{"id":14848315,"url":"https://github.com/fourTheorem/slic-watch","last_synced_at":"2025-09-18T04:33:06.857Z","repository":{"id":37461582,"uuid":"280642845","full_name":"fourTheorem/slic-watch","owner":"fourTheorem","description":"Instant alarms and dashboards for Serverless, SAM, CDK and CloudFormation","archived":false,"fork":false,"pushed_at":"2024-11-12T19:59:45.000Z","size":16128,"stargazers_count":161,"open_issues_count":14,"forks_count":15,"subscribers_count":2,"default_branch":"main","last_synced_at":"2025-09-07T07:58:50.556Z","etag":null,"topics":["api-gateway","aws","aws-lambda","awssam","cdk","cloudformation","lambda","serverless","serverless-framework","sqs"],"latest_commit_sha":null,"homepage":"","language":"JavaScript","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"apache-2.0","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/fourTheorem.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":"CONTRIBUTING.md","funding":null,"license":"LICENSE","code_of_conduct":"CODE_OF_CONDUCT.md","threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2020-07-18T11:31:42.000Z","updated_at":"2025-04-12T00:20:58.000Z","dependencies_parsed_at":"2023-11-06T14:42:40.169Z","dependency_job_id":"e9a7f09d-5281-4ef7-86d3-e737aeafce07","html_url":"https://github.com/fourTheorem/slic-watch","commit_stats":{"total_commits":344,"total_committers":17,"mean_commits":"20.235294117647058","dds":0.3866279069767442,"last_synced_commit":"d532930fdc109c77450ec7bbfc2f0215475b3e0a"},"previous_names":[],"tags_count":74,"template":false,"template_full_name":null,"purl":"pkg:github/fourTheorem/slic-watch","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fourTheorem%2Fslic-watch","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fourTheorem%2Fslic-watch/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fourTheorem%2Fslic-watch/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fourTheorem%2Fslic-watch/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/fourTheorem","download_url":"https://codeload.github.com/fourTheorem/slic-watch/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/fourTheorem%2Fslic-watch/sbom","scorecard":{"id":407939,"data":{"date":"2025-08-11","repo":{"name":"github.com/fourTheorem/slic-watch","commit":"d532930fdc109c77450ec7bbfc2f0215475b3e0a"},"scorecard":{"version":"v5.2.1-40-gf6ed084d","commit":"f6ed084d17c9236477efd66e5b258b9d4cc7b389"},"score":3.9,"checks":[{"name":"Maintained","score":0,"reason":"0 commit(s) and 0 issue activity found in the last 90 days -- score normalized to 0","details":null,"documentation":{"short":"Determines if the project is \"actively maintained\".","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#maintained"}},{"name":"Dangerous-Workflow","score":10,"reason":"no dangerous workflow patterns detected","details":null,"documentation":{"short":"Determines if the project's GitHub Action workflows avoid dangerous patterns.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#dangerous-workflow"}},{"name":"Code-Review","score":6,"reason":"Found 3/5 approved changesets -- score normalized to 6","details":null,"documentation":{"short":"Determines if the project requires human code review before pull requests (aka merge requests) are merged.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#code-review"}},{"name":"Token-Permissions","score":0,"reason":"detected GitHub workflow tokens with excessive permissions","details":["Warn: no topLevel permission defined: .github/workflows/build.yml:1","Info: topLevel 'contents' permission set to 'read': .github/workflows/release.yml:14","Info: no jobLevel write permissions found"],"documentation":{"short":"Determines if the project's workflows follow the principle of least privilege.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#token-permissions"}},{"name":"Binary-Artifacts","score":10,"reason":"no binaries found in the repo","details":null,"documentation":{"short":"Determines if the project has generated executable (binary) artifacts in the source repository.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#binary-artifacts"}},{"name":"CII-Best-Practices","score":0,"reason":"no effort to earn an OpenSSF best practices badge detected","details":null,"documentation":{"short":"Determines if the project has an OpenSSF (formerly CII) Best Practices Badge.