-01-15T10:00:00Z",
  "Region": "us-east-1",
  "Trigger": {
    "MetricName": "CPUUtilization",
    "Namespace": "AWS/EC2",
    "Statistic": "Average",
    "Threshold": 90
  }
}

Event Mapping

CloudWatch State	OpsKnight Action
`ALARM`	Trigger incident
`OK`	Resolve incident
`INSUFFICIENT_DATA`	No action

Severity Mapping

Severity is determined by keywords in AlarmDescription:

AlarmDescription Contains	OpsKnight Severity
`CRITICAL`, `HIGH`	critical
`WARNING`, `ERROR`, `MEDIUM`	error
`INFO`, `LOW`	info
(default for ALARM)	critical

Best Practice

Include severity keywords in your alarm descriptions:

High CPU Usage - CRITICAL - Production servers
Memory Usage Warning - WARNING - Development

Incident Title

The incident title is set to the AlarmName.

The source is formatted as: AWS CloudWatch ({Region})

Deduplication

Dedup key format: cloudwatch-{Region}-{AlarmName}

This ensures the same alarm in the same region maps to the same incident.

Testing

Using AWS Console

Go to CloudWatch → Alarms
Select an alarm
Click Actions → Set alarm state
Set to ALARM
Verify incident appears in OpsKnight
Set back to OK to test resolution

Using AWS CLI

# Trigger alarm
aws cloudwatch set-alarm-state \
  --alarm-name "Your-Alarm-Name" \
  --state-value ALARM \
  --state-reason "Testing OpsKnight integration"

# Resolve alarm
aws cloudwatch set-alarm-state \
  --alarm-name "Your-Alarm-Name" \
  --state-value OK \
  --state-reason "Test complete"

Troubleshooting

Subscription Not Confirming

Check logs for the SubscribeURL
Visit the URL manually to confirm
Verify endpoint is accessible from AWS

Alarms Not Appearing

Check subscription status in AWS SNS
Verify alarm has the SNS topic as notification target
Test subscription by publishing a test message

Incidents Not Resolving

Ensure alarm sends OK notifications
Check SNS delivery logs for errors

Wrong Severity

Add severity keywords to AlarmDescription
Use uppercase: CRITICAL, WARNING, INFO

Azure Monitor Integration — Azure monitoring
Google Cloud Monitoring Integration — GCP monitoring
Events API — Programmatic event submission
Integrations Overview — All integrations