resource "aws_cloudwatch_metric_alarm" "lambda_errors" { alarm_name = "${var.project}-lambda-errors-${var.environment}" comparison_operator = "GreaterThanThreshold" evaluation_periods = 1 metric_name = "Errors" namespace = "AWS/Lambda" period = 300 statistic = "Sum" threshold = 5 alarm_description = "Lambda error rate exceeded - possible security incident" alarm_actions = [aws_sns_topic.security_alerts.arn] dimensions = { FunctionName = aws_lambda_function.processor.function_name } tags = local.tags } resource "aws_cloudwatch_metric_alarm" "s3_storage" { alarm_name = "${var.project}-s3-storage-${var.environment}" comparison_operator = "GreaterThanThreshold" evaluation_periods = 1 metric_name = "BucketSizeBytes" namespace = "AWS/S3" period = 86400 statistic = "Average" threshold = 4294967296 alarm_description = "S3 storage approaching 4GB free tier limit" dimensions = { BucketName = aws_s3_bucket.images.bucket StorageType = "StandardStorage" } tags = local.tags } resource "aws_cloudwatch_metric_alarm" "lambda_throttles" { alarm_name = "${var.project}-lambda-throttles-${var.environment}" comparison_operator = "GreaterThanThreshold" evaluation_periods = 1 metric_name = "Throttles" namespace = "AWS/Lambda" period = 300 statistic = "Sum" threshold = 0 alarm_description = "Lambda throttling detected - possible DoS" alarm_actions = [aws_sns_topic.security_alerts.arn] dimensions = { FunctionName = aws_lambda_function.processor.function_name } tags = local.tags } resource "aws_cloudwatch_metric_alarm" "kms_key_state" { alarm_name = "${var.project}-kms-key-state-${var.environment}" comparison_operator = "GreaterThanThreshold" evaluation_periods = 1 metric_name = "KeyState" namespace = "AWS/KMS" period = 300 statistic = "Average" threshold = 0 alarm_description = "KMS key disabled or pending deletion" alarm_actions = [aws_sns_topic.security_alerts.arn] dimensions = { KeyId = aws_kms_key.main.key_id } tags = local.tags }