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#cii-best-practices"}},{"name":"Pinned-Dependencies","score":2,"reason":"dependency not pinned by hash detected -- score normalized to 2","details":["Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:20: update your workflow using https://app.stepsecurity.io/secureworkflow/fourTheorem/slic-watch/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/build.yml:21: update your workflow using https://app.stepsecurity.io/secureworkflow/fourTheorem/slic-watch/build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:40: update your workflow using https://app.stepsecurity.io/secureworkflow/fourTheorem/slic-watch/build.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/build.yml:53: update your workflow using https://app.stepsecurity.io/secureworkflow/fourTheorem/slic-watch/build.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:22: update your workflow using https://app.stepsecurity.io/secureworkflow/fourTheorem/slic-watch/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:24: update your workflow using https://app.stepsecurity.io/secureworkflow/fourTheorem/slic-watch/release.yml/main?enable=pin","Warn: GitHub-owned GitHubAction not pinned by hash: .github/workflows/release.yml:34: update your workflow using https://app.stepsecurity.io/secureworkflow/fourTheorem/slic-watch/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:37: update your workflow using https://app.stepsecurity.io/secureworkflow/fourTheorem/slic-watch/release.yml/main?enable=pin","Warn: third-party GitHubAction not pinned by hash: .github/workflows/release.yml:47: update your workflow using https://app.stepsecurity.io/secureworkflow/fourTheorem/slic-watch/release.yml/main?enable=pin","Warn: npmCommand not pinned by hash: .github/workflows/release.yml:30","Warn: npmCommand not pinned by hash: .github/workflows/release.yml:40","Info:   0 out of   5 GitHub-owned GitHubAction dependencies pinned","Info:   0 out of   4 third-party GitHubAction dependencies pinned","Info:   2 out of   4 npmCommand dependencies pinned"],"documentation":{"short":"Determines if the project has declared and pinned the dependencies of its build process.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#pinned-dependencies"}},{"name":"Security-Policy","score":0,"reason":"security policy file not detected","details":["Warn: no security policy file detected","Warn: no security file to analyze","Warn: no security file to analyze","Warn: no security file to analyze"],"documentation":{"short":"Determines if the project has published a security policy.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#security-policy"}},{"name":"License","score":10,"reason":"license file detected","details":["Info: project has a license file: LICENSE:0","Info: FSF or OSI recognized license: Apache License 2.0: LICENSE:0"],"documentation":{"short":"Determines if the project has defined a license.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#license"}},{"name":"Fuzzing","score":0,"reason":"project is not fuzzed","details":["Warn: no fuzzer integrations found"],"documentation":{"short":"Determines if the project uses fuzzing.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#fuzzing"}},{"name":"Packaging","score":10,"reason":"packaging workflow detected","details":["Info: Project packages its releases by way of GitHub Actions.: .github/workflows/release.yml:17"],"documentation":{"short":"Determines if the project is published as a package that others can easily download, install, easily update, and uninstall.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#packaging"}},{"name":"Signed-Releases","score":-1,"reason":"no releases found","details":null,"documentation":{"short":"Determines if the project cryptographically signs release artifacts.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#signed-releases"}},{"name":"Branch-Protection","score":-1,"reason":"internal error: error during branchesHandler.setup: internal error: githubv4.Query: Resource not accessible by integration","details":null,"documentation":{"short":"Determines if the default and release branches are protected with GitHub's branch protection settings.