From 621d0fe5b7c8f697bdcfe87b5be1019924dbb5d5 Mon Sep 17 00:00:00 2001
From: Michael Pond <michael.pond@cds-snc.ca>
Date: Thu, 12 Dec 2024 10:10:33 -0500
Subject: [PATCH] making these conditional for our production rollout.  Need
 them to work on staging first only for a while [review]

---
 aws/eks/cloudwatch_alarms.tf                  |   96 +-
 aws/eks/cloudwatch_alarms_kustomize.tf        | 1016 ++++++++++
 aws/eks/cloudwatch_log.tf                     |   34 +-
 aws/eks/cloudwatch_log_kustomize.tf           |  200 ++
 aws/eks/cloudwatch_queries.tf                 |   38 +-
 aws/eks/cloudwatch_queries_kustomize.tf       |  344 ++++
 aws/eks/dashboards.tf                         |   12 +-
 aws/eks/dashboards_kustomize.tf               | 1776 +++++++++++++++++
 .../dashboards.tf                             |    4 +-
 .../dashboards_kustomize.tf                   |  671 +++++++
 10 files changed, 4099 insertions(+), 92 deletions(-)
 create mode 100644 aws/eks/cloudwatch_alarms_kustomize.tf
 create mode 100644 aws/eks/cloudwatch_log_kustomize.tf
 create mode 100644 aws/eks/cloudwatch_queries_kustomize.tf
 create mode 100644 aws/eks/dashboards_kustomize.tf
 create mode 100644 aws/pinpoint_to_sqs_sms_callbacks/dashboards_kustomize.tf

diff --git a/aws/eks/cloudwatch_alarms.tf b/aws/eks/cloudwatch_alarms.tf
index 4670222b0..0419fda6e 100644
--- a/aws/eks/cloudwatch_alarms.tf
+++ b/aws/eks/cloudwatch_alarms.tf
@@ -5,7 +5,7 @@
 # There are also alarms defined in aws/common/cloudwatch_alarms.tf
 
 resource "aws_cloudwatch_metric_alarm" "load-balancer-1-500-error-1-minute-warning" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "load-balancer-1-500-error-1-minute-warning"
   alarm_description   = "One 500 error in 1 minute"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -23,7 +23,7 @@ resource "aws_cloudwatch_metric_alarm" "load-balancer-1-500-error-1-minute-warni
 }
 
 resource "aws_cloudwatch_metric_alarm" "load-balancer-10-500-error-5-minutes-critical" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "load-balancer-10-500-error-5-minutes-critical"
   alarm_description   = "Ten 500 errors in 5 minutes"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -43,7 +43,7 @@ resource "aws_cloudwatch_metric_alarm" "load-balancer-10-500-error-5-minutes-cri
 }
 
 resource "aws_cloudwatch_metric_alarm" "load-balancer-1-502-error-1-minute-warning" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "load-balancer-1-502-error-1-minute-warning"
   alarm_description   = "One 502 error in 1 minute"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -61,7 +61,7 @@ resource "aws_cloudwatch_metric_alarm" "load-balancer-1-502-error-1-minute-warni
 }
 
 resource "aws_cloudwatch_metric_alarm" "load-balancer-10-502-error-5-minutes-critical" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "load-balancer-10-502-error-5-minutes-critical"
   alarm_description   = "Ten 502 errors in 5 minutes"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -80,7 +80,7 @@ resource "aws_cloudwatch_metric_alarm" "load-balancer-10-502-error-5-minutes-cri
 }
 
 resource "aws_cloudwatch_metric_alarm" "document-download-api-high-request-count-warning" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "document-download-api-high-request-count-warning"
   alarm_description   = "More than 300 4XX requests in 10 minutes on ${aws_alb_target_group.notification-canada-ca-document-api.name} target group"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -99,7 +99,7 @@ resource "aws_cloudwatch_metric_alarm" "document-download-api-high-request-count
 }
 
 resource "aws_cloudwatch_metric_alarm" "logs-1-celery-error-1-minute-warning" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "logs-1-celery-error-1-minute-warning"
   alarm_description   = "One Celery error in 1 minute"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -114,7 +114,7 @@ resource "aws_cloudwatch_metric_alarm" "logs-1-celery-error-1-minute-warning" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "logs-10-celery-error-1-minute-critical" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "logs-10-celery-error-1-minute-critical"
   alarm_description   = "Ten Celery errors in 1 minute"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -130,7 +130,7 @@ resource "aws_cloudwatch_metric_alarm" "logs-10-celery-error-1-minute-critical"
 }
 
 resource "aws_cloudwatch_metric_alarm" "logs-1-500-error-1-minute-warning" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "logs-1-500-error-1-minute-warning"
   alarm_description   = "One 500 error in 1 minute"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -145,7 +145,7 @@ resource "aws_cloudwatch_metric_alarm" "logs-1-500-error-1-minute-warning" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "logs-10-500-error-5-minutes-critical" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "logs-10-500-error-5-minutes-critical"
   alarm_description   = "Ten 500 errors in 5 minutes"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -161,7 +161,7 @@ resource "aws_cloudwatch_metric_alarm" "logs-10-500-error-5-minutes-critical" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "admin-pods-high-cpu-warning" {
-  count                     = var.cloudwatch_enabled ? 1 : 0
+  count                     = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name                = "admin-pods-high-cpu-warning"
   alarm_description         = "Average CPU of admin pods >=50% during 10 minutes"
   comparison_operator       = "GreaterThanOrEqualToThreshold"
@@ -182,7 +182,7 @@ resource "aws_cloudwatch_metric_alarm" "admin-pods-high-cpu-warning" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "api-pods-high-cpu-warning" {
-  count                     = var.cloudwatch_enabled ? 1 : 0
+  count                     = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name                = "api-pods-high-cpu-warning"
   alarm_description         = "Average CPU of API pods >=50% during 10 minutes"
   comparison_operator       = "GreaterThanOrEqualToThreshold"
@@ -203,7 +203,7 @@ resource "aws_cloudwatch_metric_alarm" "api-pods-high-cpu-warning" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "celery-primary-pods-high-cpu-warning" {
-  count                     = var.cloudwatch_enabled ? 1 : 0
+  count                     = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name                = "celery-primary-pods-high-cpu-warning"
   alarm_description         = "Average CPU of Primary Celery pods >=50% during 10 minutes"
   comparison_operator       = "GreaterThanOrEqualToThreshold"
@@ -224,7 +224,7 @@ resource "aws_cloudwatch_metric_alarm" "celery-primary-pods-high-cpu-warning" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "celery-scalable-pods-high-cpu-warning" {
-  count                     = var.cloudwatch_enabled ? 1 : 0
+  count                     = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name                = "celery-scalable-pods-high-cpu-warning"
   alarm_description         = "Average CPU of Scalable Celery pods >=50% during 10 minutes"
   comparison_operator       = "GreaterThanOrEqualToThreshold"
@@ -245,7 +245,7 @@ resource "aws_cloudwatch_metric_alarm" "celery-scalable-pods-high-cpu-warning" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "celery-sms-pods-high-cpu-warning" {
-  count                     = var.cloudwatch_enabled ? 1 : 0
+  count                     = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name                = "celery-sms-pods-high-cpu-warning"
   alarm_description         = "Average CPU of celery-sms pods >=50% during 10 minutes"
   comparison_operator       = "GreaterThanOrEqualToThreshold"
@@ -267,7 +267,7 @@ resource "aws_cloudwatch_metric_alarm" "celery-sms-pods-high-cpu-warning" {
 
 
 resource "aws_cloudwatch_metric_alarm" "admin-pods-high-memory-warning" {
-  count                     = var.cloudwatch_enabled ? 1 : 0
+  count                     = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name                = "admin-pods-high-memory-warning"
   alarm_description         = "Average memory of admin pods >=50% during 10 minutes"
   comparison_operator       = "GreaterThanOrEqualToThreshold"
@@ -288,7 +288,7 @@ resource "aws_cloudwatch_metric_alarm" "admin-pods-high-memory-warning" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "api-pods-high-memory-warning" {
-  count                     = var.cloudwatch_enabled ? 1 : 0
+  count                     = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name                = "api-pods-high-memory-warning"
   alarm_description         = "Average memory of API pods >=50% during 10 minutes"
   comparison_operator       = "GreaterThanOrEqualToThreshold"
@@ -309,7 +309,7 @@ resource "aws_cloudwatch_metric_alarm" "api-pods-high-memory-warning" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "celery-primary-pods-high-memory-warning" {
-  count                     = var.cloudwatch_enabled ? 1 : 0
+  count                     = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name                = "celery-primary-pods-high-memory-warning"
   alarm_description         = "Average memory of Primary Celery pods >=50% during 10 minutes"
   comparison_operator       = "GreaterThanOrEqualToThreshold"
@@ -330,7 +330,7 @@ resource "aws_cloudwatch_metric_alarm" "celery-primary-pods-high-memory-warning"
 }
 
 resource "aws_cloudwatch_metric_alarm" "celery-sms-pods-high-memory-warning" {
-  count                     = var.cloudwatch_enabled ? 1 : 0
+  count                     = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name                = "celery-sms-pods-high-memory-warning"
   alarm_description         = "Average memory of celery-sms >=50% during 10 minutes"
   comparison_operator       = "GreaterThanOrEqualToThreshold"
@@ -351,7 +351,7 @@ resource "aws_cloudwatch_metric_alarm" "celery-sms-pods-high-memory-warning" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "ddos-detected-load-balancer-critical" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "ddos-detected-load-balancer-critical"
   alarm_description   = "DDoS has been detected on the load balancer"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -370,7 +370,7 @@ resource "aws_cloudwatch_metric_alarm" "ddos-detected-load-balancer-critical" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "logs-1-malware-detected-1-minute-warning" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "logs-1-malware-detected-1-minute-warning"
   alarm_description   = "One malware detected error in 1 minute"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -385,7 +385,7 @@ resource "aws_cloudwatch_metric_alarm" "logs-1-malware-detected-1-minute-warning
 }
 
 resource "aws_cloudwatch_metric_alarm" "logs-10-malware-detected-1-minute-critical" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "logs-10-malware-detected-1-minute-critical"
   alarm_description   = "Ten malware detected errors in 1 minute"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -401,7 +401,7 @@ resource "aws_cloudwatch_metric_alarm" "logs-10-malware-detected-1-minute-critic
 }
 
 resource "aws_cloudwatch_metric_alarm" "logs-1-scanfiles-timeout-1-minute-warning" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "logs-1-scanfiles-timeout-5-minutes-warning"
   alarm_description   = "One scanfiles timeout detected error in 1 minute"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -416,7 +416,7 @@ resource "aws_cloudwatch_metric_alarm" "logs-1-scanfiles-timeout-1-minute-warnin
 }
 
 resource "aws_cloudwatch_metric_alarm" "logs-1-bounce-rate-critical" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "logs-1-bounce-rate-critical"
   alarm_description   = "Bounce rate exceeding 10% in a 12 hour period"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -431,7 +431,7 @@ resource "aws_cloudwatch_metric_alarm" "logs-1-bounce-rate-critical" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "kubernetes-failed-nodes" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "kubernetes-failed-nodes"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 1
@@ -457,7 +457,7 @@ resource "aws_cloudwatch_metric_alarm" "kubernetes-failed-nodes" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "celery-primary-replicas-unavailable" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "celery-primary-replicas-unavailable"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 2
@@ -486,7 +486,7 @@ resource "aws_cloudwatch_metric_alarm" "celery-primary-replicas-unavailable" {
 
 
 resource "aws_cloudwatch_metric_alarm" "celery-scalable-replicas-unavailable" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "celery-scalable-replicas-unavailable"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 3
@@ -514,7 +514,7 @@ resource "aws_cloudwatch_metric_alarm" "celery-scalable-replicas-unavailable" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "celery-beat-replicas-unavailable" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "celery-beat-replicas-unavailable"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 2
@@ -542,7 +542,7 @@ resource "aws_cloudwatch_metric_alarm" "celery-beat-replicas-unavailable" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "celery-sms-replicas-unavailable" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "celery-sms-replicas-unavailable"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 2
@@ -570,7 +570,7 @@ resource "aws_cloudwatch_metric_alarm" "celery-sms-replicas-unavailable" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "celery-email-send-primary-replicas-unavailable" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "celery-email-send-primary-replicas-unavailable"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 2
@@ -599,7 +599,7 @@ resource "aws_cloudwatch_metric_alarm" "celery-email-send-primary-replicas-unava
 
