// Design CloudWatch alarms for Aurora/RDS fleets where instance names and roles change over time. Covers Metrics Insights multi-time-series alarms, contributor lookup, and why tags are required for cluster-scoped dynamic per-instance alerting.
[HINT] Download the complete skill directory including SKILL.md and all related files
| name | cloudwatch-dynamic-rds-alarms |
| description | Design CloudWatch alarms for Aurora/RDS fleets where instance names and roles change over time. Covers Metrics Insights multi-time-series alarms, contributor lookup, and why tags are required for cluster-scoped dynamic per-instance alerting. |
| version | 1.0.0 |
| author | Hermes Agent |
| license | MIT |
| metadata | {"hermes":{"tags":["cloudwatch","rds","aurora","alarms","metrics-insights","dynamic-alerting","tags"]}} |
Use this when the user wants alerts that keep working even if:
CloudWatch SEARCH(...) can create dynamic graphs, but cannot back alarms because it returns multiple time series.
So this approach is a dead end for dynamic per-instance alerting:
SEARCH('{AWS/RDS,DBInstanceIdentifier} ...')CloudWatch Metrics Insights alarms can monitor changing fleets without manually updating alarm definitions.
AWS docs explicitly state these queries can:
GROUP BYFor Metrics Insights alarms that monitor multiple time series, use:
DescribeAlarmContributorsThis returns the individual breaching series and identifying attributes (for example metric dimensions like DBInstanceIdentifier).
This is the clean way to enrich notifications with the exact breaching instance.
Practical finding from live testing:
AWS/RDS metrics may expose only DBInstanceIdentifierDBClusterIdentifier on instance time seriesDBInstanceIdentifier = 'notifly-db-prod%' did not work in Metrics Insights testingTherefore, if you want:
then the robust solution is to use resource tags and filter by tag.
Good tag name:
DBClusterIdentifierExample value:
notifly-db-prod-clusterWhy this tag name works well:
This must be enabled in CloudWatch before tag-based Metrics Insights alarms work.
Example CPU alarm:
SELECT MAX(CPUUtilization)
FROM SCHEMA("AWS/RDS", DBInstanceIdentifier)
WHERE tag.DBClusterIdentifier = 'notifly-db-prod-cluster'
GROUP BY DBInstanceIdentifier
ORDER BY MAX() DESC
Example FreeableMemory alarm:
SELECT MIN(FreeableMemory)
FROM SCHEMA("AWS/RDS", DBInstanceIdentifier)
WHERE tag.DBClusterIdentifier = 'notifly-db-prod-cluster'
GROUP BY DBInstanceIdentifier
ORDER BY MIN() ASC
Use SCHEMA("AWS/RDS", DBInstanceIdentifier) instead of bare FROM "AWS/RDS" for RDS instance alarms so the query analyzes only instance-level time series and avoids cluster/other dimension noise.
Do not add LIMIT to fleet coverage alarms unless deliberately monitoring only top-N series. Aurora clusters can exceed 10 instances and Metrics Insights can return up to 500 time series, so LIMIT 10 can silently drop instances and contributors.
This gives you:
Preferred flow:
DescribeAlarmContributors(AlarmName=...)DBInstanceIdentifierThis is safer than assuming the initial alarm payload includes enough contributor detail.
Writer-specific dynamic alerting is harder because writer/reader is runtime state, not just static inventory. Options then are:
If the Terraform-managed Aurora cluster and cluster instances currently have tags = {} and lifecycle.ignore_changes = [tags], then:
Example pattern:
tags = merge(
try(each.value.tags, {}),
{
DBClusterIdentifier = each.value.cluster_identifier
},
)
For incident-style dynamic RDS instance alarms, practical defaults are:
CPUUtilization > 70 for 5/5 minutes, instead of copying a noisy cluster warning like >50 for 3/3.DBInstanceClass values, estimate/measure total memory per class, and replay recent FreeableMemory history plus alarm history. For Aurora, low free memory often reflects cache/buffer use, so split the semantics:
FreeableMemory byte threshold across heterogeneous instance classes. A byte floor can be useful as warning-only visibility, but it is not equivalent to CPU percent and has different meaning on a 62 GiB reader vs a 125 GiB writer. For paging, prefer a custom FreeableMemoryPercent metric, class/tag-specific alarms, or a composite pressure signal using swap growth / latency / DB load.FreeableMemoryPercent metric in AWS/RDS. You can compute a relative value per instance with CloudWatch metric math by combining AWS/RDS.FreeableMemory with DB_PERF_INSIGHTS('RDS', '<DbiResourceId>', 'os.memory.total.avg'), e.g. 100 * freeable / (total_kb * 1024). This works for explicit per-instance alarms but does not preserve the tag-based Metrics Insights fleet query pattern because DB_PERF_INSIGHTS requires concrete DbiResourceId values and is not stored as a Metrics Insights metric. If you need both percent semantics and dynamic tag-based fleet coverage, publish a custom FreeableMemoryPercent metric with DBClusterIdentifier and DBInstanceIdentifier dimensions.GB vs GiB wording.notifly-db-prod-instance-high-cpu-usage over names containing -dynamic-; dynamic behavior is an implementation detail.GetMetricData or console.4 time series evaluated to OK.DescribeAlarmContributors and confirm contributor attributes include the instance identifier. An OK alarm can legitimately return an empty contributors list.After a dynamic fleet alarm is live, prefer a two-step decommission for old per-instance human-facing alarms:
Non-destructive alert-path removal first
aws_cloudwatch_metric_alarm resources in Terraform state.actions_enabled = false and alarm_actions = [] for redundant static alarms.0 to add, N to change, 0 to destroy.Physical deletion only with explicit destroy procedure
lifecycle.prevent_destroy = true on alarm resources.for_each entries can produce a correct-looking N to destroy plan and then fail on prevent_destroy.removed blocks do not support individual for_each instance keys such as resource.name["key"] as a destroy override.This preserves observability rollback while stopping duplicate pages.
DBClusterIdentifier as a dimension.DescribeAlarmContributors.If tagging cannot be guaranteed, use EventBridge/Lambda automation to:
But if tags are available, Metrics Insights alarms are the cleaner AWS-native solution.