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#branch-protection"}},{"name":"SAST","score":0,"reason":"SAST tool is not run on all commits -- score normalized to 0","details":["Warn: 0 commits out of 28 are checked with a SAST tool"],"documentation":{"short":"Determines if the project uses static code analysis.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#sast"}},{"name":"Vulnerabilities","score":0,"reason":"27 existing vulnerabilities detected","details":["Warn: Project is vulnerable to: GHSA-v4mq-x674-ff73","Warn: Project is vulnerable to: GHSA-qq4x-c6h6-rfxh","Warn: Project is vulnerable to: GHSA-5pq3-h73f-66hr","Warn: Project is vulnerable to: GHSA-wf5p-g6vw-rhxx","Warn: Project is vulnerable to: GHSA-jr5f-v2jv-69x6","Warn: Project is vulnerable to: GHSA-8hc4-vh64-cxmj","Warn: Project is vulnerable to: GHSA-v6h2-p8h4-qcjw","Warn: Project is vulnerable to: GHSA-grv7-fg5c-xmjg","Warn: Project is vulnerable to: GHSA-3xgq-45jj-v275","Warn: Project is vulnerable to: GHSA-4gmj-3p3h-gm8h","Warn: Project is vulnerable to: GHSA-67mh-4wv8-2f99","Warn: Project is vulnerable to: GHSA-jchw-25xp-jwwc","Warn: Project is vulnerable to: GHSA-cxjh-pqwp-8mfp","Warn: Project is vulnerable to: GHSA-fjxv-7rqg-78g4","Warn: Project is vulnerable to: GHSA-75v8-2h7p-7m2m","Warn: Project is vulnerable to: GHSA-78xj-cgh5-2h22","Warn: Project is vulnerable to: GHSA-2p57-rm9w-gvfp","Warn: Project is vulnerable to: GHSA-pppg-cpfq-h7wr","Warn: Project is vulnerable to: GHSA-hw8r-x6gr-5gjp","Warn: Project is vulnerable to: GHSA-593f-38f6-jp5m","Warn: Project is vulnerable to: GHSA-x2rg-q646-7m2v","Warn: Project is vulnerable to: GHSA-jgmv-j7ww-jx2x","Warn: Project is vulnerable to: GHSA-952p-6rrq-rcjv","Warn: Project is vulnerable to: GHSA-x7hr-w5r2-h6wg","Warn: Project is vulnerable to: GHSA-f5x3-32g6-xq36","Warn: Project is vulnerable to: GHSA-52f5-9888-hmc6","Warn: Project is vulnerable to: GHSA-3h5v-q93c-6h6q"],"documentation":{"short":"Determines if the project has open, known unfixed vulnerabilities.","url":"https://github.com/ossf/scorecard/blob/f6ed084d17c9236477efd66e5b258b9d4cc7b389/docs/checks.md#vulnerabilities"}}]},"last_synced_at":"2025-08-18T21:52:23.881Z","repository_id":37461582,"created_at":"2025-08-18T21:52:23.881Z","updated_at":"2025-08-18T21:52:23.881Z"},"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":274694210,"owners_count":25332672,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","status":"online","status_checked_at":"2025-09-11T02:00:13.660Z","response_time":74,"last_error":null,"robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":true,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["api-gateway","aws","aws-lambda","awssam","cdk","cloudformation","lambda","serverless","serverless-framework","sqs"],"created_at":"2024-09-19T13:01:52.061Z","updated_at":"2025-09-18T04:33:06.408Z","avatar_url":"https://github.com/fourTheorem.png","language":"JavaScript","funding_links":[],"categories":["Observability Tools (Logging / Monitoring / Performance / Tracing)"],"sub_categories":[],"readme":"# slic-watch\n\n[![serverless](http://public.serverless.com/badges/v3.svg)](http://www.serverless.com)\n[![npm version](https://img.shields.io/npm/v/serverless-slic-watch-plugin)](https://npm.im/serverless-slic-watch-plugin)\n[![Build](https://github.com/fourTheorem/slic-watch/actions/workflows/build.yml/badge.svg)](https://github.com/fourTheorem/slic-watch/actions/workflows/build.yml)\n[![Coverage Status](https://coveralls.io/repos/github/fourTheorem/slic-watch/badge.svg)](https://coveralls.io/github/fourTheorem/slic-watch)\n[![JavaScript Style Guide](https://img.shields.io/badge/code_style-standard-brightgreen.svg)](https://standardjs.com)\n\nAutomatic, best-practice CloudWatch **Dashboards** and **Alarms** for your SAM, CloudFormation, CDK and Serverless Framework applications.\n\nSLIC Watch supports: _AWS Lambda, API Gateway, DynamoDB, Kinesis Data Streams, SQS Queues, Step Functions, ECS (Fargate or EC2), SNS, EventBridge, Application Load Balancer and AppSync._  \n\nSupported tools include:\n * ⚡️ **Serverless Framework** v3 via the [_SLIC Watch Serverless Plugin_](#getting-started-with-serverless-framework)\n * 🐿 **AWS SAM**, 📦 **AWS CDK**  and ☁️ **CloudFormation** using the [_CloudFormation Macro_](#getting-started-with-aws-sam-cdk-or-cloudformation), published in the Serverless Application Repository (SAR).