How to create alarm over AWS S3 using Terraform

Reading Time: 3 minutes

Introduction

Hi all, today we are going to learn how to create an alarm over AWS S3 using Terraform. Terraform is IAC(Infrastructure as code) tool. We will be creating a use case such that if no file is received in last 2 hours in our S3 bucket then one alarm will go off and send alert mail on your specified mail address.

Terraform Script

Provider

First, we have to specify provider. In this case i am using aws. Specify the region, i am doing for ap-south-1

provider "aws" {
  region = "ap-south-1"
}

Resource

aws_s3_bucket_notification

In this block, We are going to use aws_s3_bucket_notification as our resource for aws provider. Inside this resource block, we are going to specify our bucket then topic_arn and events. You have to create bucket, sns topic( for email notification and appropriate iam policies) and events(for s3 object creation).

resource "aws_s3_bucket_notification" "bucket_notification" {
  bucket = "franklin-terraform"

  topic {
    topic_arn     = "arn:aws:sns:ap-south-1:269763233488:test-jugaad"
    events        = ["s3:ObjectCreated:*"]
    
  }
}

aws_cloudwatch_metric_alarm

Now we are going to use another resource aws_cloudwatch_metric_alarm to create alarm. This will create one alarm you can also see it in cloudwatch section. This will also give you a graph which shows the datapoints of files coming in s3 bucket. And if no files has come in last 2 hours it will send mail using sns configured.

resource "aws_cloudwatch_metric_alarm" "franklin-test-terraform" {
  alarm_name                = "franklin-test-terraform"
  comparison_operator       = "LessThanThreshold"
  evaluation_periods        = "38"
  metric_name               = "NumberOfMessagesPublished"
  namespace                 = "AWS/SNS"
  period                    = "180"
  statistic                 = "Sum"
  threshold                 = "1"
  alarm_description         = "This metric monitors whether there is any file uploaded to s3 bucket in last 2 hours"
  actions_enabled           = "true"
  alarm_actions             = ["arn:aws:sns:ap-south-1:269763233488:Default_CloudWatch_Alarms_Topic"]
  ok_actions                =  ["arn:aws:sns:ap-south-1:269763233488:Default_CloudWatch_Alarms_Topic"]          
  insufficient_data_actions = []
  treat_missing_data        = "breaching"

   dimensions = {
    TopicName = "test-jugaad"
  }
}

Here in the code or in the above image you can see the configuration of our alarm. first we have our alarm name then comparison_operator(LessThanThreshold, means if it is less than 1 alarm will trigger). period(180 seconds over which the specified statistics is applied), evaluation_periods(38, The number of periods over which data is compared to the specified threshold) etc. Refer here to get more details https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_metric_alarm

After that if you don’t receive any files you will get mail something like this

Conclusion

In this blog we have learned how to create an alarm with sns enabled which will notify the user if no files has been received in last 2 hours. You can change the time period according to your need. This automation stuff can save you a lot of time. This automation can be used in use cases where a lot of data streams into your pipeline on regular basis.

You can visit https://blog.knoldus.com/tag/terraform/ for more blogs on terraform