tf-aws-lambda-imageprocessing/terraform/cloudwatch.tf

resource "aws_cloudwatch_metric_alarm" "lambda_errors" {
  alarm_name          = "${var.project}-lambda-errors-${var.environment}"
  comparison_operator = "GreaterThanThreshold"
  evaluation_periods  = 1
  metric_name         = "Errors"
  namespace           = "AWS/Lambda"
  period              = 300
  statistic           = "Sum"
  threshold           = 5
  alarm_description   = "Lambda error rate exceeded - possible security incident"
  alarm_actions       = [aws_sns_topic.security_alerts.arn]
  dimensions          = { FunctionName = aws_lambda_function.processor.function_name }
  tags                = local.tags
}

resource "aws_cloudwatch_metric_alarm" "s3_storage" {
  alarm_name          = "${var.project}-s3-storage-${var.environment}"
  comparison_operator = "GreaterThanThreshold"
  evaluation_periods  = 1
  metric_name         = "BucketSizeBytes"
  namespace           = "AWS/S3"
  period              = 86400
  statistic           = "Average"
  threshold           = 4294967296
  alarm_description   = "S3 storage approaching 4GB free tier limit"
  dimensions = {
    BucketName  = aws_s3_bucket.images.bucket
    StorageType = "StandardStorage"
  }
  tags = local.tags
}

resource "aws_cloudwatch_metric_alarm" "lambda_throttles" {
  alarm_name          = "${var.project}-lambda-throttles-${var.environment}"
  comparison_operator = "GreaterThanThreshold"
  evaluation_periods  = 1
  metric_name         = "Throttles"
  namespace           = "AWS/Lambda"
  period              = 300
  statistic           = "Sum"
  threshold           = 0
  alarm_description   = "Lambda throttling detected - possible DoS"
  alarm_actions       = [aws_sns_topic.security_alerts.arn]
  dimensions          = { FunctionName = aws_lambda_function.processor.function_name }
  tags                = local.tags
}

resource "aws_cloudwatch_metric_alarm" "kms_key_state" {
  alarm_name          = "${var.project}-kms-key-state-${var.environment}"
  comparison_operator = "GreaterThanThreshold"
  evaluation_periods  = 1
  metric_name         = "KeyState"
  namespace           = "AWS/KMS"
  period              = 300
  statistic           = "Average"
  threshold           = 0
  alarm_description   = "KMS key disabled or pending deletion"
  alarm_actions       = [aws_sns_topic.security_alerts.arn]
  dimensions          = { KeyId = aws_kms_key.main.key_id }
  tags                = local.tags
}