\n\n## Contents\n- [slic-watch](#slic-watch)\n  - [Contents](#contents)\n  - [Getting Started with Serverless Framework](#getting-started-with-serverless-framework)\n  - [Getting Started with AWS SAM, CDK or CloudFormation](#getting-started-with-aws-sam-cdk-or-cloudformation)\n    - [Deploying the SLIC Watch Macro](#deploying-the-slic-watch-macro)\n    - [Adding the SLIC Watch Transform to SAM or CloudFormation templates](#adding-the-slic-watch-transform-to-sam-or-cloudformation-templates)\n    - [Adding the SLIC Watch Transform to CDK Apps](#adding-the-slic-watch-transform-to-cdk-apps)\n  - [Features](#features)\n    - [Lambda Functions](#lambda-functions)\n    - [API Gateway](#api-gateway)\n    - [DynamoDB](#dynamodb)\n    - [Kinesis Data Streams](#kinesis-data-streams)\n    - [SQS Queues](#sqs-queues)\n    - [Step Functions](#step-functions)\n    - [ECS / Fargate](#ecs--fargate)\n    - [SNS](#sns)\n    - [EventBridge](#eventbridge)\n    - [Application Load Balancer](#application-load-balancer)\n    - [AppSync](#appsync)\n  - [Configuration](#configuration)\n    - [Top-level configuration](#top-level-configuration)\n    - [Resource-level configuration](#resource-level-configuration)\n      - [Serverless Framework function-level configuration](#serverless-framework-function-level-configuration)\n      - [SAM/CloudFormation function-level configuration](#samcloudformation-function-level-configuration)\n      - [CDK function-level configuration](#cdk-function-level-configuration)\n  - [A note on CloudWatch cost](#a-note-on-cloudwatch-cost)\n  - [References](#references)\n    - [Other Projects](#other-projects)\n    - [Reading](#reading)\n  - [LICENSE](#license)\n## Getting Started with Serverless Framework\n\n_If you are using AWS SAM or CloudFormation, skip to the section below._\n\n1. 📦 Install the plugin:\n```bash\nnpm install serverless-slic-watch-plugin --save-dev\n```\n2. 🖋️ Add the plugin to the `plugins` section of `serverless.yml`:\n```yaml\nplugins:\n  - serverless-slic-watch-plugin\n```\n3. 🪛 _Optionally_, add some configuration for the plugin to the `custom -\u003e slicWatch` section of `serverless.yml`.\nHere, you can specify a reference to the SNS topic for alarms. This is optional, but it's usually something you want\nso you can receive alarm notifications via email, Slack, etc.\n\n```yaml\ncustom:\n  slicWatch:\n    alarmActionsConfig: {\n      alarmActions: [{'Fn::Ref': myTopic}]\n    }\n```\nSee the [Configuration](#configuration) section below for more detailed instructions on fine tuning SLIC Watch to your needs.\n\n\n4. 🚢 Deploy your application in the usual way, for example:\n```\nsls deploy\n```\n5. 👀 Head to the CloudWatch section of the AWS Console to check out your new dashboards 📊 and alarms ⏰ !\n\n\n## Getting Started with AWS SAM, CDK or CloudFormation\n\nℹ️ **IMPORTANT**: If you are using AWS SAM, CDK, or just plain CloudFormation, the most important thing to know is that your AWS account/region should have the **SLIC Watch Macro** deployed before you do anything. Once that's done, it is very simple to add this macro as a transform to your SAM or CloudFormation template.\n\n### Deploying the SLIC Watch Macro\nIt would be nice if CloudFormation allowed us to publicly publish a macro so you don't need this step, but for now, you can deploy the SLIC Watch Macro using any of the following options. We have made the macro available as a _Serverless Application Repository (SAR)_ app. This SAR app is used in Options 1 and 2 below. Option 3 is a manual option where you deploy the macro from this repository directly without using SAR.\n\n- **Option 1** using the Service Application Repository (SAR) console: Go to [SLIC Watch in the Serverless Application Repository](https://serverlessrepo.aws.amazon.com/applications/eu-west-1/949339270388/slic-watch-app) and click the _Deploy_ button.