 
 resource "aws_cloudwatch_metric_alarm" "celery-email-send-scalable-replicas-unavailable" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "celery-email-send-scalable-replicas-unavailable"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 3
@@ -627,7 +627,7 @@ resource "aws_cloudwatch_metric_alarm" "celery-email-send-scalable-replicas-unav
 }
 
 resource "aws_cloudwatch_metric_alarm" "celery-sms-send-primary-replicas-unavailable" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "celery-sms-send-primary-replicas-unavailable"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 2
@@ -656,7 +656,7 @@ resource "aws_cloudwatch_metric_alarm" "celery-sms-send-primary-replicas-unavail
 
 
 resource "aws_cloudwatch_metric_alarm" "celery-sms-send-scalable-replicas-unavailable" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "celery-sms-send-scalable-replicas-unavailable"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 3
@@ -684,7 +684,7 @@ resource "aws_cloudwatch_metric_alarm" "celery-sms-send-scalable-replicas-unavai
 }
 
 resource "aws_cloudwatch_metric_alarm" "admin-replicas-unavailable" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "admin-replicas-unavailable"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 2
@@ -712,7 +712,7 @@ resource "aws_cloudwatch_metric_alarm" "admin-replicas-unavailable" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "api-replicas-unavailable" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "api-replicas-unavailable"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 2
@@ -740,7 +740,7 @@ resource "aws_cloudwatch_metric_alarm" "api-replicas-unavailable" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "documentation-replicas-unavailable" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "documentation-replicas-unavailable"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 2
@@ -768,7 +768,7 @@ resource "aws_cloudwatch_metric_alarm" "documentation-replicas-unavailable" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "document-download-api-replicas-unavailable" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "document-download-api-replicas-unavailable"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 2
@@ -796,7 +796,7 @@ resource "aws_cloudwatch_metric_alarm" "document-download-api-replicas-unavailab
 }
 
 resource "aws_cloudwatch_metric_alarm" "api-evicted-pods" {
-  count                     = var.cloudwatch_enabled ? 1 : 0
+  count                     = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name                = "evicted-api-pods-detected"
   alarm_description         = "One or more Kubernetes API Pods is reporting as Evicted"
   comparison_operator       = "GreaterThanOrEqualToThreshold"
@@ -813,7 +813,7 @@ resource "aws_cloudwatch_metric_alarm" "api-evicted-pods" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "celery-evicted-pods" {
-  count                     = var.cloudwatch_enabled ? 1 : 0
+  count                     = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name                = "evicted-celery-pods-detected"
   alarm_description         = "One or more Kubernetes Celery Pods is reporting as Evicted"
   comparison_operator       = "GreaterThanOrEqualToThreshold"
@@ -830,7 +830,7 @@ resource "aws_cloudwatch_metric_alarm" "celery-evicted-pods" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "admin-evicted-pods" {
-  count                     = var.cloudwatch_enabled ? 1 : 0
+  count                     = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name                = "evicted-admin-pods-detected"
   alarm_description         = "One or more Kubernetes Admin Pods is reporting as Evicted"
   comparison_operator       = "GreaterThanOrEqualToThreshold"
@@ -847,7 +847,7 @@ resource "aws_cloudwatch_metric_alarm" "admin-evicted-pods" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "document-download-evicted-pods" {
-  count                     = var.cloudwatch_enabled ? 1 : 0
+  count                     = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name                = "evicted-document-download-pods-detected"
   alarm_description         = "One or more Kubernetes Document Download Pods is reporting as Evicted"
   comparison_operator       = "GreaterThanOrEqualToThreshold"
@@ -864,7 +864,7 @@ resource "aws_cloudwatch_metric_alarm" "document-download-evicted-pods" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "documentation-evicted-pods" {
-  count                     = var.cloudwatch_enabled ? 1 : 0
+  count                     = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name                = "evicted-documentation-pods-detected"
   alarm_description         = "One or more Kubernetes Documentation Pods is reporting as Evicted"
   comparison_operator       = "GreaterThanOrEqualToThreshold"
@@ -881,7 +881,7 @@ resource "aws_cloudwatch_metric_alarm" "documentation-evicted-pods" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "karpenter-replicas-unavailable" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "karpenter-replicas-unavailable"
   comparison_operator = "GreaterThanOrEqualToThreshold"
   evaluation_periods  = 2
@@ -909,7 +909,7 @@ resource "aws_cloudwatch_metric_alarm" "karpenter-replicas-unavailable" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "aggregating-queues-not-active-1-minute-warning" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "aggregating-queues-not-active-1-minute-warning"
   alarm_description   = "Beat inbox tasks have not been active for one minute"
   comparison_operator = "LessThanThreshold"
@@ -924,7 +924,7 @@ resource "aws_cloudwatch_metric_alarm" "aggregating-queues-not-active-1-minute-w
 }
 
 resource "aws_cloudwatch_metric_alarm" "aggregating-queues-not-active-5-minutes-critical" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "aggregating-queues-not-active-5-minutes-critical"
   alarm_description   = "Beat inbox tasks have not been active for 5 minutes"
   comparison_operator = "LessThanThreshold"
@@ -940,7 +940,7 @@ resource "aws_cloudwatch_metric_alarm" "aggregating-queues-not-active-5-minutes-
 }
 
 resource "aws_cloudwatch_metric_alarm" "service-callback-too-many-failures-warning" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "service-callback-too-many-failures-warning"
   alarm_description   = "Service reached the max number of callback retries 25 times in 5 minutes"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -955,7 +955,7 @@ resource "aws_cloudwatch_metric_alarm" "service-callback-too-many-failures-warni
 }
 
 resource "aws_cloudwatch_metric_alarm" "service-callback-too-many-failures-critical" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "service-callback-too-many-failures-critical"
   alarm_description   = "Service reached the max number of callback retries 100 times in 10 minutes"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -970,7 +970,7 @@ resource "aws_cloudwatch_metric_alarm" "service-callback-too-many-failures-criti
 }
 
 resource "aws_cloudwatch_metric_alarm" "throttling-exception-warning" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "throttling-exception-warning"
   alarm_description   = "Have received a throttling exception in the last minute"
   comparison_operator = "GreaterThanOrEqualToThreshold"
@@ -985,7 +985,7 @@ resource "aws_cloudwatch_metric_alarm" "throttling-exception-warning" {
 }
 
