Creates or updates an alarm and associates it with the specified metric. Optionally, this operation can associate one or more Amazon SNS resources with the alarm.
When this operation creates an alarm, the alarm state is immediately set to INSUFFICIENT_DATA
. The alarm is evaluated and its state is set appropriately. Any actions associated with the state are then executed.
When you update an existing alarm, its state is left unchanged, but the update completely overwrites the previous configuration of the alarm.
If you are an AWS Identity and Access Management (IAM) user, you must have Amazon EC2 permissions for some operations:
-
ec2:DescribeInstanceStatus
and ec2:DescribeInstances
for all alarms on EC2 instance status metrics
-
ec2:StopInstances
for alarms with stop actions
-
ec2:TerminateInstances
for alarms with terminate actions
-
ec2:DescribeInstanceRecoveryAttribute
and ec2:RecoverInstances
for alarms with recover actions
If you have read/write permissions for Amazon CloudWatch but not for Amazon EC2, you can still create an alarm, but the stop or terminate actions won't be performed. However, if you are later granted the required permissions, the alarm actions that you created earlier will be performed.
If you are using an IAM role (for example, an Amazon EC2 instance profile), you cannot stop or terminate the instance using alarm actions. However, you can still see the alarm state and perform any other actions such as Amazon SNS notifications or Auto Scaling policies.
If you are using temporary security credentials granted using the AWS Security Token Service (AWS STS), you cannot stop or terminate an Amazon EC2 instance using alarm actions.
Note that you must create at least one stop, terminate, or reboot alarm using the Amazon EC2 or CloudWatch console to create the EC2ActionsAccess IAM role. After this IAM role is created, you can create stop, terminate, or reboot alarms using a command-line interface or an API.
/// The quota for alarms for this customer has already been reached.
///