\n- **Option 2** (using SAR with CloudFormation): If you prefer to automate the deployment of SAR apps using Infrastructure as Code, you can add the SAR app as a resource in any CloudFormation template. Note that this cannot be the same template as the application in which you want to use SLIC Watch!\nThe snippet of CloudFormation is as follows.\n ```yaml\n  Resources:\n    ...\n    SlicWatchMacro:\n      Type: AWS::Serverless::Application\n      Properties:\n        Location:\n          ApplicationId: arn:aws:serverlessrepo:eu-west-1:949339270388:applications~slic-watch-app \n          SemanticVersion: \u003center latest version\u003e\n ```\nTo determine the list of available versions, you can use the AWS CLI:\n```bash\naws serverlessrepo list-application-versions \\\n  --application-id arn:aws:serverlessrepo:eu-west-1:949339270388:applications/slic-watch-app\n```\n- **Option 3** (manual Macro deployment using SAM directly from source):\n```bash\nnpm install\nsam build --base-dir . --template-file cf-macro/template.yaml\nsam deploy --guided\n```\n### Adding the SLIC Watch Transform to SAM or CloudFormation templates\nOnce you have deployed the macro, you can start using SLIC Watch in SAM or CloudFormation templates by adding this to the **Transform** section:\n\n```yaml\nTransform:\n  - ...\n  - SlicWatch-v3\n```\n\n🪛 _Optionally_, add some configuration for the plugin to the `Metadata -\u003e slicWatch` section of `template.yml`.\nHere, you can specify a reference to the SNS topic for alarms. This is optional, but it's usually something you want\nso you can receive alarm notifications via email, Slack, etc.\n\n```yaml\nMetadata:\n  slicWatch:\n    enabled: true\n    alarmActionsConfig:\n      alarmActions:\n        - !Ref MonitoringTopic\n```\nSee the [Configuration](#configuration) section below for more detailed instructions on fine tuning SLIC Watch to your needs.\n\nIf you want to override the default alarm and dashboard settings for each Lambda Function resource, add the `slicWatch` property to the `Metadata` section.\n\n### Adding the SLIC Watch Transform to CDK Apps\nOnce you have deployed the macro, add it to CDK Stack in the constructor of the class that extends Stack. It should be done for every Stack in the CDK App.\n\n```javascript\n// JavaScript/TypeScript:\nexport class MyStack extends cdk.Stack {\n  constructor (scope: cdk.App, id: string, props?: cdk.StackProps) {\n    super(scope, id, props)\n\n    this.addTransform('SlicWatch-v3')\n    ...\n  }\n}\n```\n\n```python\n# Python:\nself.add_transform(\"SlicWatch-v3\")\n```\n```csharp\n// C#:\nthis.AddTransform(\"SlicWatch-v3\")\n```\n\n```java\n// Java:\nthis.addTransform(\"SlicWatch-v3\");\n```\n\n🪛 _Optionally_, add some configuration for the plugin as below:\n\n```javascript\nthis.templateOptions.metadata = {\n  slicWatch: {\n    enabled: true,\n    alarmActionsConfig: {\n      alarmActions: [\"arn:aws:sns:eu-west-1:xxxxxxx:topic\"],\n      okActions: [\"arn:aws:sns:eu-west-1:xxxxxxx:topic\"],\n      actionsEnabled: true\n    }\n  }\n}\n```\n\n## Features\n\nCloudWatch Alarms and Dashboard widgets are created for all supported resources in the CloudFormation stack generated by The Serverless Framework. This includes generated resources as well as resources specified explicitly in the `resources` section.\nAny feature can be configured or disabled completely - see the section on [configuration](#configuration) to see how.\n\n### Lambda Functions\n\nLambda Function alarms are created for:\n1. _Errors_\n2. _Throttles_, as a percentage of the number of invocations\n3. _Duration_, as a percentage of the function's configured timeout\n4. _Invocations_, disabled by default\n5. _IteratorAge_, for functions triggered by an [Event Source Mapping](https://docs.aws.amazon.com/lambda/latest/dg/invocation-eventsourcemapping.html)\n\nLambda dashboard widgets show:\n\n|Errors|Throttles|Duration Average, P95 and Maximum|\n|--|--|--|\n|![Errors](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/lambdaErrors.png)|![Throttles](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/lambdaThrottles.png) |![Throttles](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/lambdaDurationP95.png) |\n|**Invocations**|**Concurrent Executions**|**Iterator Age**|\n|![Invocations](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/lambdaInvocations.png) |![concurrent executions](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/lambdaConcurrentExecutions.png) |![Iterator Age](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/lambdaIteratorAge.png) |\n\n### API Gateway\n\nAPI Gateway alarms are created for:\n1. 