AWS CloudWatch

Create incidents automatically from CloudWatch alarms via SNS.

How it works

CloudWatch Alarm → SNS Topic → POST /webhooks/{routingKey} → Runframe Incident

CloudWatch alarms publish to an SNS topic, which POSTs to Runframe's webhook endpoint. Runframe verifies the SNS signature, auto-confirms the subscription, and parses the alarm payload to create or resolve incidents.

Setup from Runframe

1. Navigate to Integrations Hub
2. Click Set up webhook next to CloudWatch
3. Copy the unique webhook URL (format: https://api.runframe.io/webhooks/{routingKey})

Setup from AWS

1. Create an SNS topic in the same region as your CloudWatch alarms
2. Add a subscription to the SNS topic:
   • Protocol: HTTPS
   • Endpoint: Your Runframe webhook URL
3. Runframe automatically confirms the SNS subscription (no manual action needed)
4. Configure your CloudWatch alarms to send notifications to the SNS topic
5. Add a service_id dimension to your metrics for automatic service routing

Field mapping

Alarm state mapping

Security

CloudWatch webhooks are verified using two layers:

1. SNS signature verification — Runframe cryptographically verifies every SNS message using the certificate-based RSA signature (supports SignatureVersion 1 and 2)
2. Routing key — The secret URL acts as an additional authentication layer

Testing

1. Create a CloudWatch alarm with a low threshold that triggers easily
2. Verify the SNS subscription is auto-confirmed (check SNS console)
3. Trigger the alarm and confirm Runframe creates an incident
4. Clear the alarm and verify the incident auto-resolves