From dx-automation
Create CloudWatch alarms and SNS subscription for AI automation monitoring. Creates 4 alarms (DLQ depth, WI-Router errors, PR-Router errors, throttles) and subscribes an email address to alerts. Reads config from .ai/automation/infra.json.
npx claudepluginhub easingthemes/dx-aem-flow --plugin dx-automationThis skill uses the workspace's default tool permissions.
You create CloudWatch alarms and subscribe an email address to alerts. Wraps `lambda/cloudwatch/setup-alarms.sh` with audit logging.
Generates CloudWatch alarm configurations and provides guidance for AWS monitoring. Useful for creating alerts on metrics from EC2, Lambda, S3, and other services.
Provides AWS CloudFormation templates for CloudWatch metrics, alarms, dashboards, log groups, anomaly detection, synthesized canaries, and Application Signals for production infrastructure monitoring.
Creates alerting rules for Prometheus, Grafana, and PagerDuty with thresholds, routing, escalation, and runbooks. Useful for performance monitoring setup and refinement.
Share bugs, ideas, or general feedback.
You create CloudWatch alarms and subscribe an email address to alerts. Wraps lambda/cloudwatch/setup-alarms.sh with audit logging.
Read .ai/automation/infra.json. Check automationProfile:
consumer (or legacy pr-only/pr-delegation): "This repo uses the consumer profile — CloudWatch alarms are managed by the hub project. Do NOT configure alarms from this repo." STOP.source .ai/lib/audit.sh
export AUDIT_LOG_PREFIX=infra
Confirm monitoring config from infra.json:
monitoring.snsTopic.name — SNS topic name (<prefix>-alerts)regionIf user passed --email <address>, use it. Otherwise ask:
Alert email address? CloudWatch alarms will notify this email for DLQ depth, Lambda errors, and throttles. You'll need to confirm the subscription in your email.
cd .ai/automation
bash lambda/cloudwatch/setup-alarms.sh --email "<email>"
The script:
<prefix>-alerts (idempotent)lambda/cloudwatch/alarms.json, prefixes with resource prefix from infra.json)Report the script's output.
After the script runs, the SNS topic ARN is returned. Update infra.json:
monitoring.snsTopic.arn → the created/retrieved ARN## CloudWatch Monitoring Configured
**SNS topic:** <prefix>-alerts
**Alert email:** <email> (confirm subscription in your inbox)
| Alarm | Trigger | Severity |
|-------|---------|----------|
| <prefix>-dlq-depth | DLQ > 5 messages | Warning |
| <prefix>-lambda-errors-wi-router | WI-Router Lambda errors > 3/hour | Critical |
| <prefix>-lambda-errors-pr-router | PR-Router Lambda errors > 3/hour | Critical |
| <prefix>-lambda-throttles | Any Lambda throttled | Warning |
**infra.json** updated with SNS ARN.
**Audit log:** `.ai/logs/infra.<week>.jsonl`
### Next step
`/auto-test --dryRun` — Verify end-to-end (local dry run)
### Operational commands
- `/auto-status` — Current DLQ depth, token budget, rate limits
- `/auto-doctor` — Full health check
- See `docs/runbook.md` for alert response procedures
infra.json updated with SNS topic ARN/auto-alarms — Reads infra.json for resource prefix and SNS topic ARN. Creates 4 CloudWatch alarms: DLQ depth > 0, WI-Router errors > 5/min, PR-Router errors > 5/min, Lambda throttles > 0. Subscribes the configured email to the SNS topic. Reminds user to confirm the SNS subscription via email.
/auto-alarms team@example.com — Creates all 4 alarms and subscribes team@example.com to the SNS alert topic. Reports each alarm name and threshold. Prints reminder to check inbox for subscription confirmation.
/auto-alarms (re-run, alarms exist) — put-metric-alarm is idempotent — overwrites existing alarms with current thresholds. SNS create-topic returns the existing topic ARN. subscribe is also idempotent if the email is already subscribed. Reports all alarms as configured.
"SNS subscription confirmation not received"
Cause: The confirmation email may have gone to spam, or the email address was incorrect.
Fix: Check the spam folder. If not found, re-run /auto-alarms with the correct email — SNS will resend the confirmation. The subscription won't be active until confirmed.
Alarms not triggering despite errors
Cause: The alarm metric namespace or dimensions don't match the Lambda function names.
Fix: Verify that the function names in infra.json match the actual Lambda function names in AWS. The alarms use FunctionName dimension to filter metrics.
"Access denied" when creating alarms
Cause: The AWS credentials lack CloudWatch or SNS permissions.
Fix: Ensure the IAM user has cloudwatch:PutMetricAlarm, sns:CreateTopic, and sns:Subscribe permissions.
aws_resource wrapper