5XX Errors\n2. 4XX Errors\n3. Latency\n\nAPI Gateway dashboard widgets show:\n\n|5XX Errors|4XX Errors|Latency|Count|\n|--|--|--|--|\n|![5XX Errors](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/api5xx.png)|![4XX Errors](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/api4xx.png) |![Latency](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/apiLatency.png) |![Count](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/apiCount.png) |\n\n### DynamoDB\n\nDynamoDB alarms are created for:\n1. Read Throttle Events (Table and GSI)\n2. Write Throttle Events (Table and GSI)\n3. UserErrors\n4. SystemErrors\n\nDashboard widgets are created for tables and GSIs:\ndynamodbGSIReadThrottle.png    dynamodbGSIWriteThrottle.png     dynamodbTableWriteThrottle.png\n\n|ReadThrottleEvents (Table)| WriteThrottleEvent (Table)|\n|---|---|\n|![WriteThrottleEvents Table](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/dynamodbTableWriteThrottle.png)|![WriteThrottleEvents Table](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/dynamodbTableWriteThrottle.png)|\n|**ReadThrottleEvents (GSI)**|**WriteThrottleEvent (GSI)**|\n|![WriteThrottleEvents GSI](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/dynamodbGSIWriteThrottle.png)|![WriteThrottleEvents GSI](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/dynamodbGSIWriteThrottle.png)|\n\n### Kinesis Data Streams\nKinesis data stream alarms are created for:\n1. Iterator Age\n2. Read Provisioned Throughput Exceeded\n2. Write Provisioned Throughput Exceeded\n3. PutRecord.Success\n3. PutRecords.Success\n4. GetRecords.Success\n\nKinesis data stream dashboard widgets show:\n\n|Iterator Age|Read Provisioned Throughput Exceeded|Write Provisioned Throughput Exceeded|\n|--|--|--|\n|![Iterator Age](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/kinesisIteratorAge.png)|![Provisioned Throughput Exceeded](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/kinesisProvisionedThroughput.png) |![Put/Get Success](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/kinesisPutGetSuccess.png) |\n\n### SQS Queues\n\nSQS Queue alarms are create for:\n1. Age Of Oldest Message (disabled by default). If enabled, a threshold in seconds should be specified.\n2. In Flight Messages Percentage. This is a percentage of the [AWS hard limits](https://aws.amazon.com/sqs/faqs/) (20,000 messages for FIFO queues and 120,000 for standard queues).\n\nSQS queue dashboard widgets show:\n\n|Messages Sent, Received and Deleted|Messages Visible|Age of Oldest Message|\n|--|--|--|\n|![Messages](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/sqsMessages.png)|![Messages Visible](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/sqsMessagesInQueue.png) |![Oldest Message](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/sqsOldestMessage.png) |\n\n### Step Functions\n\nStep Function alarms are created for:\n1. Execution Throttled\n2. Executions Failed\n3. Executions Timed Out\n\nThe dashboard contains one widget per Step Function:\n|ExecutionsFailed ExecutionThrottled, ExecutionsTimedOut|\n|--|\n|![Step Function widget](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/stepFunctions.png)\n\n### ECS / Fargate\n\nECS alarms are created for Fargate or EC2 clusters:\n1. Memory Utilization\n2. CPU Utilization\n\n### SNS\n\nSNS alarms are created for:\n1. Number of Notifications Filtered Out due to Invalid Attributes\n2. Number of Notifications Failed\n\nSNS Topic dashboard widgets show:\n\n|Messages Filtered Out - Invalid Attributes|Notifications Failed|\n|--|--|\n|![Invalid Attributes](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/snsInvalidAttributes.png)|![Notifications Failed](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/snsNotificationsFailed.png) |\n\n### EventBridge\n\nEventBridge alarms are created for:\n1. Failed Invocations\n2. Throttled Rules\n\nEventBridge Rule dashboard