 resource "aws_cloudwatch_metric_alarm" "many-throttling-exceptions-warning" {
-  count               = var.cloudwatch_enabled ? 1 : 0
+  count               = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   alarm_name          = "many-throttling-exceptions-warning"
   alarm_description   = "Have received 100 throttling exception in the last minute"
   comparison_operator = "GreaterThanOrEqualToThreshold"
diff --git a/aws/eks/cloudwatch_alarms_kustomize.tf b/aws/eks/cloudwatch_alarms_kustomize.tf
new file mode 100644
index 000000000..134f568a8
--- /dev/null
+++ b/aws/eks/cloudwatch_alarms_kustomize.tf
@@ -0,0 +1,1016 @@
+# Note to maintainers:
+# Updating alarms? Update the Google Sheet also!
+# https://docs.google.com/spreadsheets/d/1gkrL3Trxw0xEkX724C1bwpfeRsTlK2X60wtCjF6MFRA/edit
+#
+# There are also alarms defined in aws/common/cloudwatch_alarms.tf
+
+resource "aws_cloudwatch_metric_alarm" "load-balancer-1-500-error-1-minute-warning" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "load-balancer-1-500-error-1-minute-warning"
+  alarm_description   = "One 500 error in 1 minute"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = "HTTPCode_ELB_500_Count"
+  namespace           = "AWS/ApplicationELB"
+  period              = 60
+  statistic           = "Sum"
+  threshold           = 1
+  alarm_actions       = [var.sns_alert_warning_arn]
+  treat_missing_data  = "notBreaching"
+  dimensions = {
+    LoadBalancer = aws_alb.notification-canada-ca.arn_suffix
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "load-balancer-10-500-error-5-minutes-critical" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "load-balancer-10-500-error-5-minutes-critical"
+  alarm_description   = "Ten 500 errors in 5 minutes"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = "HTTPCode_ELB_500_Count"
+  namespace           = "AWS/ApplicationELB"
+  period              = 300
+  statistic           = "Sum"
+  threshold           = 10
+  alarm_actions       = [var.sns_alert_critical_arn]
+  ok_actions          = [var.sns_alert_critical_arn]
+  treat_missing_data  = "notBreaching"
+
+  dimensions = {
+    LoadBalancer = aws_alb.notification-canada-ca.arn_suffix
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "load-balancer-1-502-error-1-minute-warning" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "load-balancer-1-502-error-1-minute-warning"
+  alarm_description   = "One 502 error in 1 minute"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = "HTTPCode_ELB_502_Count"
+  namespace           = "AWS/ApplicationELB"
+  period              = 60
+  statistic           = "Sum"
+  threshold           = 1
+  alarm_actions       = [var.sns_alert_warning_arn]
+  treat_missing_data  = "notBreaching"
+  dimensions = {
+    LoadBalancer = aws_alb.notification-canada-ca.arn_suffix
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "load-balancer-10-502-error-5-minutes-critical" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "load-balancer-10-502-error-5-minutes-critical"
+  alarm_description   = "Ten 502 errors in 5 minutes"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = "HTTPCode_ELB_502_Count"
+  namespace           = "AWS/ApplicationELB"
+  period              = 300
+  statistic           = "Sum"
+  threshold           = 10
+  alarm_actions       = [var.sns_alert_critical_arn]
+  ok_actions          = [var.sns_alert_critical_arn]
+  treat_missing_data  = "notBreaching"
+  dimensions = {
+    LoadBalancer = aws_alb.notification-canada-ca.arn_suffix
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "document-download-api-high-request-count-warning" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "document-download-api-high-request-count-warning"
+  alarm_description   = "More than 300 4XX requests in 10 minutes on ${aws_alb_target_group.notification-canada-ca-document-api.name} target group"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = "HTTPCode_Target_4XX_Count"
+  namespace           = "AWS/ApplicationELB"
+  period              = 60 * 10
+  statistic           = "Sum"
+  threshold           = 300
+  alarm_actions       = [var.sns_alert_warning_arn]
+  treat_missing_data  = "notBreaching"
+  dimensions = {
+    LoadBalancer = aws_alb.notification-canada-ca.arn_suffix
+    TargetGroup  = aws_alb_target_group.notification-canada-ca-document-api.arn_suffix
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "logs-1-celery-error-1-minute-warning" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "logs-1-celery-error-1-minute-warning"
+  alarm_description   = "One Celery error in 1 minute"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = aws_cloudwatch_log_metric_filter.celery-error[0].metric_transformation[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.celery-error[0].metric_transformation[0].namespace
+  period              = 60
+  statistic           = "Sum"
+  threshold           = 1
+  treat_missing_data  = "notBreaching"
+  alarm_actions       = [var.sns_alert_warning_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "logs-10-celery-error-1-minute-critical" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "logs-10-celery-error-1-minute-critical"
+  alarm_description   = "Ten Celery errors in 1 minute"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = aws_cloudwatch_log_metric_filter.celery-error[0].metric_transformation[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.celery-error[0].metric_transformation[0].namespace
+  period              = 60
+  statistic           = "Sum"
+  threshold           = 10
+  treat_missing_data  = "notBreaching"
+  alarm_actions       = [var.sns_alert_critical_arn]
+  ok_actions          = [var.sns_alert_critical_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "logs-1-500-error-1-minute-warning" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "logs-1-500-error-1-minute-warning"
+  alarm_description   = "One 500 error in 1 minute"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = aws_cloudwatch_log_metric_filter.web-500-errors[0].metric_transformation[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.web-500-errors[0].metric_transformation[0].namespace
+  period              = 60
+  statistic           = "Sum"
+  threshold           = 1
+  treat_missing_data  = "notBreaching"
+  alarm_actions       = [var.sns_alert_warning_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "logs-10-500-error-5-minutes-critical" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "logs-10-500-error-5-minutes-critical"
+  alarm_description   = "Ten 500 errors in 5 minutes"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = aws_cloudwatch_log_metric_filter.web-500-errors[0].metric_transformation[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.web-500-errors[0].metric_transformation[0].namespace
+  period              = 300
+  statistic           = "Sum"
+  threshold           = 10
+  treat_missing_data  = "notBreaching"
+  alarm_actions       = [var.sns_alert_critical_arn]
+  ok_actions          = [var.sns_alert_critical_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "admin-pods-high-cpu-warning" {
+  count                     = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name                = "admin-pods-high-cpu-warning"
+  alarm_description         = "Average CPU of admin pods >=50% during 10 minutes"
+  comparison_operator       = "GreaterThanOrEqualToThreshold"
+  evaluation_periods        = "2"
+  metric_name               = "pod_cpu_utilization"
+  namespace                 = "ContainerInsights"
+  period                    = 300
+  statistic                 = "Average"
+  threshold                 = 50
+  alarm_actions             = [var.sns_alert_warning_arn]
+  insufficient_data_actions = [var.sns_alert_warning_arn]
+  treat_missing_data        = "missing"
+  dimensions = {
+    Namespace   = "notification-canada-ca"
+    Service     = "admin"
+    ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "api-pods-high-cpu-warning" {
+  count                     = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name                = "api-pods-high-cpu-warning"
+  alarm_description         = "Average CPU of API pods >=50% during 10 minutes"
+  comparison_operator       = "GreaterThanOrEqualToThreshold"
+  evaluation_periods        = "2"
+  metric_name               = "pod_cpu_utilization"
+  namespace                 = "ContainerInsights"
+  period                    = 300
+  statistic                 = "Average"
+  threshold                 = 50
+  alarm_actions             = [var.sns_alert_warning_arn]
+  insufficient_data_actions = [var.sns_alert_warning_arn]
+  treat_missing_data        = "missing"
+  dimensions = {
+    Namespace   = "notification-canada-ca"
+    Service     = "api"
+    ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "celery-primary-pods-high-cpu-warning" {
+  count                     = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name                = "celery-primary-pods-high-cpu-warning"
+  alarm_description         = "Average CPU of Primary Celery pods >=50% during 10 minutes"
+  comparison_operator       = "GreaterThanOrEqualToThreshold"
+  evaluation_periods        = "2"
+  metric_name               = "pod_cpu_utilization"
+  namespace                 = "ContainerInsights"
+  period                    = 300
+  statistic                 = "Average"
+  threshold                 = 50
+  alarm_actions             = [var.sns_alert_warning_arn]
+  insufficient_data_actions = [var.sns_alert_warning_arn]
+  treat_missing_data        = "missing"
+  dimensions = {
+    Namespace   = "notification-canada-ca"
+    Service     = "celery-primary"
+    ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "celery-scalable-pods-high-cpu-warning" {
+  count                     = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name                = "celery-scalable-pods-high-cpu-warning"
+  alarm_description         = "Average CPU of Scalable Celery pods >=50% during 10 minutes"
+  comparison_operator       = "GreaterThanOrEqualToThreshold"
+  evaluation_periods        = "2"
+  metric_name               = "pod_cpu_utilization"
+  namespace                 = "ContainerInsights"
+  period                    = 300
+  statistic                 = "Average"
+  threshold                 = 50
+  alarm_actions             = [var.sns_alert_warning_arn]
+  insufficient_data_actions = [var.sns_alert_warning_arn]
+  treat_missing_data        = "missing"
+  dimensions = {
+    Namespace   = "notification-canada-ca"
+    Service     = "celery-scalable"
+    ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "celery-sms-pods-high-cpu-warning" {
+  count                     = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name                = "celery-sms-pods-high-cpu-warning"
+  alarm_description         = "Average CPU of celery-sms pods >=50% during 10 minutes"
+  comparison_operator       = "GreaterThanOrEqualToThreshold"
+  evaluation_periods        = "2"
+  metric_name               = "pod_cpu_utilization"
+  namespace                 = "ContainerInsights"
+  period                    = 300
+  statistic                 = "Average"
+  threshold                 = 50
+  alarm_actions             = [var.sns_alert_warning_arn]
+  insufficient_data_actions = [var.sns_alert_warning_arn]
+  treat_missing_data        = "missing"
+  dimensions = {
+    Namespace   = "notification-canada-ca"
+    Service     = "celery-sms"
+    ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+  }
+}
+
+
+resource "aws_cloudwatch_metric_alarm" "admin-pods-high-memory-warning" {
+  count                     = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name                = "admin-pods-high-memory-warning"
+  alarm_description         = "Average memory of admin pods >=50% during 10 minutes"
+  comparison_operator       = "GreaterThanOrEqualToThreshold"
+  evaluation_periods        = "2"
+  metric_name               = "pod_memory_utilization"
+  namespace                 = "ContainerInsights"
+  period                    = 300
+  statistic                 = "Average"
+  threshold                 = 50
+  alarm_actions             = [var.sns_alert_warning_arn]
+  insufficient_data_actions = [var.sns_alert_warning_arn]
+  treat_missing_data        = "missing"
+  dimensions = {
+    Namespace   = "notification-canada-ca"
+    Service     = "admin"
+    ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "api-pods-high-memory-warning" {
+  count                     = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name                = "api-pods-high-memory-warning"
+  alarm_description         = "Average memory of API pods >=50% during 10 minutes"
+  comparison_operator       = "GreaterThanOrEqualToThreshold"
+  evaluation_periods        = "2"
+  metric_name               = "pod_memory_utilization"
+  namespace                 = "ContainerInsights"
+  period                    = 300
+  statistic                 = "Average"
+  threshold                 = 50
+  alarm_actions             = [var.sns_alert_warning_arn]
+  insufficient_data_actions = [var.sns_alert_warning_arn]
+  treat_missing_data        = "missing"
+  dimensions = {
+    Namespace   = "notification-canada-ca"
+    Service     = "api"
+    ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "celery-primary-pods-high-memory-warning" {
+  count                     = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name                = "celery-primary-pods-high-memory-warning"
+  alarm_description         = "Average memory of Primary Celery pods >=50% during 10 minutes"
+  comparison_operator       = "GreaterThanOrEqualToThreshold"
+  evaluation_periods        = "2"
+  metric_name               = "pod_memory_utilization"
+  namespace                 = "ContainerInsights"
+  period                    = 300
+  statistic                 = "Average"
+  threshold                 = 50
+  alarm_actions             = [var.sns_alert_warning_arn]
+  insufficient_data_actions = [var.sns_alert_warning_arn]
+  treat_missing_data        = "missing"
+  dimensions = {
+    Namespace   = "notification-canada-ca"
+    Service     = "celery-primary"
+    ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "celery-sms-pods-high-memory-warning" {
+  count                     = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name                = "celery-sms-pods-high-memory-warning"
+  alarm_description         = "Average memory of celery-sms >=50% during 10 minutes"
+  comparison_operator       = "GreaterThanOrEqualToThreshold"
+  evaluation_periods        = "2"
+  metric_name               = "pod_memory_utilization"
+  namespace                 = "ContainerInsights"
+  period                    = 300
+  statistic                 = "Average"
+  threshold                 = 50
+  alarm_actions             = [var.sns_alert_warning_arn]
+  insufficient_data_actions = [var.sns_alert_warning_arn]
+  treat_missing_data        = "missing"
+  dimensions = {
+    Namespace   = "notification-canada-ca"
+    Service     = "celery-sms"
+    ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "ddos-detected-load-balancer-critical" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "ddos-detected-load-balancer-critical"
+  alarm_description   = "DDoS has been detected on the load balancer"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "2"
+  metric_name         = "DDoSDetected"
+  namespace           = "AWS/DDoSProtection"
+  period              = 60
+  statistic           = "Sum"
+  threshold           = 1
+  treat_missing_data  = "notBreaching"
+  alarm_actions       = [var.sns_alert_critical_arn]
+  ok_actions          = [var.sns_alert_critical_arn]
+  dimensions = {
+    ResourceArn = aws_shield_protection.notification-canada-ca.resource_arn
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "logs-1-malware-detected-1-minute-warning" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "logs-1-malware-detected-1-minute-warning"
+  alarm_description   = "One malware detected error in 1 minute"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = aws_cloudwatch_log_metric_filter.malware-detected[0].metric_transformation[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.malware-detected[0].metric_transformation[0].namespace
+  period              = 60
+  statistic           = "Sum"
+  threshold           = 1
+  treat_missing_data  = "notBreaching"
+  alarm_actions       = [var.sns_alert_warning_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "logs-10-malware-detected-1-minute-critical" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "logs-10-malware-detected-1-minute-critical"
+  alarm_description   = "Ten malware detected errors in 1 minute"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = aws_cloudwatch_log_metric_filter.malware-detected[0].metric_transformation[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.malware-detected[0].metric_transformation[0].namespace
+  period              = 60
+  statistic           = "Sum"
+  threshold           = 10
+  treat_missing_data  = "notBreaching"
+  alarm_actions       = [var.sns_alert_critical_arn]
+  ok_actions          = [var.sns_alert_critical_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "logs-1-scanfiles-timeout-1-minute-warning" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "logs-1-scanfiles-timeout-5-minutes-warning"
+  alarm_description   = "One scanfiles timeout detected error in 1 minute"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = aws_cloudwatch_log_metric_filter.scanfiles-timeout[0].metric_transformation[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.scanfiles-timeout[0].metric_transformation[0].namespace
+  period              = 60
+  statistic           = "Sum"
+  threshold           = 1
+  treat_missing_data  = "notBreaching"
+  alarm_actions       = [var.sns_alert_warning_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "logs-1-bounce-rate-critical" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "logs-1-bounce-rate-critical"
+  alarm_description   = "Bounce rate exceeding 10% in a 12 hour period"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = aws_cloudwatch_log_metric_filter.bounce-rate-critical[0].metric_transformation[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.bounce-rate-critical[0].metric_transformation[0].namespace
+  period              = 60 * 60 * 12
+  statistic           = "Sum"
+  threshold           = 1
+  treat_missing_data  = "notBreaching"
+  alarm_actions       = [var.sns_alert_warning_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "kubernetes-failed-nodes" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "kubernetes-failed-nodes"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 1
+  alarm_description   = "Kubernetes failed node anomalies"
+  #Setting to warn until we verify that it is working as expected
+  alarm_actions      = [var.sns_alert_warning_arn]
+  treat_missing_data = "notBreaching"
+  threshold          = 1
+
+  metric_query {
+    id          = "m1"
+    return_data = "true"
+    metric {
+      metric_name = "cluster_failed_node_count"
+      namespace   = "ContainerInsights"
+      period      = 300
+      stat        = "Average"
+      dimensions = {
+        Name = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+      }
+    }
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "celery-primary-replicas-unavailable" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "celery-primary-replicas-unavailable"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 2
+  alarm_description   = "Celery Primary Replicas Unavailable"
+  #Setting to warn until we verify that it is working as expected
+  alarm_actions      = [var.sns_alert_warning_arn]
+  treat_missing_data = "notBreaching"
+  threshold          = 1
+
+  metric_query {
+    id          = "m1"
+    return_data = "true"
+    metric {
+      metric_name = "kube_deployment_status_replicas_unavailable"
+      namespace   = "ContainerInsights/Prometheus"
+      period      = 300
+      stat        = "Minimum"
+      dimensions = {
+        ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+        namespace   = var.notify_k8s_namespace
+        deployment  = "celery-primary"
+      }
+    }
+  }
+}
+
+
+resource "aws_cloudwatch_metric_alarm" "celery-scalable-replicas-unavailable" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "celery-scalable-replicas-unavailable"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 3
+  alarm_description   = "Celery Scalable Replicas Unavailable"
+  #Setting to warn until we verify that it is working as expected
+  alarm_actions      = [var.sns_alert_warning_arn]
+  treat_missing_data = "notBreaching"
+  threshold          = 1
+
+  metric_query {
+    id          = "m1"
+    return_data = "true"
+    metric {
