@webframp/aws/alarm-investigation
v2026.04.22.1
CloudWatch alarm investigation and triage model.
Enriches CloudWatch alarms with metric activity, SNS subscription data, state-change history, and a verdict classifying each alarm as one of: healthy, stale, silent, noisy, orphaned, or unknown.
Authentication
Uses the default AWS credential chain (environment variables, shared config, instance profiles, ECS task roles). No credentials are stored in swamp.
Required IAM Permissions
{
"Effect": "Allow",
"Action": [
"cloudwatch:DescribeAlarms",
"cloudwatch:DescribeAlarmHistory",
"cloudwatch:GetMetricStatistics",
"sns:ListSubscriptionsByTopic"
],
"Resource": "*"
}Methods
investigate
Deep-dive enrichment for a single alarm by name. Fetches metric activity for
the last 24 hours, state-change history for the last 7 days, and SNS topic
subscription counts. Assigns a verdict and writes one alarm_detail resource.
swamp model method run <name> investigate alarmName="MyAlarm"triage
Fan-out enrichment across all (or filtered) alarms in the account. Writes one
alarm_detail resource per alarm plus a triage_summary resource with
aggregate verdict and state counts.
swamp model method run <name> triage
swamp model method run <name> triage stateFilter=ALARM limit=50Verdict Classifications
| Verdict | Condition |
|---|---|
| orphaned | INSUFFICIENT_DATA for > 365 days |
| silent | In ALARM with no alarm actions configured |
| stale | In ALARM for > 180 days |
| noisy | > 5 state changes in the last 7 days |
| healthy | OK, has actions, and has recent metric data points |
| unknown | None of the above patterns matched |
Repository
https://github.com/webframp/swamp-extensions
Labels
Contents
Quality score
How well-documented and verifiable this extension is.
Grade A
- Has README or module doc2/2earned
- README has a code example1/1earned
- README is substantive1/1earned
- Most symbols documented1/1earned
- No slow types1/1earned
- Has description1/1earned
- At least one platform tag (or universal)1/1earned
- Two or more platform tags (or universal)1/1earned
- License declared1/1earned
- Verified public repository2/2earned
Install
$ swamp extension pull @webframp/aws/alarm-investigationResources
CloudWatch alarm investigation and triage model. Enriches CloudWatch alarms with metric activity, SNS subscription data, state-change history, and a verdict classifying each alarm as one of: healthy, stale, silent, noisy, orphaned, or unknown. ## Authentication Uses the default AWS credential chain (environment variables, shared config, instance profiles, ECS task roles). No credentials are stored in swamp. ## Required IAM Permissions ```json { "Effect": "Allow", "Action": [ "cloudwatch:DescribeAlarms", "cloudwatch:DescribeAlarmHistory", "cloudwatch:GetMetricStatistics", "sns:ListSubscriptionsByTopic" ], "Resource": "*" } ``` ## Methods ### investigate Deep-dive enrichment for a single alarm by name. Fetches metric activity for the last 24 hours, state-change history for the last 7 days, and SNS topic subscription counts. Assigns a verdict and writes one `alarm_detail` resource. ``` swamp model method run <name> investigate alarmName="MyAlarm" ``` ### triage Fan-out enrichment across all (or filtered) alarms in the account. Writes one `alarm_detail` resource per alarm plus a `triage_summary` resource with aggregate verdict and state counts. ``` swamp model method run <name> triage swamp model method run <name> triage stateFilter=ALARM limit=50 ``` ## Verdict Classifications | Verdict | Condition | |-----------|--------------------------------------------------------------| | orphaned | INSUFFICIENT_DATA for > 365 days | | silent | In ALARM with no alarm actions configured | | stale | In ALARM for > 180 days | | noisy | > 5 state changes in the last 7 days | | healthy | OK, has actions, and has recent metric data points | | unknown | None of the above patterns matched |