widgets show:\n\n|Failed Invocations|Invocations|\n|--|--|\n|![FailedInvocations](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/eventBridgeFailedInvocations.png)|![Invocations](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/eventBridgeInvocations.png)|\n\n### Application Load Balancer\nApplication Load Balancer alarms are created for:\n1. HTTP Code ELB 5XX Count\n2. Rejected Connection Count\n3. HTTP Code Target 5XX Count\n4. UnHealthy Host Count\n5. Lambda Internal Error\n6. Lambda User Error\n\nApplication Load Balancer dashboard widgets show:\n\n|HTTP Code ELB 5XX Count|HTTP Code Target 5XX Count|Rejected Connection Count| \n|--|--|--|\n|![HTTPCode_ELB_5XX_Count](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/httpCodeElb5XXCount.png) |![HTTPCode_Target_5XX_Count](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/httpCodeTarget5XXCount.png)| |\n|**UnHealthy Host Count**|**Lambda User Error**|**Lambda Internal Error**|\n|![UnHealthyHostCount](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/unHealthyHostCount.png) |![LambdaUserError](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/lambdaUserError.png)| |\n\n### AppSync\nAppSync alarms are created for:\n1. 5XX Error\n2. Latency\n\nAppSync dashboard widgets show:\n\n|5XX Error, Latency, 4XX Error, Request|\n|--|\n|![API Widget](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/appsyncAPI.png)|\n|**Connect Server Error**, **Disconnect Server Error**, **Subscribe Server Error**, **Unsubscribe Server Error**,**PublishDataMessageServerError**|\n|![Real-time Subscriptions Widget](https://raw.githubusercontent.com/fourtheorem/slic-watch/main/docs/appsyncRealTimeSubscriptions.png)|\n## Configuration\n\nConfiguration is entirely optional - SLIC Watch provides defaults that work out of the box.\n\n**Note**: Alarm configuration is _cascading_. This means that configuration properties are automatically propagated from parent to children nodes (unless an override is present at the given node).\n\nYou can customize the configuration:\n- at the top level, for all resources in each service, and/or\n- at the level of individual resources\n\n### Top-level configuration\nTop-level SLIC Watch configuration can be specified for all resources of each type:\n- For *Serverless Framework applications*, in the `custom` → `slicWatch` section of `serverless.yml`:\n```yaml\ncustom:\n  slicWatch:\n    enabled: true\n    ...\n```\n- For *CloudFormation or SAM templates*, in the `Metadata` → `slicWatch` section of the template:\n```yaml\nMetadata:\n  slicWatch:\n    enabled: true\n    ...\n```\n\n- For *CDK Stacks, the top-level SLIC Watch configuration can be set as follows.\n```typescript\nthis.templateOptions.metadata = {\n  slicWatch: {\n    enabled: true,\n    ....\n  }\n}\n```\n\n- The `alarmActionsConfig` may be optionally added to specific one or more SNS Topic destinations for all alarm status changes to `ALARM` and `OK`.  If you omit destination topics, alarms are still created but are not sent to any destination. For example:\n```yaml\nslicWatch:\n  alarmActionsConfig:\n    alarmActions: # Default to no actions\n      - arn:aws:sns:eu-west-1:123456789012\n    okActions: # Defaults to no actions\n      - arn:aws:sns:eu-west-1:123456789012\n    actionsEnabled: \n      - true # Defaults to true\n```\n- Alarms or dashboards can be disabled at any level in the configuration by adding `enabled: false`. You can even disable all plugin functionality by specifying `enabled: false` at the top-level plugin configuration.\n\nA complete set of supported options along with their defaults are shown in [default-config.js](./core/default-config.js)\n\nExample projects are also provided for reference: \n- [serverless-test-project](./serverless-test-project)\n- [sam-test-project](./sam-test-project)\n\n### Resource-level configuration\n\nAlarms and dashboards for each resource can be customised using CloudFormation metadata. This configuration will take precedence over the top-level configuration.