1. Home
  2. Integrations
  3. AWS CloudWatch Integration Guide – VictorOps

AWS CloudWatch Integration Guide – VictorOps

About AWS Cloudwatch and VictorOps

The VictorOps and AWS Cloudwatch integration allows you to forward AWS Cloudwatch alerts into VictorOps to notify the correct on-call users. Create on-call schedules, rotations, and escalation policies in VictorOps, then route AWS alerts based on those parameters.

When events meet predetermined monitoring criteria, AWS sends an alert notification. Then, in the VictorOps timeline, users can route and escalate critical alert data to the correct people. With the VictorOps and AWS integration, on-call responders can collaborate in real-time around system data to reduce MTTA/MTTR and resolve incidents faster.


Versions Supported: N/A (SaaS)

VictorOps Version Required: Getting Started, Essentials, or Full-Stack

What you need to know:  This integration works with Amazon CloudWatch only.  SNS messages sent from other Amazon services will fail if sent directly to your CloudWatch endpoint in VictorOps.

Our CloudWatch integration allows you to send alerts from Amazon’s CloudWatch into your VictorOps timeline. This guide assumes that you’ve already set up CloudWatch to send alarms to a queue in SNS, and that you’re receiving them through some other means, such as email. If you need more information on how to create a new alarm please consult Amazon’s documentationNOTE: SNS Messages sent from other Amazon services will fail if sent directly to the Cloudwatch endpoint in VictorOps.

Enable AWS Cloudwatch in VictorOps

In VictorOps, select Settings >> Alert Behavior >> Integrations >> CloudWatch.

Enable cloudwatch integration VictorOps

If the integration has not yet been enabled, click the Enable Integration button to generate your endpoint URL as seen below.  Be sure to replace the “$routing_key” section with the actual routing key you intend to use. (To view or configure routing keys in VictorOps, click Alert Behavior >> Routing Keys)

AWS cloudwatch integration API key VictorOps

When pointing multiple SNS subscriptions towards VictorOps, each one should be pointed towards the same url (your AWS CloudWatch endpoint). This is key as other endpoints will not confirm the subscription. To differentiate alerts and subscriptions, leverage the routing key and alert details.

Linking VictorOps in AWS Cloudwatch

From the main AWS console page, navigate to your SNS control panel by searching for “SNS”.

Navigate to SNS control panel


From the SNS dashboard, choose Topics.

From the SNS dashboard, choose Topics.


Click on the ARN of the topic you wish to use with the VictorOps integration.  Copy the Topic ARN to your clipboard.

Click on the ARN of the topic you wish to use with the VictorOps integration


Click on Subscriptions and select Create Subscription.

Click on Subscriptions and select Create Subscription


Paste your chosen Topic ARN value, select HTTPS as the Protocol, and paste your full VictorOps provided endpoint URL (including the routing key) as the Endpoint.  When complete, click Create Subscription.

create Victorops subscription in AWS


The new subscription will display as Pending Confirmation at the bottom of your list of subscriptions.  Wait a few seconds (could be up to a minute) and then click the refresh button at the top right.

confirm AWS cloudwatch subscription for VictorOps


The subscription should now be confirmed, which means the setup is complete.

Testing the Integration

Click on the Topic ARN link for your newly created subscription.  From the Topic details page, select Publish to topic.

From the Topic details page, select Publish to topic.


Click the JSON Generator button.

click JSON generator button


Add the following payload to the Message box. (Don’t change the formatting)

{"AlarmName":"VictorOps - CloudWatch Integration TEST","NewStateValue":"ALARM","NewStateReason":"failure","StateChangeTime":"2017-12-14T01:00:00.000Z","AlarmDescription":"VictorOps - CloudWatch Integration TEST"}

Uncheck all the boxes and click Generate JSON.

generate JSON for AWS Cloudwatch VictorOps


Back on the main screen, click Publish message.

publish message on main screen


You should see a green bar display a success message.  Navigate back to VictorOps and you should see a new incident created.

VictorOps Cloudwatch incident creation example

Required and Custom Fields

For advanced users looking to tailor their Cloudwatch integration, there are a few mandates which must be considered. Alerts reaching the Cloudwatch alerting endpoint do need to have a basic form. There are three fields which must be present within the message sent from CloudWatch:

  1. AlarmName – This field can be any string and will map to the entity_id. Since the entity_id is the field used to link different alerts together, it is important maintain a consistent naming convention for each incident.
  2. NewStateValue – This field, populated by Cloudwatch, should be either “ALARM”, triggering a critical incident; or “OK” resolving an incident.
  3. StateChangeTime – This field, also populated by Cloudwatch, will map to the timestamp used in VictorOps.

Additionally, custom fields can be added to any message payload so long as the required three fields are present and valid.

Updated on June 20, 2019

Was this article helpful?

Related Articles