+      metric_name = "kube_deployment_status_replicas_unavailable"
+      namespace   = "ContainerInsights/Prometheus"
+      period      = 300
+      stat        = "Minimum"
+      dimensions = {
+        ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+        namespace   = var.notify_k8s_namespace
+        deployment  = "celery-scalable"
+      }
+    }
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "celery-beat-replicas-unavailable" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "celery-beat-replicas-unavailable"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 2
+  alarm_description   = "Celery Beat Replicas Unavailable"
+  #Setting to warn until we verify that it is working as expected
+  alarm_actions      = [var.sns_alert_warning_arn]
+  treat_missing_data = "notBreaching"
+  threshold          = 1
+
+  metric_query {
+    id          = "m1"
+    return_data = "true"
+    metric {
+      metric_name = "kube_deployment_status_replicas_unavailable"
+      namespace   = "ContainerInsights/Prometheus"
+      period      = 300
+      stat        = "Average"
+      dimensions = {
+        ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+        namespace   = var.notify_k8s_namespace
+        deployment  = "celery-beat"
+      }
+    }
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "celery-sms-replicas-unavailable" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "celery-sms-replicas-unavailable"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 2
+  alarm_description   = "Celery SMS Replicas Unavailable"
+  #Setting to warn until we verify that it is working as expected
+  alarm_actions      = [var.sns_alert_warning_arn]
+  treat_missing_data = "notBreaching"
+  threshold          = 1
+
+  metric_query {
+    id          = "m1"
+    return_data = "true"
+    metric {
+      metric_name = "kube_deployment_status_replicas_unavailable"
+      namespace   = "ContainerInsights/Prometheus"
+      period      = 300
+      stat        = "Average"
+      dimensions = {
+        ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+        namespace   = var.notify_k8s_namespace
+        deployment  = "celery-sms"
+      }
+    }
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "celery-email-send-primary-replicas-unavailable" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "celery-email-send-primary-replicas-unavailable"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 2
+  alarm_description   = "Celery Email Send Primary Replicas Unavailable"
+  #Setting to warn until we verify that it is working as expected
+  alarm_actions      = [var.sns_alert_warning_arn]
+  treat_missing_data = "notBreaching"
+  threshold          = 1
+
+  metric_query {
+    id          = "m1"
+    return_data = "true"
+    metric {
+      metric_name = "kube_deployment_status_replicas_unavailable"
+      namespace   = "ContainerInsights/Prometheus"
+      period      = 300
+      stat        = "Minimum"
+      dimensions = {
+        ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+        namespace   = var.notify_k8s_namespace
+        deployment  = "celery-email-send-primary"
+      }
+    }
+  }
+}
+
+
+resource "aws_cloudwatch_metric_alarm" "celery-email-send-scalable-replicas-unavailable" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "celery-email-send-scalable-replicas-unavailable"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 3
+  alarm_description   = "Celery Email Send Scalable Replicas Unavailable"
+  #Setting to warn until we verify that it is working as expected
+  alarm_actions      = [var.sns_alert_warning_arn]
+  treat_missing_data = "notBreaching"
+  threshold          = 1
+
+  metric_query {
+    id          = "m1"
+    return_data = "true"
+    metric {
+      metric_name = "kube_deployment_status_replicas_unavailable"
+      namespace   = "ContainerInsights/Prometheus"
+      period      = 300
+      stat        = "Minimum"
+      dimensions = {
+        ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+        namespace   = var.notify_k8s_namespace
+        deployment  = "celery-email-send-scalable"
+      }
+    }
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "celery-sms-send-primary-replicas-unavailable" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "celery-sms-send-primary-replicas-unavailable"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 2
+  alarm_description   = "Celery SMS Send Primary Replicas Unavailable"
+  #Setting to warn until we verify that it is working as expected
+  alarm_actions      = [var.sns_alert_warning_arn]
+  treat_missing_data = "notBreaching"
+  threshold          = 1
+
+  metric_query {
+    id          = "m1"
+    return_data = "true"
+    metric {
+      metric_name = "kube_deployment_status_replicas_unavailable"
+      namespace   = "ContainerInsights/Prometheus"
+      period      = 300
+      stat        = "Minimum"
+      dimensions = {
+        ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+        namespace   = var.notify_k8s_namespace
+        deployment  = "celery-sms-send-primary"
+      }
+    }
+  }
+}
+
+
+resource "aws_cloudwatch_metric_alarm" "celery-sms-send-scalable-replicas-unavailable" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "celery-sms-send-scalable-replicas-unavailable"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 3
+  alarm_description   = "Celery SMS Send Scalable Replicas Unavailable"
+  #Setting to warn until we verify that it is working as expected
+  alarm_actions      = [var.sns_alert_warning_arn]
+  treat_missing_data = "notBreaching"
+  threshold          = 1
+
+  metric_query {
+    id          = "m1"
+    return_data = "true"
+    metric {
+      metric_name = "kube_deployment_status_replicas_unavailable"
+      namespace   = "ContainerInsights/Prometheus"
+      period      = 300
+      stat        = "Minimum"
+      dimensions = {
+        ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+        namespace   = var.notify_k8s_namespace
+        deployment  = "celery-sms-send-scalable"
+      }
+    }
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "admin-replicas-unavailable" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "admin-replicas-unavailable"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 2
+  alarm_description   = "Notify Admin Replicas Unavailable"
+  #Setting to warn until we verify that it is working as expected
+  alarm_actions      = [var.sns_alert_warning_arn]
+  treat_missing_data = "notBreaching"
+  threshold          = 1
+
+  metric_query {
+    id          = "m1"
+    return_data = "true"
+    metric {
+      metric_name = "kube_deployment_status_replicas_unavailable"
+      namespace   = "ContainerInsights/Prometheus"
+      period      = 300
+      stat        = "Average"
+      dimensions = {
+        ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+        namespace   = var.notify_k8s_namespace
+        deployment  = "admin"
+      }
+    }
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "api-replicas-unavailable" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "api-replicas-unavailable"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 2
+  alarm_description   = "Notify K8S API Replicas Unavailable"
+  #Setting to warn until we verify that it is working as expected
+  alarm_actions      = [var.sns_alert_warning_arn]
+  treat_missing_data = "notBreaching"
+  threshold          = 1
+
+  metric_query {
+    id          = "m1"
+    return_data = "true"
+    metric {
+      metric_name = "kube_deployment_status_replicas_unavailable"
+      namespace   = "ContainerInsights/Prometheus"
+      period      = 300
+      stat        = "Average"
+      dimensions = {
+        ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+        namespace   = var.notify_k8s_namespace
+        deployment  = "api"
+      }
+    }
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "documentation-replicas-unavailable" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "documentation-replicas-unavailable"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 2
+  alarm_description   = "Notify Documentation Replicas Unavailable"
+  #Setting to warn until we verify that it is working as expected
+  alarm_actions      = [var.sns_alert_warning_arn]
+  treat_missing_data = "notBreaching"
+  threshold          = 1
+
+  metric_query {
+    id          = "m1"
+    return_data = "true"
+    metric {
+      metric_name = "kube_deployment_status_replicas_unavailable"
+      namespace   = "ContainerInsights/Prometheus"
+      period      = 300
+      stat        = "Average"
+      dimensions = {
+        ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+        namespace   = var.notify_k8s_namespace
+        deployment  = "documentation"
+      }
+    }
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "document-download-api-replicas-unavailable" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "document-download-api-replicas-unavailable"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 2
+  alarm_description   = "Notify Document Download API Replicas Unavailable"
+  #Setting to warn until we verify that it is working as expected
+  alarm_actions      = [var.sns_alert_warning_arn]
+  treat_missing_data = "notBreaching"
+  threshold          = 1
+
+  metric_query {
+    id          = "m1"
+    return_data = "true"
+    metric {
+      metric_name = "kube_deployment_status_replicas_unavailable"
+      namespace   = "ContainerInsights/Prometheus"
+      period      = 300
+      stat        = "Average"
+      dimensions = {
+        ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+        namespace   = var.notify_k8s_namespace
+        deployment  = "document-download-api"
+      }
+    }
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "api-evicted-pods" {
+  count                     = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name                = "evicted-api-pods-detected"
+  alarm_description         = "One or more Kubernetes API Pods is reporting as Evicted"
+  comparison_operator       = "GreaterThanOrEqualToThreshold"
+  evaluation_periods        = "3"
+  metric_name               = aws_cloudwatch_log_metric_filter.api-evicted-pods[0].name
+  namespace                 = aws_cloudwatch_log_metric_filter.api-evicted-pods[0].metric_transformation[0].namespace
+  period                    = "60"
+  statistic                 = "Sum"
+  threshold                 = 1
+  treat_missing_data        = "notBreaching"
+  alarm_actions             = [var.sns_alert_warning_arn]
+  ok_actions                = [var.sns_alert_warning_arn]
+  insufficient_data_actions = [var.sns_alert_warning_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "celery-evicted-pods" {
+  count                     = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name                = "evicted-celery-pods-detected"
+  alarm_description         = "One or more Kubernetes Celery Pods is reporting as Evicted"
+  comparison_operator       = "GreaterThanOrEqualToThreshold"
+  evaluation_periods        = "3"
+  metric_name               = aws_cloudwatch_log_metric_filter.celery-evicted-pods[0].name
+  namespace                 = aws_cloudwatch_log_metric_filter.celery-evicted-pods[0].metric_transformation[0].namespace
+  period                    = "60"
+  statistic                 = "Sum"
+  threshold                 = 1
+  treat_missing_data        = "notBreaching"
+  alarm_actions             = [var.sns_alert_warning_arn]
+  ok_actions                = [var.sns_alert_warning_arn]
+  insufficient_data_actions = [var.sns_alert_warning_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "admin-evicted-pods" {
+  count                     = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name                = "evicted-admin-pods-detected"
+  alarm_description         = "One or more Kubernetes Admin Pods is reporting as Evicted"
+  comparison_operator       = "GreaterThanOrEqualToThreshold"
+  evaluation_periods        = "3"
+  metric_name               = aws_cloudwatch_log_metric_filter.admin-evicted-pods[0].name
+  namespace                 = aws_cloudwatch_log_metric_filter.admin-evicted-pods[0].metric_transformation[0].namespace
+  period                    = "60"
+  statistic                 = "Sum"
+  threshold                 = 1
+  treat_missing_data        = "notBreaching"
+  alarm_actions             = [var.sns_alert_warning_arn]
+  ok_actions                = [var.sns_alert_warning_arn]
+  insufficient_data_actions = [var.sns_alert_warning_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "document-download-evicted-pods" {
+  count                     = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name                = "evicted-document-download-pods-detected"
+  alarm_description         = "One or more Kubernetes Document Download Pods is reporting as Evicted"
+  comparison_operator       = "GreaterThanOrEqualToThreshold"
+  evaluation_periods        = "3"
+  metric_name               = aws_cloudwatch_log_metric_filter.document-download-evicted-pods[0].name
+  namespace                 = aws_cloudwatch_log_metric_filter.document-download-evicted-pods[0].metric_transformation[0].namespace
+  period                    = "60"
+  statistic                 = "Sum"
+  threshold                 = 1
+  treat_missing_data        = "notBreaching"
+  alarm_actions             = [var.sns_alert_warning_arn]
+  ok_actions                = [var.sns_alert_warning_arn]
+  insufficient_data_actions = [var.sns_alert_warning_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "documentation-evicted-pods" {
+  count                     = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name                = "evicted-documentation-pods-detected"
+  alarm_description         = "One or more Kubernetes Documentation Pods is reporting as Evicted"
+  comparison_operator       = "GreaterThanOrEqualToThreshold"
+  evaluation_periods        = "3"
+  metric_name               = aws_cloudwatch_log_metric_filter.documentation-evicted-pods[0].name
+  namespace                 = aws_cloudwatch_log_metric_filter.documentation-evicted-pods[0].metric_transformation[0].namespace
+  period                    = "60"
+  statistic                 = "Sum"
+  threshold                 = 1
+  treat_missing_data        = "notBreaching"
+  alarm_actions             = [var.sns_alert_warning_arn]
+  ok_actions                = [var.sns_alert_warning_arn]
+  insufficient_data_actions = [var.sns_alert_warning_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "karpenter-replicas-unavailable" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "karpenter-replicas-unavailable"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = 2
+  alarm_description   = "Karpenter Replicas Unavailable"
+  #Setting to warn until we verify that it is working as expected
+  alarm_actions      = [var.sns_alert_warning_arn]
+  treat_missing_data = "notBreaching"
+  threshold          = 1
+
+  metric_query {
+    id          = "m1"
+    return_data = "true"
+    metric {
+      metric_name = "kube_deployment_status_replicas_unavailable"
+      namespace   = "ContainerInsights/Prometheus"
+      period      = 300
+      stat        = "Minimum"
+      dimensions = {
+        ClusterName = aws_eks_cluster.notification-canada-ca-eks-cluster.name
+        namespace   = "karpenter"
+        deployment  = "karpenter"
+      }
+    }
+  }
+}
+
+resource "aws_cloudwatch_metric_alarm" "aggregating-queues-not-active-1-minute-warning" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "aggregating-queues-not-active-1-minute-warning"
+  alarm_description   = "Beat inbox tasks have not been active for one minute"
+  comparison_operator = "LessThanThreshold"
+  evaluation_periods  = "1"
+  metric_name         = aws_cloudwatch_log_metric_filter.aggregating-queues-are-active[0].metric_transformation[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.aggregating-queues-are-active[0].metric_transformation[0].namespace
+  period              = "60"
+  statistic           = "Sum"
+  threshold           = 1
+  treat_missing_data  = "breaching"
+  alarm_actions       = [var.sns_alert_warning_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "aggregating-queues-not-active-5-minutes-critical" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "aggregating-queues-not-active-5-minutes-critical"
+  alarm_description   = "Beat inbox tasks have not been active for 5 minutes"
+  comparison_operator = "LessThanThreshold"
+  evaluation_periods  = "1"
+  metric_name         = aws_cloudwatch_log_metric_filter.aggregating-queues-are-active[0].metric_transformation[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.aggregating-queues-are-active[0].metric_transformation[0].namespace
+  period              = "300"
+  statistic           = "Sum"
+  threshold           = 1
+  treat_missing_data  = "breaching"
+  alarm_actions       = [var.sns_alert_critical_arn]
+  ok_actions          = [var.sns_alert_critical_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "github-arc-runner-error-alarm" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "github-arc-runner-error-alarm"
+  alarm_description   = "GitHub ARC Runners Are Failing"
+  comparison_operator = "LessThanThreshold"
+  evaluation_periods  = "1"
+  metric_name         = aws_cloudwatch_log_metric_filter.github-arc-runner-alarm[0].metric_transformation[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.github-arc-runner-alarm[0].metric_transformation[0].namespace
+  period              = "300"
+  statistic           = "Sum"
+  threshold           = 1
+  treat_missing_data  = "notBreaching"
+  alarm_actions       = [var.sns_alert_critical_arn]
+  ok_actions          = [var.sns_alert_critical_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "service-callback-too-many-failures-warning" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "service-callback-too-many-failures-warning"
+  alarm_description   = "Service reached the max number of callback retries 25 times in 5 minutes"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = aws_cloudwatch_log_metric_filter.callback-request-failures[0].metric_transformation[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.callback-request-failures[0].metric_transformation[0].namespace
+  period              = 60 * 5
+  statistic           = "Sum"
+  threshold           = 25
+  treat_missing_data  = "notBreaching"
+  alarm_actions       = [var.sns_alert_warning_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "service-callback-too-many-failures-critical" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "service-callback-too-many-failures-critical"
+  alarm_description   = "Service reached the max number of callback retries 100 times in 10 minutes"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = aws_cloudwatch_log_metric_filter.callback-request-failures[0].metric_transformation[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.callback-request-failures[0].metric_transformation[0].namespace
+  period              = 60 * 10
+  statistic           = "Sum"
+  threshold           = 100
+  treat_missing_data  = "notBreaching"
+  alarm_actions       = [var.sns_alert_critical_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "throttling-exception-warning" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "throttling-exception-warning"
+  alarm_description   = "Have received a throttling exception in the last minute"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = aws_cloudwatch_log_metric_filter.throttling-exceptions[0].metric_transformation[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.throttling-exceptions[0].metric_transformation[0].namespace
+  period              = 60
+  statistic           = "Sum"
+  threshold           = 1
+  treat_missing_data  = "notBreaching"
+  alarm_actions       = [var.sns_alert_warning_arn]
+}
+
+resource "aws_cloudwatch_metric_alarm" "many-throttling-exceptions-warning" {
+  count               = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  alarm_name          = "many-throttling-exceptions-warning"
+  alarm_description   = "Have received 100 throttling exception in the last minute"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "1"
+  metric_name         = aws_cloudwatch_log_metric_filter.throttling-exceptions[0].metric_transformation[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.throttling-exceptions[0].metric_transformation[0].namespace
+  period              = 60
+  statistic           = "Sum"
+  threshold           = 100
+  treat_missing_data  = "notBreaching"
+  alarm_actions       = [var.sns_alert_warning_arn]
+}
diff --git a/aws/eks/cloudwatch_log.tf b/aws/eks/cloudwatch_log.tf
index 08b72c95a..a1f324e7c 100644
--- a/aws/eks/cloudwatch_log.tf
+++ b/aws/eks/cloudwatch_log.tf
@@ -3,25 +3,25 @@
 ###
 
