Centralized metrics, logs, and intelligent Slack alerting for secure AWS environments.
A comprehensive observability solution that centralizes metrics, logs, and traces into a single pane of glass, and routes intelligent, human-readable alerts to Slack. It eliminates alert fatigue by parsing raw AWS JSON alerts into actionable messages.
For security operations, this ensures that critical infrastructure alarms (like GuardDuty findings or WAF blocks) are immediately visible to the response team.
CloudWatch Alarms / GuardDuty
│
▼
Amazon SNS Topic
│
▼
AWS Lambda (Alert Parser)
│
├── Parse JSON payload
├── Determine severity
└── Format Slack Block Kit
│
▼
Slack Webhook (Security Channel)
| Property | Implementation |
|---|---|
| Secure Routing | Webhook URLs are stored in AWS Secrets Manager |
| Alert Integrity | SNS topic policies restrict who can publish alerts |
| Visibility | Ensures security events are not lost in noisy logs |
Deployment at Merkaba AI Risk Management:
Used to route alerts from aws-security-compliance-automation. When an S3 bucket is auto-remediated, this alerting pipeline formats the remediation event into a clear Slack message, tagging the on-call security engineer. This reduced MTTR (Mean Time to Resolution) for infrastructure alerts from 45 minutes to under 2 minutes.
cloudpulse-ai— Deep dives into the alerts generated by this systemaws-security-compliance-automation— Source of remediation alerts
MIT License — see LICENSE for details.
Merkaba AI Risk Management security@merkabacreatives.org https://merkabacreatives.org/ai-risk