Skip to content

Integrate with AWS CloudWatch Alarms

Connect your AWS CloudWatch alarms to KloudMate Incident Management to route alarm transitions to your escalation policies and notify your team via Slack, email, SMS, or voice. KloudMate groups incoming alarm events, dedupes them to prevent alert noise, and automatically resolves incidents when the alarms return to normal.

This integration uses an AWS Simple Notification Service (SNS) topic to route CloudWatch state changes to a KloudMate webhook endpoint.

Before you start, make sure you have:

  • An Incident Management service configured in KloudMate.
  • Permissions in AWS to create SNS topics, subscriptions, and CloudWatch alarms.

Step 1: Create a CloudWatch alert source in KloudMate

Section titled “Step 1: Create a CloudWatch alert source in KloudMate”

Create a unique ingestion endpoint in KloudMate to receive your CloudWatch alerts.

  1. Log into the KloudMate Console and open Incident Management → Alert Sources.

  2. Click Add (or navigate to a specific Service and click Create Alert Source under details).

  3. Set the Type to CloudWatch Alarm.

  4. Select the Service you want to associate with these alarms.

  5. Enter a Name and Description for the alert source.

  6. Click Save.

  7. From the details page of your new alert source, copy the Source URL (e.g. https://api.kloudmate.com/im/hooks/cw-a1b2c3d4e5f6).

Create CloudWatch alert source

CloudWatch alert source URL

CloudWatch alarms publish their status changes to an Amazon Simple Notification Service (SNS) topic, which then pushes them to KloudMate.

  1. Log into the AWS Management Console and open the Amazon SNS console.

  2. In the left navigation, click Topics, then click Create topic.

  3. Choose Standard as the topic type.

  4. Enter a Name (for example, kloudmate-incidents-trigger) and optional Display name.

  5. Keep all other default settings and click Create topic.

Subscribe your KloudMate source URL to your AWS SNS topic.

  1. In your newly created SNS topic page, click Create subscription.

  2. Set the Protocol to HTTPS.

  3. In the Endpoint field, paste the Source URL you copied from KloudMate in Step 1.

  4. Keep the default settings and click Create subscription.

Configure your AWS CloudWatch alarms to notify the SNS topic when they transition to an alarm state and when they recover.

  1. Open the Amazon CloudWatch console and navigate to Alarms → All alarms.

  2. Select an existing alarm and click Edit, or click Create alarm.

  3. In the Configure actions step:

    • Under Alarm state trigger, select In alarm.
    • Under Send a notification to the following SNS topic, select Select an existing SNS topic and choose the topic you created in Step 2.
  4. Click Add notification to configure a recovery action:

    • Under Alarm state trigger, select OK.
    • Under Send a notification to the following SNS topic, select the same SNS topic.
  5. Click Update alarm (or complete the alarm creation steps) to save your changes.

KloudMate processes incoming CloudWatch alarm payloads automatically to keep your incidents organized and up to date.

To prevent alert fatigue and duplicate notifications, KloudMate groups incoming alert events:

  • When an alarm enters the ALARM state, AWS SNS pushes the event payload to KloudMate.
  • KloudMate generates a unique Group ID by hashing the AlarmName from the payload.
  • If no open incident exists for this Group ID, KloudMate opens a new incident, processes your Routing Rules, and triggers the configured escalation policy.
  • If an open incident already exists for this Group ID, KloudMate logs the new alarm event under the existing incident and increments its suppression count. No duplicate incidents or notifications are created.

When the underlying issue clears, KloudMate resolves the incident automatically:

  • When the CloudWatch alarm transitions back to OK, AWS SNS pushes the state change to KloudMate.
  • KloudMate inspects the payload (NewStateValue == "OK"), identifies it as a recovery signal, and automatically marks the active incident as Resolved.
  • This immediately halts the escalation policy, stopping any further notifications.