This assumes you have already configured the aws command line tool. If not, check out my article on Getting Started with the AWS CLI.

Cloudwatch alarms can be used to do something, such as:

• Publish message to a Simple Notifcation Service (SNS) topic
• Reboot an EC2 instance
• Auto Scale to create/start additional EC2 instances or to stop/terminate EC2 instances

When some conditiion is met, such as:

•  
• An EC2 instance has:
  • high CPU usage
  • high memory usage
  • high network usage
  • EC2 instance status check has failed (this article)
  • An EC2 instance in a Load Balancer Target Group health check returns "unhealthy"
• An ElastiCache Redis Cache Cluster has a high number of connections
• a Lambda Function has one or more errors
• Your monthy AWS Bill is estimated to exceed x

For EC2 alarms, you will need:

• The ID of one of your EC2 instances

If you have not yet created and subscribed to a Simple Notifcation Service (SNS) topic, check out my article Create Simple Notification Service (SNS) Topics using the AWS CLI. Assuming you have created and subscribed to a Simple Notifcation Service (SNS) topic, the aws sns list-topics command can be used to list your topics. 

~]$ aws sns list-topics
{
    "Topics": [
        {
            "TopicArn": "arn:aws:sns:us-east-1:123456789012:my-topic"
        }
    ]
}

The aws ec2 describe-instances command can be used to list your EC2 instances. Something like this should be returned.

~]# aws ec2 describe-instances 
{
    "Reservations": [
        {
            "Instances": [
                {
                    "InstanceId": "i-01234475cf14abcde",

Now that you have the Amazon Resource Number (ARN) of one of your Simple Notification Service (SNS) Topic and the ID of one of your EC2 instances, you can use the aws cloudwatch put-metric-alarm command to create a new cloudwatch alarm. This will not do anything with the EC2 instance. This will just create an alarm.

• Period and Evaluation Periods and Datapoints to Alarm are used to set the Alarm State, such as In Alarm. In this example:
  • --period 300 means that the EC2 instance status will be checked once every 300 seconds
  • --datapoints-to-alarm 1 means there only needs to be a single occurrence where the status check has failed for the alarm state to be set to In Alarm. This works in conjunction with Comparison Operator and Threshold and Unit. In this example, the combination of --comparison-operator  GreaterThanOrEqualToThreshold and --threshold 0.99 and --unit Average means that the evaulation is True when the status check has failed.
  • --evaulation-periods 1 means only the current occurence is evaluated to determine if the alarm state should be updated
• A message will be published to your Simple Notification Service (SNS) Topic if the status check has failed or if the Alarm has INSUFFICIENT_DATA.

It is also noteworthy that if Datapoints to Alarm were 2 and Evaluation Periods were 10, then the alarm state would be set to In Alarm if the status check has failed in 2 of the last 10 periods.

aws cloudwatch put-metric-alarm \
--alarm-name status-check-failed \
--alarm-description "Alarm when Status Check has failed" \
--namespace AWS/EC2 \
--metric-name StatusCheckFailed \
--comparison-operator GreaterThanOrEqualToThreshold \
--threshold 0.99 \
--statistic Average \
--period 300 \
--evaluation-periods 1 \
--dimensions "Name=InstanceId,Value=<your EC2 instance ID goes here, e.g. i-1234567890123456>" \
--alarm-actions <the ARN of your SNS topic>
--insufficient-data-actions <the ARN of your SNS topic>

If you want to have multiple action, such as creating an alarm and autoscaling or reboot the EC2 instance, --alarm-action will be the list of actions you want.

aws cloudwatch put-metric-alarm \
--alarm-name status-check-failed \
--alarm-description "Alarm when Status Check has failed" \
--namespace AWS/EC2 \
--metric-name StatusCheckFailed \
--comparison-operator GreaterThanOrEqualToThreshold \
--threshold 0.99 \
--statistic Average \
--period 300 \
--evaluation-periods 1 \
--dimensions "Name=InstanceId,Value=<your EC2 instance ID goes here, e.g. i-1234567890123456>" \
--alarm-actions '["<ARN of your SNS topic>","arn:aws:swf:<region goes here, e.g. us-east-1>:<your AWS account ID goes here>:action/actions/AWS_EC2.InstanceId.Reboot/1.0"]'
--insufficient-data-actions <the ARN of your SNS topic>

The aws cloudwatch list-metrics --namespace=AWS/EC2 command can be used to return metrics.

aws cloudwatch list-metrics --namespace=AWS/EC2

Something like this should be returned.

{
    "Metrics": [
        {
            "Namespace": "AWS/EC2",
            "MetricName": "DiskReadBytes",
            "Dimensions": [
                {
                    "Name": "InstanceId",
                    "Value": "i-09123475cabcd07b2"
                }
            ]
        }
    ]
}