How can I create an alarm to get an email if S3 does not receive any data?
I only see a metric for NumberOfObjects and BucketSizeBytes but do not now how to form a "not increasing" alarm out of it. Any help would be appreciated.
If the bucket size should always be increasing (logs are always expected to be generated at the higher rate then they expire from the bucket) you can create an alarm on the RATE of change of the BucketSizeBytes metric.
You can use metric math to define the rate of change metric: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/using-metric-math.html
Source of the corresponding graph would look like this (replace the BUCKET_NAME_GOES_HERE with your bucket and region with the region your bucket is in):
{
"metrics": [
[ { "expression": "RATE(m1)", "label": "Rate of change", "id": "e1" } ],
[ "AWS/S3", "BucketSizeBytes", "StorageType", "StandardStorage", "BucketName", "BUCKET_NAME_GOES_HERE", { "id": "m1" } ]
],
"view": "timeSeries",
"stacked": false,
"region": "us-east-1",
"stat": "Sum",
"period": 86400
}
Then create an alarm on the rate of change being 0 (bucket size not increasing) or less than 0 (bucket size dropping).
See here for more info on alarms on metric math: https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Create-alarm-on-metric-math-expression.html
Some downsides to this approach are:
Bucket metrics are published only once per day, so you won't notice the logs stopped for at least a day after it happens.
Something else could be putting data into the same bucket, making it increase in size and you wouldn't know the logs actually stopped flowing.
If these two things worry you, I'd look for a solution that monitors the CloudFront side, not the S3 side.