Skip to main content

Using the AWS CloudWatch Logs Agent, Log Groups, and SNS Notifications

Hands-On Lab


Photo of Craig Arcuri

Craig Arcuri

AWS Training Architect II in Content





Welcome to this hands-on AWS Learning Activity in which you will learn how to configure SNS to work with CloudWatch. A common scenario is to configure CloudWatch with SNS so that when a CloudWatch Alarm occurs, technical personnel will be notified via email. This can be accomplished by creating an SNS Topic, creating a subscription to that topic, and having the appropriate personnel subscribe to that topic to receive notifications via email. Once subscribed to the topic, CloudWatch Events or Alarms can be created and linked to the topic so that any occurence of the event or topic will ultimately send and email message to any subscribers.

What are Hands-On Labs?

Hands-On Labs are scenario-based learning environments where learners can practice without consequences. Don't compromise a system or waste money on expensive downloads. Practice real-world skills without the real-world risk, no assembly required.

Using the AWS CloudWatch Logs Agent, Log Groups, and SNS Notifications


In this hands-on lab, you will learn how to configure SNS to work with CloudWatch.


Log in to the AWS Management Console using the credentials provided on the lab instructions page. Make sure you are using the us-east-1 region.

Create SNS Topic

  1. Start the nginx service:

    sudo service nginx start
  2. Enter in the password from the hands-on lab page when prompted.
  3. Go to the AWS config file like so:

    cd /etc/awslogs
    nano awslogs.conf
  4. Update the following in the awslogs.conf file:

    datetime_format = %b %d %H:%M:%S
    file = /var/log/nginx/access.log
    buffer_duration = 5000
    log_stream_name = APP_ID {instance_id}
    initial_position = end_of_file
    log_group_name = /var/log/nginx/access.log
  5. Run the following to restart the awslogs service like so:

    sudo nano awslogs.conf
    sudo service awslogs restart
  6. Open a new tab, and browse to the public IP address of the nginx server to verify that the test page loads successfully.
  7. In the AWS Management Console, navigate to the Simple Notification Service (SNS).
  8. Click Get started.
  9. On the SNS Dashboard page, click Create topic.
  10. For Topic name, type on_call_engineer and leave the Display name field blank.
  11. Click Create Topic.

Create SNS Subscription

  1. Once the topic is created, click Create subscription.

  2. In the Create subscription menu window, change the Protocol to Email.

  3. For Endpoint, type your email address.

  4. Click Create subscription.

    Note: We should see a PendingConfirmation status under the Subscription ID section.

  5. Go to your email inbox, and then locate the _AWS Notification Subscription Confirmation.

  6. Click You have chosen to subscribe to the topic to confirm the subscription.

  7. Go back to your AWS Management Console, then refresh the AWS SNS page that shows the topic details for on_call_engineer.

    Note: We should see the Subscription ID appear now.

  8. From the AWS Management Console, navigate to CloudWatch.

  9. Click Logs on the left-hand side menu.

  10. Select the radio button for the Log Group /var/log/nginx/access.log.

  11. Click Create Metric Filter.

  12. Under Filter Patter, click Show examples.

  13. Click the 400 level HTTP response: *[host, logName, user, timestamp, request, statusCode=4, size]**.

  14. Click Test Pattern.

  15. Change the statusCode from 4 to 2.

  16. Click Test Pattern.

  17. Click Assign Metric.

  18. For Metric Name, type OnCall.

  19. Click Create Filter.

  20. Click Create Alarm.

  21. In the Create Alarm menu window, underneath Alarm Threshold, type OnCallEngineer for the Name field.

  22. Leave the Description field blank.

  23. For the Whenever: OnCall filed, set is to >= 1.

  24. Click the Edit button, and then change the Period time to 1 Minute.

  25. Click + Notification.

  26. Ensure that in the Actions section, that the Whenever this alarm field is set to State is ALARM.

  27. Ensure that in the Actions section, that the Send notification to field is set to: on_call_engineer.

  28. Click Create Alarm.

    Note: The first alarm can take a few minutes to be generated, but we should receive an AWS Notifications email.


Congratulations - you've completed this hands-on lab!