CloudWatch Alarm Actions Missing
cloudwatch-alarm-actions-missing
What this rule checks
Detects CloudWatch Alarms without alarm actions or missing-data handling.
How to fix it
- 1Add AlarmActions (SNS, Lambda, SSM) for state-change notifications
- 2Set TreatMissingData to define behaviour for missing data points
import { Duration } from 'aws-cdk-lib';
import { Alarm, Metric } from 'aws-cdk-lib/aws-cloudwatch';
new Alarm(this, 'QueueDepthAlarm', {
metric: new Metric({
namespace: 'AWS/SQS',
metricName: 'ApproximateNumberOfMessagesVisible',
period: Duration.minutes(5),
}),
threshold: 100,
evaluationPeriods: 1,
});import { Duration } from 'aws-cdk-lib';
import { Alarm, Metric, TreatMissingData } from 'aws-cdk-lib/aws-cloudwatch';
import { SnsAction } from 'aws-cdk-lib/aws-cloudwatch-actions';
import { Topic } from 'aws-cdk-lib/aws-sns';
const topic = new Topic(this, 'AlarmTopic');
const alarm = new Alarm(this, 'QueueDepthAlarm', {
metric: new Metric({
namespace: 'AWS/SQS',
metricName: 'ApproximateNumberOfMessagesVisible',
period: Duration.minutes(5),
}),
threshold: 100,
evaluationPeriods: 1,
treatMissingData: TreatMissingData.NOT_BREACHING,
});
alarm.addAlarmAction(new SnsAction(topic));CDK Insights pinpoints the exact file and line in your CDK source for every finding, so you can jump straight to the fix.
Affected resource types
AWS::CloudWatch::AlarmIntentional? Suppress this finding
Sometimes a flag is deliberate — a genuinely public endpoint, say. You can dismiss cloudwatch-alarm-actions-missing and the reason is kept in the report, not silently hidden.
In .cdk-insights.json:
{
"ignoreRules": [
{ "id": "cloudwatch-alarm-actions-missing", "reason": "Why this is intentional" }
]
}Or inline in your CDK code:
Validations.of(scope).acknowledge({
id: 'cdk-insights::cloudwatch-alarm-actions-missing',
reason: 'Why this is intentional',
});Use the rule ID cloudwatch-alarm-actions-missing shown above — not the CDK-* ID from SARIF / GitHub code scanning. To dismiss every finding on one construct instead, use ignorePaths. Suppression docs →
Catch this in your stack
$ npx cdk-insights scanCDK Insights runs this and 118+ other rules locally against your synthesised CDK app — free, no account, your code never leaves your machine.