Setting Up Cloudwatch Alarm Notifications
Wire CloudWatch alarms to SNS so production issues ping you by email, SMS, or webhook without hand-rolling console steps.
Overview
Setting Up CloudWatch Alarm Notifications is an agent skill for the Operate phase that configures SNS topics and subscriptions and links them to CloudWatch alarms for email, SMS, webhook, Lambda, or SQS alerting.
Install
npx skills add https://github.com/aws/agent-toolkit-for-aws --skill setting-up-cloudwatch-alarm-notificationsWhat is this skill?
- Step-by-step SOP: verify call_aws availability, validate inputs, then create/link SNS to alarms
- Supports email, SMS, webhook, Lambda, and SQS notification types with configurable endpoints
- Optional custom SNS topic naming and aws_region (default us-east-1)
- Requires alarm_name, notification_type, and notification_endpoint parameters
- Explicit dependency gate: checks tools without invoking them to avoid accidental AWS side effects
- 5 notification types: email, sms, webhook, lambda, sqs
Adoption & trust: 966 installs on skills.sh; 819 GitHub stars; 3/3 security scanners passed (skills.sh audits).
What problem does it solve?
You have CloudWatch alarms firing in AWS but no dependable channel to reach you or your webhook when thresholds break.
Who is it for?
Solo builders or tiny teams running AWS workloads who need alarm-driven alerts without manual console wiring.
Skip if: Builders on non-AWS clouds, teams with fully managed observability paging already, or anyone who cannot safely grant AWS API access to their agent.
When should I use this skill?
You need notification channels for a named CloudWatch alarm and have notification_type plus notification_endpoint ready.
What do I get? / Deliverables
After the skill runs, SNS is provisioned and bound to the named alarm so notifications reach your chosen endpoint in the selected region.
- SNS topic (and subscriptions) linked to the specified alarm
- Configured notification route in the chosen aws_region
Recommended Skills
Journey fit
Alarm notification setup is classic production operations—alerting after you ship and need to know when metrics breach thresholds. Monitoring is the canonical shelf because the SOP configures SNS topics and subscriptions tied to CloudWatch alarms, not general deploy or incident triage playbooks.
How it compares
Use this procedural SOP instead of ad-hoc console clicking when you want repeatable SNS + alarm linkage from the agent.
Common Questions / FAQ
Who is setting-up-cloudwatch-alarm-notifications for?
Indie and solo operators on AWS who maintain their own monitoring and need SNS-backed alarm notifications configured through an agent-guided checklist.
When should I use setting-up-cloudwatch-alarm-notifications?
Use it in Operate when alarms exist but lack routes, when you add email/SMS/webhook on-call, or when you standardize SNS topics per service after ship.
Is setting-up-cloudwatch-alarm-notifications safe to install?
Review the Security Audits panel on this skill’s Prism page before enabling AWS-changing tools; the SOP is designed to verify call_aws without running it until you proceed.
SKILL.md
READMESKILL.md - Setting Up Cloudwatch Alarm Notifications
# Setup CloudWatch Alarm Notifications ## Overview This SOP guides you through setting up notification channels for CloudWatch alarms using Amazon SNS (Simple Notification Service). It will create SNS topics, configure subscriptions for various notification methods (email, SMS, webhooks), and link them to existing or new CloudWatch alarms. ## Parameters **alarm_name** (required): The name of the CloudWatch alarm to configure notifications for **notification_type** (required): Type of notification (email, sms, webhook, lambda, sqs) **notification_endpoint** (required): The endpoint for notifications (email address, phone number, webhook URL, etc.) **sns_topic_name** (optional): Custom name for the SNS topic (default: generated from alarm name) **aws_region** (optional, default: "us-east-1"): AWS region where resources will be created ## Steps ### 1. Verify Dependencies Check for required tools and warn the user if any are missing. **Constraints:** - You MUST verify the following tools are available in your context: call_aws - You MUST ONLY check for tool existence and MUST NOT attempt to run the tools because running tools during verification could cause unintended side effects, consume resources unnecessarily, or trigger actions before the user is ready - You MUST inform the user about any missing tools with a clear message - You MUST ask if the user wants to proceed anyway despite missing tools - You MUST respect the user's decision to proceed or abort ### 2. Validate Existing CloudWatch Alarm Verify that the specified CloudWatch alarm exists and gather its current configuration. **Constraints:** - You MUST inform the customer that you are checking if the specified alarm exists - You MUST use call_aws to execute: `aws cloudwatch describe-alarms --alarm-names {alarm_name} --region {aws_region}` - You MUST verify the alarm exists before proceeding with notification setup - If the alarm does not exist, You MUST ask the customer if they want to create a new alarm or specify a different existing alarm name - You MUST display the current alarm configuration to the customer for confirmation ### 3. Create SNS Topic Create an SNS topic that will be used to send notifications when the alarm is triggered. **Constraints:** - You MUST inform the customer that you are creating an SNS topic for alarm notifications - You MUST use call_aws to execute: `aws sns create-topic --name {sns_topic_name} --region {aws_region}` - You MUST capture the TopicArn from the response for use in subsequent steps - You MUST handle cases where the topic already exists gracefully - You SHOULD use a descriptive topic name that includes the alarm name if no custom name is provided ### 4. Enable SNS Topic Encryption Configure encryption at rest for the SNS topic to protect sensitive notification data. **Constraints:** - You MUST inform the customer that you are enabling encryption for the SNS topic - You MUST use call_aws to execute: `aws sns set-topic-attributes --topic-arn {topic_arn} --attribute-name KmsMasterKeyId --attribute-value alias/aws/sns --region {aws_region}` - You MUST use the AWS managed key (alias/aws/sns) for encryption unless the customer specifies a custom KMS key - You SHOULD inform the customer about the benefits of encryption at rest for compliance and security - You MUST verify that encryption was successfully enabled by describing the topic attributes ### 5. Configure SNS Topic Policy Set up appropriate permissions for the SNS topic to allow CloudWatch to publish messages. **Constraints:** - You MUST inform the customer that you are configuring topic permissions for CloudWatch access - You MUST create a policy document that allows CloudWatch service to publish to the SNS topic - You MUST use call_aws to execute: `aws sns set-topic-attributes --topic-arn {topic_arn} --attribute-name Policy --attribute-value {policy_json} --region {aws_region}` - You MUST ensure the policy includes the CloudWatch service principal and publis