It is important to understand and get quick alerts and alarms when VPN tunnel is down as this may lead to big loss at business end. ACME has configured automated notifications to receive when AWS VPN tunnel is down.
ACME leveraged CloudWatch to configure alarms to monitor the status of AWS VPN tunnels.
The status of an AWS VPN can be monitored through its metric data, which is automatically sent to CloudWatch. The VPN tunnel state is reported as a Boolean value in the CloudWatch metric TunnelState, where 0 indicates that the tunnel is down and 1 indicates that the tunnel is up. You can set up a CloudWatch alarm based on this CloudWatch metric to notify you when one or both VPN tunnels are down.
When the tunnel is down, CloudWatch alarm will trigger SNS topic which in turn sends mail to its subscribers. ACME has automated this process with help of CloudFormation template.
Following screenshots are self-explanatory which showcases how notifications will be triggered when VPN tunnel is down.
Once alarm is triggered SNS notification mail will be received by Network Engineer..