 resource "aws_cloudwatch_log_group" "notification-canada-ca-eks-cluster-logs" {
-  count             = var.cloudwatch_enabled ? 1 : 0
+  count             = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name              = "/aws/eks/${var.eks_cluster_name}/cluster"
   retention_in_days = var.log_retention_period_days
 }
 
 resource "aws_cloudwatch_log_group" "notification-canada-ca-eks-application-logs" {
-  count             = var.cloudwatch_enabled ? 1 : 0
+  count             = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name              = "/aws/containerinsights/${var.eks_cluster_name}/application"
   retention_in_days = var.log_retention_period_days
 }
 
 resource "aws_cloudwatch_log_group" "notification-canada-ca-eks-prometheus-logs" {
-  count             = var.cloudwatch_enabled ? 1 : 0
+  count             = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name              = "/aws/containerinsights/${var.eks_cluster_name}/prometheus"
   retention_in_days = var.log_retention_period_days
 }
 
 resource "aws_cloudwatch_log_group" "blazer" {
-  count             = var.cloudwatch_enabled ? 1 : 0
+  count             = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name              = "blazer"
   retention_in_days = 1827 # 5 years
 }
@@ -31,7 +31,7 @@ resource "aws_cloudwatch_log_group" "blazer" {
 # AWS EKS Cloudwatch log metric filters
 ###
 resource "aws_cloudwatch_log_metric_filter" "web-500-errors" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name           = "web-500-errors"
   pattern        = "\"\\\" 500 \""
   log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0].name
@@ -44,7 +44,7 @@ resource "aws_cloudwatch_log_metric_filter" "web-500-errors" {
 }
 
 resource "aws_cloudwatch_log_metric_filter" "celery-error" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name           = "celery-error"
   pattern        = "%ERROR/.*Worker|ERROR/MainProcess%"
   log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0].name
@@ -57,7 +57,7 @@ resource "aws_cloudwatch_log_metric_filter" "celery-error" {
 }
 
 resource "aws_cloudwatch_log_metric_filter" "malware-detected" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name           = "malware-detected"
   pattern        = jsonencode("Malicious content detected! Download and attachment failed")
   log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0].name
@@ -70,7 +70,7 @@ resource "aws_cloudwatch_log_metric_filter" "malware-detected" {
 }
 
 resource "aws_cloudwatch_log_metric_filter" "scanfiles-timeout" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name           = "scanfiles-timeout"
   pattern        = "Malware scan timed out for notification.id"
   log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0].name
@@ -83,7 +83,7 @@ resource "aws_cloudwatch_log_metric_filter" "scanfiles-timeout" {
 }
 
 resource "aws_cloudwatch_log_metric_filter" "bounce-rate-critical" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name           = "bounce-rate-critical"
   pattern        = "critical bounce rate threshold of 10"
   log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0].name
@@ -96,7 +96,7 @@ resource "aws_cloudwatch_log_metric_filter" "bounce-rate-critical" {
 }
 
 resource "aws_cloudwatch_log_metric_filter" "api-evicted-pods" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name           = "api-evicted-pods"
   pattern        = "{ ($.reason = \"Evicted\") && ($.kube_pod_status_reason = 1) && ($.pod = \"notify-api-*\") }"
   log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-prometheus-logs[0].name
@@ -109,7 +109,7 @@ resource "aws_cloudwatch_log_metric_filter" "api-evicted-pods" {
 }
 
 resource "aws_cloudwatch_log_metric_filter" "celery-evicted-pods" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name           = "celery-evicted-pods"
   pattern        = "{ ($.reason = \"Evicted\") && ($.kube_pod_status_reason = 1) && ($.pod = \"notify-celery-*\") }"
   log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-prometheus-logs[0].name
@@ -122,7 +122,7 @@ resource "aws_cloudwatch_log_metric_filter" "celery-evicted-pods" {
 }
 
 resource "aws_cloudwatch_log_metric_filter" "admin-evicted-pods" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name           = "admin-evicted-pods"
   pattern        = "{ ($.reason = \"Evicted\") && ($.kube_pod_status_reason = 1) && ($.pod = \"notify-admin-*\") }"
   log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-prometheus-logs[0].name
@@ -135,7 +135,7 @@ resource "aws_cloudwatch_log_metric_filter" "admin-evicted-pods" {
 }
 
 resource "aws_cloudwatch_log_metric_filter" "document-download-evicted-pods" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name           = "document-download-evicted-pods"
   pattern        = "{ ($.reason = \"Evicted\") && ($.kube_pod_status_reason = 1) && ($.pod = \"notify-document-download-*\") }"
   log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-prometheus-logs[0].name
@@ -148,7 +148,7 @@ resource "aws_cloudwatch_log_metric_filter" "document-download-evicted-pods" {
 }
 
 resource "aws_cloudwatch_log_metric_filter" "documentation-evicted-pods" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name           = "documentation-evicted-pods"
   pattern        = "{ ($.reason = \"Evicted\") && ($.kube_pod_status_reason = 1) && ($.pod = \"notify-documentation-*\") }"
   log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-prometheus-logs[0].name
@@ -161,7 +161,7 @@ resource "aws_cloudwatch_log_metric_filter" "documentation-evicted-pods" {
 }
 
 resource "aws_cloudwatch_log_metric_filter" "aggregating-queues-are-active" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name           = "aggregating-queues-are-active"
   pattern        = "Batch saving with"
   log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0].name
@@ -174,7 +174,7 @@ resource "aws_cloudwatch_log_metric_filter" "aggregating-queues-are-active" {
 }
 
 resource "aws_cloudwatch_log_metric_filter" "callback-request-failures" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name           = "callback-request-failures"
   pattern        = "send_delivery_status_to_service request failed for notification_id"
   log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0].name
@@ -187,7 +187,7 @@ resource "aws_cloudwatch_log_metric_filter" "callback-request-failures" {
 }
 
