Closed marksawers closed 1 year ago
I'm answering this. Per this aws doc, the service linked role has to be created once per account for any alarm to have take an ec2 action. I modified the lambda to add an ec2 action based on the alarm tag description, e.g. Ec2ActionTerminate adds a terminate action to the sns topic send.
On one of three accounts I've deployed this to so far, there is a permissions issue. On all alarm creations there is an error in the lambda logs:
I added this inline policy, retried and the alarms were created:
But then I removed the policy, it still works. Then I dropped and recreated the stack. It works. It's a head scratcher.
Any ideas?