Guide · AWS
Monitor AWS Lambda (scheduled / cron) with a dead man's switch
CloudWatch shows you invocation errors, but not the invocation that never happened: a disabled EventBridge rule, a broken cron expression, a permission someone removed. A check-in catches that silence too, with one HTTPS call from inside the handler, no agent and no SDK to install.
1. Create a check
Create a check in Mortemain, set its schedule to match your EventBridge rule or Scheduler expression, and copy the ping URL:
https://ping.mortemain.com/your-check-uuid
2. Ping on success from the handler
Nothing to install: Python's standard library urllib.request can make the HTTPS call. Ping once the job logic finishes without raising:
import urllib.request PING_URL = "https://ping.mortemain.com/your-check-uuid" def handler(event, context): do_the_work() # your job urllib.request.urlopen(PING_URL, timeout=10)
On Node.js runtimes, the global fetch (Node 18+) does the same job with no dependency:
export const handler = async (event) => { await doTheWork(); // your job await fetch("https://ping.mortemain.com/your-check-uuid"); };
3. Alert immediately on failure
Wrap the work in a try/except and hit the /fail URL before re-raising. A crash or an unhandled exception then alerts right away instead of waiting for the check to go quiet:
import urllib.request PING_URL = "https://ping.mortemain.com/your-check-uuid" def handler(event, context): try: do_the_work() except Exception: urllib.request.urlopen(PING_URL + "/fail", timeout=10) raise else: urllib.request.urlopen(PING_URL, timeout=10)
A function that times out or gets OOM-killed never reaches either call, and that's fine: Mortemain alerts once the grace window passes, the same way it would for a rule that stopped firing. One thing to check first: a Lambda attached to a VPC needs a route to the internet (a NAT gateway, or a public subnet with an IGW) to reach ping.mortemain.com; without egress, even a successful run can't check in.
4. Schedule it and match the period
Trigger the function on a cron or rate expression with EventBridge Scheduler (or a classic CloudWatch Events rule):
aws scheduler create-schedule \ --name nightly-report \ --schedule-expression "cron(0 3 * * ? *)" \ --flexible-time-window '{"Mode": "OFF"}' \ --target '{"Arn": "arn:aws:lambda:eu-west-1:123456789012:function:nightly-report", "RoleArn": "arn:aws:iam::123456789012:role/scheduler-invoke-lambda"}'
Set the check's schedule to that same cron(0 3 * * ? *) expression so a disabled rule, a bad deploy, or a scheduler outage is caught, not just a code error. Want to measure how long the invocation takes? Hit …/your-check-uuid/start as the first line of the handler and Mortemain tracks the duration to the success ping.
Test it
Invoke the function once (aws lambda invoke, or trigger it manually from the console) and confirm the check flips to up. Then force an exception and confirm the /fail ping fires and the alert arrives immediately.