\n\n```yaml\nResources:\n  regularQueue:\n    Type: AWS::SQS::Queue\n    Metadata:\n      slicWatch:\n        alarms:\n          InFlightMessagesPc:\n            Threshold: 95\n        dashboard:\n          ApproximateAgeOfOldestMessage:\n            yAxis: right\n          NumberOfMessagesReceived:\n            enabled: false\n```\n\nThis can be done for any CloudFormation, AWS and SAM resource. It can also be done for CDK with the following syntax.\n\n```typescript\nconst dlq = new sqs.Queue(this, 'DeadLetterQueue')\nconst cfnDlq = dlq.node.defaultChild as CfnResource\ncfnDlq.cfnOptions.metadata = {\n  slicWatch: {\n    alarms: {\n      InFlightMessagesPc: {\n        Threshold: 95\n      }\n    },\n    dashboard: {\n      ApproximateAgeOfOldestMessage: {\n        yAxis: 'right'\n      },\n      NumberOfMessagesReceived: {\n        enabled: false\n      }\n    }\n  }\n}\n```\n\n#### Serverless Framework function-level configuration\nFunction-level configuration works a bit differently for Serverless Framework functions. Here, the `slicWatch` configuration parameter is set directly on the function: For each function, add the `slicWatch` property to configure specific overrides for alarms and dashboards relating to the AWS Lambda Function resource. \n\n```yaml\nfunctions:\n  hello:\n    handler: basic-handler.hello\n    slicWatch:\n      dashboard:\n        enabled: false    # No Lambda widgets will be created for this function\n      alarms:\n        Invocations:\n          Threshold: 2  # The invocation threshold is specific to\n                        # this function's expected invocation count\n```\n\nTo disable all alarms for any given function, use:\n\n```yaml\nfunctions:\n  hello:\n    handler: basic-handler.hello\n    slicWatch:\n      alarms:\n        enabled: false\n```\n\n#### SAM/CloudFormation function-level configuration\n```yaml\nResources:\n  LambdaFunction1:\n    Type: AWS::Serverless::Function  # Can also be applied to AWS::Lambda::Function resources\n    Properties:\n      Handler: lambda1.functionHandler\n    Metadata:\n      slicWatch:\n        alarms:\n          Invocations:\n            Threshold: 3\n        dashboard:\n          enabled: true\n```\n\nTo disable all alarms for any given function, use:\n\n```yaml\nResources:\n  LambdaFunction1:\n    Type: AWS::Serverless::Function  # Can also be applied to AWS::Lambda::Function resources\n    Properties:\n      Handler: lambda1.functionHandler\n    Metadata:\n      slicWatch:\n        alarms:\n          enabled: false\n```\n\n#### CDK function-level configuration\n```typescript\nconst hello: lambda.Function;\nconst cfnFuncHello = hello.node.defaultChild as CfnResource;\ncfnFuncHello.cfnOptions.metadata = {\n  slicWatch: {\n    alarms: {\n      Invocations: {\n        Threshold: 2\n      }\n    }\n  }\n}\n```\n\n## A note on CloudWatch cost\n\nThis plugin creates additional CloudWatch resources that, apart from a limited free tier, have an associated cost.\nDepending on what you enable, SLIC Watch creates one dashboard and multiple alarms. The number of each depend on the number of resources in your stack and the number of stacks you have.\n\nCheck out the AWS [CloudWatch Pricing](https://aws.amazon.com/cloudwatch/pricing/) page to understand the cost impact of creating CloudWatch resources.\n\n## References\n\n### Other Projects\n\n1. [serverless-plugin-aws-alerts](https://www.npmjs.com/package/serverless-plugin-aws-alerts)\n2. [Real World Serverless Application - Serverless Operations](https://github.com/awslabs/realworld-serverless-application/wiki/Serverless-Operations)\n3. [CDK Watchful](https://github.com/cdklabs/cdk-watchful)\n4. [CDK Patterns - The CloudWatch Dashboard](https://github.com/cdk-patterns/serverless/blob/main/the-cloudwatch-dashboard/README.md)\n\n### Reading\n\n1. [AWS Well Architected Serverless Applications Lens](https://docs.aws.amazon.com/wellarchitected/latest/serverless-applications-lens/welcome.html)\n2. [How to Monitor Lambda with CloudWatch Metrics - Yan Cui](https://lumigo.io/serverless-monitoring-guide/how-to-monitor-lambda-with-cloudwatch-metrics/)\n\n## LICENSE\n\nApache - [LICENSE](./LICENSE)\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FfourTheorem%2Fslic-watch","html_url":"https://awesome.ecosyste.ms/projects/github.com%2FfourTheorem%2Fslic-watch","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2FfourTheorem%2Fslic-watch/lists"}