 resource "aws_cloudwatch_log_metric_filter" "throttling-exceptions" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name           = "throttling-exceptions"
   pattern        = "ThrottlingException"
   log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0].name
diff --git a/aws/eks/cloudwatch_log_kustomize.tf b/aws/eks/cloudwatch_log_kustomize.tf
new file mode 100644
index 000000000..a267156e3
--- /dev/null
+++ b/aws/eks/cloudwatch_log_kustomize.tf
@@ -0,0 +1,200 @@
+###
+# AWS EKS Cloudwatch groups
+###
+
+resource "aws_cloudwatch_log_group" "notification-canada-ca-eks-cluster-logs" {
+  count             = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name              = "/aws/eks/${var.eks_cluster_name}/cluster"
+  retention_in_days = var.log_retention_period_days
+}
+
+resource "aws_cloudwatch_log_group" "notification-canada-ca-eks-application-logs" {
+  count             = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name              = "/aws/containerinsights/${var.eks_cluster_name}/application"
+  retention_in_days = var.log_retention_period_days
+}
+
+resource "aws_cloudwatch_log_group" "notification-canada-ca-eks-prometheus-logs" {
+  count             = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name              = "/aws/containerinsights/${var.eks_cluster_name}/prometheus"
+  retention_in_days = var.log_retention_period_days
+}
+
+resource "aws_cloudwatch_log_group" "blazer" {
+  count             = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name              = "blazer"
+  retention_in_days = 1827 # 5 years
+}
+
+
+###
+# AWS EKS Cloudwatch log metric filters
+###
+resource "aws_cloudwatch_log_metric_filter" "web-500-errors" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name           = "web-500-errors"
+  pattern        = "\"\\\" 500 \""
+  log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0].name
+
+  metric_transformation {
+    name      = "500-errors"
+    namespace = "LogMetrics"
+    value     = "1"
+  }
+}
+
+resource "aws_cloudwatch_log_metric_filter" "celery-error" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name           = "celery-error"
+  pattern        = "%ERROR/.*Worker|ERROR/MainProcess%"
+  log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0].name
+
+  metric_transformation {
+    name      = "celery-error"
+    namespace = "LogMetrics"
+    value     = "1"
+  }
+}
+
+resource "aws_cloudwatch_log_metric_filter" "malware-detected" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name           = "malware-detected"
+  pattern        = jsonencode("Malicious content detected! Download and attachment failed")
+  log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0].name
+
+  metric_transformation {
+    name      = "malware-detected"
+    namespace = "LogMetrics"
+    value     = "1"
+  }
+}
+
+resource "aws_cloudwatch_log_metric_filter" "scanfiles-timeout" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name           = "scanfiles-timeout"
+  pattern        = "Malware scan timed out for notification.id"
+  log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0].name
+
+  metric_transformation {
+    name      = "scanfiles-timeout"
+    namespace = "LogMetrics"
+    value     = "1"
+  }
+}
+
+resource "aws_cloudwatch_log_metric_filter" "bounce-rate-critical" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name           = "bounce-rate-critical"
+  pattern        = "critical bounce rate threshold of 10"
+  log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0].name
+
+  metric_transformation {
+    name      = "bounce-rate-critical"
+    namespace = "LogMetrics"
+    value     = "1"
+  }
+}
+
+resource "aws_cloudwatch_log_metric_filter" "api-evicted-pods" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name           = "api-evicted-pods"
+  pattern        = "{ ($.reason = \"Evicted\") && ($.kube_pod_status_reason = 1) && ($.pod = \"notify-api-*\") }"
+  log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-prometheus-logs[0].name
+
+  metric_transformation {
+    name      = "api-evicted-pods"
+    namespace = "LogMetrics"
+    value     = "1"
+  }
+}
+
+resource "aws_cloudwatch_log_metric_filter" "celery-evicted-pods" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name           = "celery-evicted-pods"
+  pattern        = "{ ($.reason = \"Evicted\") && ($.kube_pod_status_reason = 1) && ($.pod = \"notify-celery-*\") }"
+  log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-prometheus-logs[0].name
+
+  metric_transformation {
+    name      = "celery-evicted-pods"
+    namespace = "LogMetrics"
+    value     = "1"
+  }
+}
+
+resource "aws_cloudwatch_log_metric_filter" "admin-evicted-pods" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name           = "admin-evicted-pods"
+  pattern        = "{ ($.reason = \"Evicted\") && ($.kube_pod_status_reason = 1) && ($.pod = \"notify-admin-*\") }"
+  log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-prometheus-logs[0].name
+
+  metric_transformation {
+    name      = "admin-evicted-pods"
+    namespace = "LogMetrics"
+    value     = "1"
+  }
+}
+
+resource "aws_cloudwatch_log_metric_filter" "document-download-evicted-pods" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name           = "document-download-evicted-pods"
+  pattern        = "{ ($.reason = \"Evicted\") && ($.kube_pod_status_reason = 1) && ($.pod = \"notify-document-download-*\") }"
+  log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-prometheus-logs[0].name
+
+  metric_transformation {
+    name      = "document-download-evicted-pods"
+    namespace = "LogMetrics"
+    value     = "1"
+  }
+}
+
+resource "aws_cloudwatch_log_metric_filter" "documentation-evicted-pods" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name           = "documentation-evicted-pods"
+  pattern        = "{ ($.reason = \"Evicted\") && ($.kube_pod_status_reason = 1) && ($.pod = \"notify-documentation-*\") }"
+  log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-prometheus-logs[0].name
+
+  metric_transformation {
+    name      = "documentation-evicted-pods"
+    namespace = "LogMetrics"
+    value     = "1"
+  }
+}
+
+resource "aws_cloudwatch_log_metric_filter" "aggregating-queues-are-active" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name           = "aggregating-queues-are-active"
+  pattern        = "Batch saving with"
+  log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0].name
+
+  metric_transformation {
+    name      = "aggregating-queues-are-active"
+    namespace = "LogMetrics"
+    value     = "1"
+  }
+}
+
+resource "aws_cloudwatch_log_metric_filter" "callback-request-failures" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name           = "callback-request-failures"
+  pattern        = "send_delivery_status_to_service request failed for notification_id"
+  log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0].name
+
+  metric_transformation {
+    name      = "callback-max-retry-failures"
+    namespace = "LogMetrics"
+    value     = "1"
+  }
+}
+
+resource "aws_cloudwatch_log_metric_filter" "throttling-exceptions" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name           = "throttling-exceptions"
+  pattern        = "ThrottlingException"
+  log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0].name
+
+  metric_transformation {
+    name      = "throttling-exceptions"
+    namespace = "LogMetrics"
+    value     = "1"
+  }
+}
diff --git a/aws/eks/cloudwatch_queries.tf b/aws/eks/cloudwatch_queries.tf
index d3e7f707a..4ee1b9c32 100644
--- a/aws/eks/cloudwatch_queries.tf
+++ b/aws/eks/cloudwatch_queries.tf
@@ -1,7 +1,7 @@
 ################################ CELERY FOLDER ################################
 
 resource "aws_cloudwatch_query_definition" "celery-errors" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Celery / Errors"
 
   log_group_names = [
@@ -18,7 +18,7 @@ QUERY
 }
 
 resource "aws_cloudwatch_query_definition" "celery-filter-by-job" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Celery / Filter by job"
 
   log_group_names = [
@@ -35,7 +35,7 @@ QUERY
 }
 
 resource "aws_cloudwatch_query_definition" "celery-filter-by-notification-id" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Celery / Filter by notification id"
 
   log_group_names = [
@@ -52,7 +52,7 @@ QUERY
 }
 
 resource "aws_cloudwatch_query_definition" "celery-memory-usage-by-pod" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Celery / Memory Usage By Pod"
 
   log_group_names = [
@@ -68,7 +68,7 @@ QUERY
 }
 
 resource "aws_cloudwatch_query_definition" "celery-pods-over-cpu-limit" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Celery / Pods over CPU Limit"
 
   log_group_names = [
@@ -84,7 +84,7 @@ QUERY
 }
 
 resource "aws_cloudwatch_query_definition" "celery-queues" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Celery / Queues"
 
   log_group_names = [
@@ -101,7 +101,7 @@ QUERY
 }
 
 resource "aws_cloudwatch_query_definition" "celery-starts" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Celery / Starts"
 
   log_group_names = [
@@ -118,7 +118,7 @@ QUERY
 }
 
 resource "aws_cloudwatch_query_definition" "celery-worker-exited-normally" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Celery / Worker exited normally"
 
   log_group_names = [
@@ -134,7 +134,7 @@ QUERY
 }
 
 resource "aws_cloudwatch_query_definition" "celery-worker-exited-prematurely" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Celery / Worker exited prematurely"
 
   log_group_names = [
@@ -150,7 +150,7 @@ QUERY
 }
 
 resource "aws_cloudwatch_query_definition" "celery-worker-exits-cold-vs-warm" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Celery / Worker exits, cold vs warm"
 
   log_group_names = [
@@ -168,7 +168,7 @@ QUERY
 }
 
 resource "aws_cloudwatch_query_definition" "retry-attemps-by-duration" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Celery / Retry attempts by duration"
 
   log_group_names = [
@@ -187,7 +187,7 @@ QUERY
 ################################ UNSORTED YET #################################
 
 resource "aws_cloudwatch_query_definition" "admin-50X-errors" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Admin / 50X errors"
 
   log_group_names = [
@@ -204,7 +204,7 @@ QUERY
 }
 
 resource "aws_cloudwatch_query_definition" "api-50X-errors" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "API / 50X errors"
 
   log_group_names = [
@@ -221,7 +221,7 @@ QUERY
 }
 
 resource "aws_cloudwatch_query_definition" "bounce-rate-critical" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Bounces / Critical bounces"
 
   log_group_names = [
@@ -238,7 +238,7 @@ QUERY
 }
 
 resource "aws_cloudwatch_query_definition" "bounce-rate-warning" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Bounces / Warning bounces"
 
   log_group_names = [
@@ -255,7 +255,7 @@ QUERY
 }
 
 resource "aws_cloudwatch_query_definition" "bounce-rate-warnings-and-criticals" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Bounces / Bounce warnings and criticals grouped by type"
 
   log_group_names = [
@@ -273,7 +273,7 @@ QUERY
 }
 
 resource "aws_cloudwatch_query_definition" "callback-errors-by-url" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Callbacks / Callback errors by URL"
 
   log_group_names = [
@@ -291,7 +291,7 @@ QUERY
 }
 
 resource "aws_cloudwatch_query_definition" "callback-max-retry-failures-by-service" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Callbacks / Callbacks that exceeded MaxRetries by service"
 
   log_group_names = [
@@ -310,7 +310,7 @@ QUERY
 }
 
 resource "aws_cloudwatch_query_definition" "callback-failures" {
-  count = var.cloudwatch_enabled ? 1 : 0
+  count = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   name  = "Callbacks / Callback errors by notification_id"
 
