Nebulaworks Insight Content Card Background - Sonja punz metal

Nebulaworks Insight Content Card Background - Sonja punz metal

Enhancing AWS Landing Zones with Operational Monitoring and CI/CD Integration

March 20, 2024

Learn to enhance AWS Landing Zones with CloudWatch monitoring and CI/CD via GitHub Actions for improved performance and deployment automation

Recent Updates

Enhancing AWS Landing Zones with Operational Monitoring and CI/CD Integration


After establishing a secure, scalable AWS Landing Zone and automating account provisioning, the next critical steps involve setting up operational monitoring to ensure the health and performance of your environment and integrating CI/CD pipelines for automated resource deployment. This post explores how to leverage AWS services and GitHub Actions to achieve these goals.

Operational Monitoring with Amazon CloudWatch

Amazon CloudWatch is a monitoring and observability service that provides data and actionable insights to monitor your applications, respond to system-wide performance changes, optimize resource utilization, and get a unified view of operational health.

Setting Up CloudWatch Alarms with Terraform

Here’s how you can set up CloudWatch Alarms for monitoring CPU Utilization of an EC2 instance.

resource "aws_cloudwatch_metric_alarm" "high_cpu" {
  alarm_name          = "high-cpu-utilization"
  comparison_operator = "GreaterThanThreshold"
  evaluation_periods  = "2"
  metric_name         = "CPUUtilization"
  namespace           = "AWS/EC2"
  period              = "120"
  statistic           = "Average"
  threshold           = "80"
  alarm_description   = "This metric monitors ec2 cpu utilization"
  dimensions = {
    InstanceId = "i-1234567890abcdef0"
  actions_enabled = true
  alarm_actions   = [var.sns_topic_arn]

Integrating CI/CD Pipelines with GitHub Actions

CI/CD pipelines are essential for automating the testing and deployment of your code. GitHub Actions makes it easy to automate all your software workflows, now with world-class CI/CD. Build, test, and deploy your code right from GitHub.

Example GitHub Action for Terraform

Create a .github/workflows/terraform.yml file in your repository to define the CI/CD pipeline for deploying infrastructure with Terraform.

name: 'Terraform'

    - main

    name: 'Terraform'
    runs-on: ubuntu-latest

    - name: Checkout code
      uses: actions/checkout@v2

    - name: Setup Terraform
      uses: hashicorp/setup-terraform@v1
        terraform_version: 0.14.0

    - name: Terraform Init
      run: terraform init

    - name: Terraform Plan
      run: terraform plan

    - name: Terraform Apply
      if: github.ref == 'refs/heads/main' && github.event_name == 'push'
      run: terraform apply -auto-approve


Operational monitoring and CI/CD integration are crucial components of a mature AWS Landing Zone. By leveraging Amazon CloudWatch and GitHub Actions, organizations can ensure their AWS environments are both performant and resilient, while automating the deployment process to maintain agility and consistency. This guide has provided the foundational knowledge and examples to get started with these advanced practices, empowering you to build a comprehensive AWS Landing Zone that meets your operational and business needs.

For more information on AWS Landing Zones, or to speak with us about how Nebulaworks can help you leverage AWS to drive business innovation, reach out to us

Insight Authors

Nebulaworks - Wide/concrete light half gray

Looking for a partner with engineering prowess? We got you.

Learn how we've helped companies like yours.