CloudWatch Alarms and the SNS Gap
AWS CloudWatch alarms do not send directly to Slack or Microsoft Teams. CloudWatch alarm actions route through Amazon SNS (Simple Notification Service). SNS then delivers to subscribers — email, SMS, Lambda, SQS, HTTP endpoints.
This means the conventional approach to "send CloudWatch alarms to Slack" involves:
- Creating a CloudWatch alarm
- Creating an SNS topic
- Writing a Lambda function that receives the SNS event and calls the Slack webhook API
- Subscribing the Lambda to the SNS topic
For Teams, a separate Lambda must be written and maintained. Two platforms — two Lambda functions. Lambda code must be deployed, monitored, and updated when Slack or Teams webhook URLs rotate. This is significant operational overhead for what should be a simple notification routing problem.
Subscribing SNS Directly to SyncRivo
SyncRivo accepts SNS HTTP subscription requests directly. No Lambda required.
When you subscribe an SNS topic to a SyncRivo HTTPS endpoint, SNS sends a subscription confirmation request. SyncRivo automatically confirms the subscription. From that point, every SNS message (triggered by CloudWatch alarm state changes) is delivered to SyncRivo as an HTTP POST. SyncRivo parses the CloudWatch alarm payload from the SNS envelope and routes it to Slack, Teams, Webex, Google Chat, or Zoom.
Setup (10 minutes, no Lambda, no code):
- In SyncRivo, connect your Slack workspace and Microsoft Teams tenant via OAuth.
- Create a Webhook source in SyncRivo. Copy the HTTPS endpoint URL.
- In AWS Console, go to SNS → Topics. Select the SNS topic your CloudWatch alarm uses (or create a new one). Click Create subscription. Protocol: HTTPS. Endpoint: paste your SyncRivo URL. Click Create.
- SyncRivo automatically receives and confirms the SNS subscription confirmation request.
- In CloudWatch, ensure your alarm is configured to send to this SNS topic. Go to the alarm → Actions → add an SNS action pointing to your topic.
- In SyncRivo, configure routing: ALARM state → Slack #oncall + Teams #engineering simultaneously; OK state (recovery) → original alert thread on both platforms; INSUFFICIENT_DATA state → Slack only.
No Lambda, No IAM Permissions, No Deployment Pipeline
The Lambda approach to CloudWatch → Slack/Teams notification routing requires:
- Lambda function code (usually ~50 lines per platform)
- Lambda deployment (zip, upload, or CI/CD pipeline)
- Lambda execution role with SNS invoke permissions
- Lambda monitoring (failures are silent unless you set up CloudWatch Logs for the Lambda itself)
- Lambda updates when webhook URLs rotate
SyncRivo eliminates all of this. The SNS subscription confirmation handshake is automatic. The CloudWatch payload parsing is built-in. Routing rules are configured in a UI, not in code. Webhook URL updates happen in SyncRivo — the SNS subscription URL never changes.
CloudWatch Event Types Worth Routing
ALARM state (threshold breach): The primary alert event. Route to Slack for the on-call team and Teams for engineering leadership simultaneously. Include the alarm name, threshold, and current metric value in the notification.
OK state (recovery): Route to the original alert thread on both platforms. Engineers and managers both see recovery without a separate status check.
INSUFFICIENT_DATA: Often indicates a monitoring gap (agent stopped, metric stopped publishing). Route to Slack for the infrastructure team. These are not always urgent but should be tracked.
Composite alarm state change: Composite alarms aggregate multiple child alarms. A composite alarm firing means multiple subsystems are degraded simultaneously — high-urgency event. Route to both Slack and Teams with composite alarm context.
AWS Health events via EventBridge → SNS: Route AWS service health events (EC2, RDS, etc.) through the same SNS → SyncRivo pipeline. Engineering teams in Slack and infrastructure managers in Teams both receive AWS service disruption notifications without separate configurations.
For the full CloudWatch setup guide, SNS subscription configuration, and multi-region routing patterns, see the AWS CloudWatch Alerts in Slack & Teams integration guide.
Ready to connect your messaging platforms?