   log_group_names = [
diff --git a/aws/eks/cloudwatch_queries_kustomize.tf b/aws/eks/cloudwatch_queries_kustomize.tf
new file mode 100644
index 000000000..a7d0b9cce
--- /dev/null
+++ b/aws/eks/cloudwatch_queries_kustomize.tf
@@ -0,0 +1,344 @@
+################################ CELERY FOLDER ################################
+
+resource "aws_cloudwatch_query_definition" "celery-errors" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Celery / Errors"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, log, kubernetes.container_name as app, kubernetes.pod_name as pod_name, @logStream
+| filter kubernetes.container_name like /^celery/
+| filter @message like /ERROR\/.*Worker/ or @message like /ERROR\/MainProcess/
+| sort @timestamp desc
+| limit 20
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "celery-filter-by-job" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Celery / Filter by job"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, log, kubernetes.labels.app as app, kubernetes.pod_name as pod_name, @logStream
+| filter kubernetes.labels.app like /^celery/
+| filter @message like /0d58e195-d6ae-4fe3-aa73-064ff106972b/
+| sort @timestamp desc
+| limit 20
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "celery-filter-by-notification-id" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Celery / Filter by notification id"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, log, kubernetes.container_name as app, kubernetes.pod_name as pod_name, @logStream
+| filter kubernetes.container_name like /^celery/
+| filter @message like /notification_id/
+| sort @timestamp desc
+| limit 20
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "celery-memory-usage-by-pod" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Celery / Memory Usage By Pod"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, @message, @logStream, @log, PodName, kubernetes.pod_name, pod_memory_usage
+| filter kubernetes.pod_name = "<pod-name>"
+| sort @timestamp desc
+| stats avg(pod_memory_utilization_over_pod_limit) by bin(30s)
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "celery-pods-over-cpu-limit" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Celery / Pods over CPU Limit"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, @message, @logStream, @log, PodName, kubernetes.pod_name, pod_memory_usage
+| filter kubernetes.pod_name = "<pod-name>"
+| sort @timestamp desc
+| stats avg(pod_cpu_utilization_over_pod_limit) by bin(30s)
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "celery-queues" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Celery / Queues"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, log, kubernetes.labels.app as app, kubernetes.pod_name as pod_name, @logStream
+| filter kubernetes.labels.app like /^celery/
+| filter @message like /queue for delivery/
+| sort @timestamp desc
+| limit 20
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "celery-starts" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Celery / Starts"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, log, kubernetes.labels.app as app, kubernetes.pod_name as pod_name, @logStream
+| filter kubernetes.container_name like /^celery/
+| filter @message like /Notify config/
+| sort @timestamp desc
+| stats count
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "celery-worker-exited-normally" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Celery / Worker exited normally"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, log, kubernetes.container_name as app, kubernetes.pod_name as pod_name, @logStream
+| filter kubernetes.container_name like /^celery/
+| filter @message like /Warm shutdown/
+| sort @timestamp desc
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "celery-worker-exited-prematurely" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Celery / Worker exited prematurely"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, log, kubernetes.container_name as app, kubernetes.pod_name as pod_name, @logStream
+| filter kubernetes.container_name like /^celery/
+| filter @message like /Task handler raised error: WorkerLostError\('Worker exited prematurely/
+| sort @timestamp desc
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "celery-worker-exits-cold-vs-warm" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Celery / Worker exits, cold vs warm"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, log, kubernetes.container_name as app, kubernetes.pod_name as pod_name, @logStream
+| filter kubernetes.container_name like /^celery/
+| parse "Warm shutdown" as @warm
+| parse "Worker exited prematurely" as @cold
+| filter ispresent(@warm) or ispresent(@cold)
+| stats count(@warm) as warm, count(@cold) as cold by bin(15m)
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "retry-attemps-by-duration" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Celery / Retry attempts by duration"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, log, kubernetes.container_name as app, kubernetes.pod_name as pod_name, @logStream
+| filter kubernetes.container_name like /^celery/
+| filter @message like /Retry in/
+| parse @message /Retry in (?<retry_duration>\d+s)/
+| stats count() by retry_duration
+QUERY
+}
+
+################################ UNSORTED YET #################################
+
+resource "aws_cloudwatch_query_definition" "admin-50X-errors" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Admin / 50X errors"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, log, kubernetes.container_name as app, kubernetes.pod_name as pod_name, @logStream
+| filter kubernetes.container_name like /admin/
+| filter @message like /HTTP\/\d+\.\d+\\" 50\d/
+| sort @timestamp desc
+| limit 20
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "api-50X-errors" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "API / 50X errors"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, log, kubernetes.container_name as app, kubernetes.pod_name as pod_name, @logStream
+| filter kubernetes.container_name like /api/
+| filter @message like /HTTP\/\d+\.\d+\\" 50\d/
+| sort @timestamp desc
+| limit 20
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "bounce-rate-critical" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Bounces / Critical bounces"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, log, kubernetes.container_name as app, kubernetes.pod_name as pod_name, @logStream
+| filter kubernetes.container_name like /^celery-email-send-*/
+| filter @message like "critical bounce rate threshold of 10"
+| sort @timestamp desc
+| limit 20
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "bounce-rate-warning" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Bounces / Warning bounces"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, log, kubernetes.container_name as app, kubernetes.pod_name as pod_name, @logStream
+| filter kubernetes.container_name like /^celery-email-send-*/
+| filter @message like "warning bounce rate threshold of 5"
+| sort @timestamp desc
+| limit 20
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "bounce-rate-warnings-and-criticals" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Bounces / Bounce warnings and criticals grouped by type"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, @service_id, @bounce_type
+| filter kubernetes.container_name like /^celery-email-send-*/
+| filter @message like /bounce rate threshold of/
+| parse @message "Service: * has met or exceeded a * bounce rate" as @service_id, @bounce_type
+| stats count(*) by @service_id, @bounce_type
+| limit 100
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "callback-errors-by-url" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Callbacks / Callback errors by URL"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, log, kubernetes.container_name as app, kubernetes.pod_name as pod_name, @logStream
+| filter kubernetes.container_name like /^celery/
+| filter @message like /send_delivery_status_to_service request failed for notification_id/
+| parse log "to url: * service: * exc:" as @url, @service_id
+| stats count() as failed_callbacks by @url, @service_id
+| order by failed_callbacks desc
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "callback-max-retry-failures-by-service" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Callbacks / Callbacks that exceeded MaxRetries by service"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, @service_id, @callback_url, @notification_id
+| filter kubernetes.container_name like /^celery/
+| filter @message like /send_delivery_status_to_service has retried the max num of times for callback url/
+| parse @message 'Retry: send_delivery_status_to_service has retried the max num of times for callback url * and notification_id: * service: *' as @callback_url, @notification_id, @service_id
+| sort @timestamp desc
+| stats count(@service_id) by @service_id, bin(30m)
+| limit 10000
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "callback-failures" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "Callbacks / Callback errors by notification_id"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, @notification_id, @url, @error
+| filter kubernetes.container_name like /^celery/
+| filter @message like /send_delivery_status_to_service request failed for notification_id:/
+| parse @message 'send_delivery_status_to_service request failed for notification_id: * and url: * service: * exc: *' as @notification_id, @url, @service_id, @error
+| limit 10000
+QUERY
+}
+
+resource "aws_cloudwatch_query_definition" "gh-arc-errors" {
+  count = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  name  = "CICD / GitHub ARC Errors"
+
+  log_group_names = [
+    local.eks_application_log_group
+  ]
+
+  query_string = <<QUERY
+fields @timestamp, @message, @logStream, @log
+| filter @message like /ERR|Exception/
+| filter kubernetes.namespace_name = "github-arc-controller"
+| sort @timestamp desc
+| limit 100
+QUERY
+}
diff --git a/aws/eks/dashboards.tf b/aws/eks/dashboards.tf
index 3cddc0a55..d7f48289c 100644
--- a/aws/eks/dashboards.tf
+++ b/aws/eks/dashboards.tf
@@ -1,5 +1,5 @@
 resource "aws_cloudwatch_dashboard" "notify_system" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   dashboard_name = "Notify-System-Overview"
   dashboard_body = <<EOF
 {
@@ -577,7 +577,7 @@ EOF
 }
 
 resource "aws_cloudwatch_dashboard" "elb" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   dashboard_name = "Elastic-Load-Balancers"
   dashboard_body = <<EOF
 {
@@ -876,7 +876,7 @@ EOF
 }
 
 resource "aws_cloudwatch_dashboard" "errors" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   dashboard_name = "Errors"
   dashboard_body = <<EOF
 {
@@ -945,7 +945,7 @@ EOF
 }
 
 resource "aws_cloudwatch_dashboard" "kubernetes" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   dashboard_name = "Kubernetes"
   dashboard_body = <<EOF
 {
@@ -1085,7 +1085,7 @@ EOF
 }
 
 resource "aws_cloudwatch_dashboard" "new-slo" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   dashboard_name = "New-SLO"
   dashboard_body = <<EOF
 {
@@ -1346,7 +1346,7 @@ EOF
 }
 
 resource "aws_cloudwatch_dashboard" "slos" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   dashboard_name = "SLOs"
   dashboard_body = <<EOF
 {
diff --git a/aws/eks/dashboards_kustomize.tf b/aws/eks/dashboards_kustomize.tf
new file mode 100644
index 000000000..4f85b62ac
--- /dev/null
+++ b/aws/eks/dashboards_kustomize.tf
@@ -0,0 +1,1776 @@
+resource "aws_cloudwatch_dashboard" "notify_system" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  dashboard_name = "Notify-System-Overview"
+  dashboard_body = <<EOF
+{
+    "widgets": [
+        {
+            "height": 4,
+            "width": 6,
+            "y": 3,
+            "x": 18,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "ContainerInsights/Prometheus", "kube_deployment_status_replicas_available", "namespace", "notification-canada-ca", "ClusterName", "${aws_eks_cluster.notification-canada-ca-eks-cluster.name}", "deployment", "celery-email-send-primary", { "region": "${var.region}", "label": "celery-email-send-primary" } ],
+                    [ "ContainerInsights/Prometheus", "kube_deployment_status_replicas_available", "namespace", "notification-canada-ca", "ClusterName", "${aws_eks_cluster.notification-canada-ca-eks-cluster.name}", "deployment", "celery-email-send-scalable", { "region": "${var.region}", "label": "celery-email-send-scalable" } ]
+                ],
+                "sparkline": true,
+                "view": "singleValue",
+                "region": "${var.region}",
+                "title": "celery-email-send",
+                "period": 60,
+                "stat": "Maximum"
+            }
+        },
+        {
+            "height": 4,
+            "width": 4,
+            "y": 17,
+            "x": 8,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/Lambda", "Invocations", "FunctionName", "api-lambda", { "region": "${var.region}", "color": "#b088f5", "label": "Calls / min" } ]
+                ],
+                "sparkline": true,
+                "view": "singleValue",
+                "region": "${var.region}",
+                "title": "API Lambda Invocations",
+                "period": 60,
+                "stat": "Sum"
+            }
+        },
+        {
+            "height": 6,
+            "width": 16,
+            "y": 22,
+            "x": 8,
+            "type": "log",
+            "properties": {
+                "query": "SOURCE '/aws/containerinsights/${aws_eks_cluster.notification-canada-ca-eks-cluster.name}/application' | fields @timestamp as Time, kubernetes.container_name as Deployment, log\n| filter kubernetes.container_name like /^celery/\n| filter @message like /ERROR\\/.*Worker/ or @message like /ERROR\\/MainProcess/ \n| sort @timestamp desc\n",
+                "region": "${var.region}",
+                "stacked": false,
+                "title": "Celery Errors",
+                "view": "table"
+            }
+        },
+        {
+            "height": 4,
+            "width": 8,
+            "y": 3,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ { "expression": "FILL(METRICS(), 0)", "label": "emails /", "id": "e1", "region": "${var.region}" } ],
+                    [ "AWS/SES", "Send", { "region": "${var.region}", "id": "m1", "color": "#08aad2", "visible": false, "label": "min" } ]
+                ],
+                "view": "singleValue",
+                "stacked": false,
+                "region": "${var.region}",
+                "period": 60,
+                "stat": "Sum",
+                "title": "Email Send Rate Per Minute",
+                "legend": {
+                    "position": "hidden"
+                },
+                "liveData": false,
+                "sparkline": true
+            }
+        },
+        {
+            "height": 4,
+            "width": 4,
+            "y": 8,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ { "expression": "FILL(METRICS(), 0)", "label": "SMS /", "id": "e1", "region": "${var.region}" } ],
+                    [ "AWS/SNS", "NumberOfNotificationsDelivered", "PhoneNumber", "PhoneNumberDirect", { "region": "${var.region}", "color": "#08aad2", "id": "m1", "visible": false, "label": "min" } ]
+                ],
+                "view": "singleValue",
+                "stacked": false,
+                "region": "${var.region}",
+                "period": 60,
+                "stat": "Sum",
+                "title": "SNS/SMS Send Rate Per Minute",
+                "legend": {
+                    "position": "hidden"
+                },
+                "sparkline": true
+            }
+        },
+        {
+            "type": "metric",
+            "x": 4,
+            "y": 8,
+            "width": 4,
+            "height": 4,
+            "properties": {
+                "metrics": [
+                    [ { "expression": "FILL(METRICS(), 0)", "label": "Pinpoint /", "id": "e1", "region": "${var.region}", "period": 60 } ],
+                    [ "LogMetrics", "pinpoint-sms-successes", { "region": "${var.region}", "label": "min", "id": "m1", "visible": false } ]
+                ],
+                "view": "singleValue",
+                "stacked": true,
+                "region": "${var.region}",
+                "stat": "Sum",
+                "period": 60,
+                "title": "Pinpoint Send Rate Per Minute",
+                "sparkline": true
+            }
+        },
+        {
+            "height": 4,
+            "width": 9,
+            "y": 17,
+            "x": 15,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "ContainerInsights/Prometheus", "kube_deployment_status_replicas_available", "namespace", "notification-canada-ca", "ClusterName", "${aws_eks_cluster.notification-canada-ca-eks-cluster.name}", "deployment", "admin", { "label": "admin", "region": "${var.region}", "color": "#69ae34" } ],
+                    [ "...", "document-download-api", { "region": "${var.region}", "label": "document-download-api" } ],
+                    [ "...", "documentation", { "region": "${var.region}", "label": "documentation" } ],
+                    [ "...", "api", { "region": "${var.region}", "label": "api-k8s" } ]
+                ],
+                "sparkline": true,
+                "view": "singleValue",
+                "region": "${var.region}",
+                "title": "Application pods",
+                "period": 60,
+                "stat": "Maximum"
+            }
+        },
+        {
+            "height": 2,
+            "width": 24,
+            "y": 0,
+            "x": 0,
+            "type": "alarm",
+            "properties": {
+                "title": "Alarms going off",
+                "alarms": [
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:sqs-priority-queue-delay-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:logs-10-celery-error-1-minute-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:sqs-${var.sqs_send_sms_low_queue_name}-queue-delay-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:expired-inflight-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:sqs-priority-db-tasks-stuck-in-queue-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:sqs-${var.sqs_send_sms_medium_queue_name}-queue-delay-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:logs-10-error-5-minutes-critical-lambda-api",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:sqs-${var.sqs_send_sms_high_queue_name}-queue-delay-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:no-emails-sent-5-minutes-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:healtheck-page-slow-response-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:load-balancer-10-502-error-5-minutes-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:logs-10-500-error-5-minutes-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:logs-1-critical-bounce-rate-1-minute-warning",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:ses-bounce-rate-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:ses-complaint-rate-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:redis-elasticache-high-db-memory-critical-CacheCluster002",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:redis-elasticache-high-db-memory-critical-CacheCluster001",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:redis-elasticache-high-db-memory-critical-CacheCluster003",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:sqs-send-throttled-sms-tasks-receive-rate-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:sns-spending-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:logs-10-malware-detected-1-minute-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:lambda-image-sns-delivery-receipts-errors-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:logs-10-500-error-5-minutes-critical-sns_to_sqs_sms_callbacks-api",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:logs-10-500-error-5-minutes-critical-ses_to_sqs_email_callbacks-500-errors-api",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:lambda-ses-delivery-receipts-errors-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:sqs-sms-stuck-in-queue-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:sns-sms-success-rate-canadian-numbers-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:ddos-detected-load-balancer-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:inflights-not-being-processed-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:sqs-bulk-queue-delay-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:bulk-buffer-not-being-processed-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:normal-inflights-not-being-processed-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:bulk-inflights-not-being-processed-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:priority-inflights-not-being-processed-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:normal_bulk-buffer-not-being-processed-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:priority_bulk-buffer-not-being-processed-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:bulk_bulk-buffer-not-being-processed-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:sqs-bulk-db-tasks-stuck-in-queue-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:sqs-normal-db-tasks-stuck-in-queue-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:sqs-db-tasks-stuck-in-queue-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:logs-10-500-error-5-minutes-critical-heartbeat-api",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:sqs-throttled-sms-stuck-in-queue-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:sign-in-3-500-error-15-minutes-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:contact-3-500-error-15-minutes-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:load-balancer-10-500-error-5-minutes-critical"
+                ],
+                "states": [
+                    "ALARM"
+                ]
+            }
+        },
+        {
+            "height": 4,
+            "width": 3,
+            "y": 17,
+            "x": 12,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "ContainerInsights", "cluster_node_count", "ClusterName", "${aws_eks_cluster.notification-canada-ca-eks-cluster.name}", { "color": "#dfb52c", "label": "Node Count", "region": "${var.region}" } ]
+                ],
+                "sparkline": true,
+                "view": "singleValue",
+                "region": "${var.region}",
+                "stat": "Maximum",
+                "period": 60,
+                "title": "Nodes"
+            }
+        },
+        {
+            "height": 1,
+            "width": 24,
+            "y": 2,
+            "x": 0,
+            "type": "text",
+            "properties": {
+                "markdown": "# Email ([Dashboard](https://${var.region}.console.aws.amazon.com/cloudwatch/home?region=${var.region}#dashboards/dashboard/Emails))"
+            }
+        },
+        {
+            "height": 1,
+            "width": 24,
+            "y": 7,
+            "x": 0,
+            "type": "text",
+            "properties": {
+                "markdown": "# SMS ([SNS Dashboard](https://${var.region}.console.aws.amazon.com/cloudwatch/home?region=${var.region}#dashboards/dashboard/SMS) - [Pinpoint Dashboard](https://${var.region}.console.aws.amazon.com/cloudwatch/home?region=${var.region}#dashboards/dashboard/SMS-Pinpoint))"
+            }
+        },
+        {
+            "height": 1,
+            "width": 24,
+            "y": 12,
+            "x": 0,
+            "type": "text",
+            "properties": {
+                "markdown": "# Other"
+            }
+        },
+        {
+            "height": 4,
+            "width": 10,
+            "y": 3,
+            "x": 8,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/SQS", "ApproximateAgeOfOldestMessage", "QueueName", "${var.celery_queue_prefix}${var.sqs_send_email_high_queue_name}", { "region": "${var.region}", "label": "High" } ],
+                    [ "...", "${var.celery_queue_prefix}${var.sqs_send_email_medium_queue_name}", { "region": "${var.region}", "label": "Medium" } ],
+                    [ "...", "${var.celery_queue_prefix}${var.sqs_send_email_low_queue_name}", { "region": "${var.region}", "label": "Low" } ]
+                ],
+                "view": "singleValue",
+                "stacked": false,
+                "region": "${var.region}",
+                "title": "SQS queues delays over time",
+                "period": 60,
+                "stat": "Maximum",
+                "sparkline": true
+            }
+        },
+        {
+            "height": 4,
+            "width": 10,
+            "y": 8,
+            "x": 8,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/SQS", "ApproximateAgeOfOldestMessage", "QueueName", "${var.celery_queue_prefix}${var.sqs_send_sms_high_queue_name}", { "region": "${var.region}", "label": "High" } ],
+                    [ "...", "${var.celery_queue_prefix}${var.sqs_send_sms_medium_queue_name}", { "region": "${var.region}", "label": "Medium" } ],
+                    [ "...", "${var.celery_queue_prefix}${var.sqs_send_sms_low_queue_name}", { "region": "${var.region}", "label": "Low" } ]
+                ],
+                "view": "singleValue",
+                "stacked": false,
+                "region": "${var.region}",
+                "title": "SQS queues delays over time",
+                "period": 60,
+                "stat": "Maximum",
+                "sparkline": true
+            }
+        },
+        {
+            "height": 6,
+            "width": 8,
+            "y": 22,
+            "x": 0,
+            "type": "log",
+            "properties": {
+                "query": "SOURCE '/aws/containerinsights/${aws_eks_cluster.notification-canada-ca-eks-cluster.name}/application' | fields @timestamp, log, kubernetes.container_name as app, kubernetes.pod_name as pod_name, @logStream\n| filter kubernetes.container_name like /^celery/\n| fields strcontains(@message, 'ERROR') as is_error\n| stats sum(is_error) as errors by bin(1m)\n",
+                "region": "${var.region}",
+                "stacked": false,
+                "title": "Celery errors",
+                "view": "timeSeries"
+            }
+        },
+        {
+            "height": 6,
+            "width": 8,
+            "y": 34,
+            "x": 0,
+            "type": "log",
+            "properties": {
+                "query": "SOURCE '/aws/containerinsights/${aws_eks_cluster.notification-canada-ca-eks-cluster.name}/application' | fields @timestamp, log, kubernetes.container_name as app, kubernetes.pod_name as pod_name, @logStream\n| filter kubernetes.container_name not like /^celery/\n| fields @message like /HTTP\\/\\d+\\.\\d+\\\\\" 50\\d/ as is_error\n| stats sum(is_error) as errors by bin(1m)\n",
+                "region": "${var.region}",
+                "stacked": false,
+                "title": "500s",
+                "view": "timeSeries"
+            }
+        },
+        {
+            "height": 6,
+            "width": 16,
+            "y": 34,
+            "x": 8,
+            "type": "log",
+            "properties": {
+                "query": "SOURCE '/aws/containerinsights/${aws_eks_cluster.notification-canada-ca-eks-cluster.name}/application' | fields @timestamp, log, kubernetes.container_name as app, kubernetes.pod_name as pod_name, @logStream\n| filter kubernetes.container_name not like /celery/\n| filter @message like /HTTP\\/\\d+\\.\\d+\\\\\" 50\\d/\n| sort @timestamp desc\n| limit 20\n",
+                "region": "${var.region}",
+                "stacked": false,
+                "title": "500s",
+                "view": "table"
+            }
+        },
+        {
+            "height": 4,
+            "width": 6,
+            "y": 13,
+            "x": 18,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "ContainerInsights/Prometheus", "kube_deployment_status_replicas_available", "namespace", "notification-canada-ca", "ClusterName", "${aws_eks_cluster.notification-canada-ca-eks-cluster.name}", "deployment", "celery-primary", { "region": "${var.region}", "label": "celery-primary" } ],
+                    [ "...", "celery-scalable", { "region": "${var.region}", "label": "celery-scalable" } ]
+                ],
+                "sparkline": true,
+                "view": "singleValue",
+                "region": "${var.region}",
+                "title": "celery",
+                "period": 60,
+                "stat": "Maximum"
+            }
+        },
+        {
+            "height": 4,
+            "width": 6,
+            "y": 8,
+            "x": 18,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "ContainerInsights/Prometheus", "kube_deployment_status_replicas_available", "namespace", "notification-canada-ca", "ClusterName", "${aws_eks_cluster.notification-canada-ca-eks-cluster.name}", "deployment", "celery-sms-send-primary", { "region": "${var.region}", "label": "celery-sms-send-primary" } ],
+                    [ "...", "celery-sms-send-scalable", { "region": "${var.region}", "label": "celery-sms-send-scalable" } ]
+                ],
+                "sparkline": true,
+                "view": "singleValue",
+                "region": "${var.region}",
+                "title": "celery-sms-send",
+                "period": 60,
+                "stat": "Maximum"
+            }
+        },
+        {
+            "height": 4,
+            "width": 10,
+            "y": 13,
+            "x": 8,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/SQS", "ApproximateAgeOfOldestMessage", "QueueName", "${var.celery_queue_prefix}delivery-receipts", { "region": "${var.region}", "label": "Delay", "id": "m1" } ],
+                    [ { "expression": "m2 + m3", "label": "Number delayed", "id": "e1", "region": "${var.region}" } ],
+                    [ "AWS/SQS", "ApproximateNumberOfMessagesVisible", "QueueName", "${var.celery_queue_prefix}delivery-receipts", { "region": "${var.region}", "label": "ApproximateNumberOfMessagesVisible", "id": "m2", "visible": false } ],
+                    [ ".", "ApproximateNumberOfMessagesNotVisible", ".", ".", { "region": "${var.region}", "id": "m3", "visible": false } ]
+                ],
+                "view": "singleValue",
+                "stacked": false,
+                "region": "${var.region}",
+                "title": "Delivery processing delays",
+                "period": 60,
+                "stat": "Maximum",
+                "sparkline": true
+            }
+        },
+        {
+            "height": 6,
+            "width": 16,
+            "y": 28,
+            "x": 8,
+            "type": "log",
+            "properties": {
+                "query": "SOURCE '/aws/lambda/api-lambda' | fields @timestamp, @message, @logStream\n| filter levelname like /ERROR/\n| sort @timestamp desc\n",
+                "region": "${var.region}",
+                "stacked": false,
+                "title": "API lambda errors",
+                "view": "table"
+            }
+        },
+        {
+            "height": 1,
+            "width": 24,
+            "y": 21,
+            "x": 0,
+            "type": "text",
+            "properties": {
+                "markdown": "# Errors"
+            }
+        },
+        {
+            "height": 4,
+            "width": 4,
+            "y": 13,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ { "expression": "SELECT AVG(node_cpu_utilization) FROM SCHEMA(ContainerInsights, ClusterName) GROUP BY NodeName", "label": "Node CPU Usage", "id": "q1", "region": "${var.region}" } ]
+                ],
+                "view": "timeSeries",
+                "region": "${var.region}",
+                "yAxis": {
+                    "left": {
+                        "min": 0,
+                        "max": 100,
+                        "showUnits": false
+                    },
+                    "right": {
+                        "showUnits": false
+                    }
+                },
+                "stat": "Average",
+                "period": 60,
+                "legend": {
+                    "position": "hidden"
+                },
+                "title": "Average Node CPU Usage",
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "color": "#fe6e73",
+                            "value": 80,
+                            "fill": "above"
+                        },
+                        {
+                            "color": "#dfb52c",
+                            "value": 25,
+                            "fill": "below"
+                        },
+                        [
+                            {
+                                "color": "#69ae34",
+                                "value": 80
+                            },
+                            {
+                                "value": 25,
+                                "label": ""
+                            }
+                        ]
+                    ]
+                },
+                "setPeriodToTimeRange": false,
+                "sparkline": true,
+                "trend": true,
+                "stacked": false
+            }
+        },
+        {
+            "height": 4,
+            "width": 4,
+            "y": 13,
+            "x": 4,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ { "expression": "SELECT AVG(node_memory_utilization) FROM SCHEMA(ContainerInsights, ClusterName) GROUP BY NodeName", "label": "Node CPU Usage", "id": "q1", "region": "${var.region}" } ]
+                ],
+                "view": "timeSeries",
+                "region": "${var.region}",
+                "yAxis": {
+                    "left": {
+                        "min": 0,
+                        "max": 100,
+                        "showUnits": false
+                    }
+                },
+                "stat": "Average",
+                "period": 60,
+                "legend": {
+                    "position": "hidden"
+                },
+                "title": "Average Node Memory Usage",
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "color": "#fe6e73",
+                            "value": 80,
+                            "fill": "above"
+                        },
+                        {
+                            "color": "#dfb52c",
+                            "value": 25,
+                            "fill": "below"
+                        },
+                        [
+                            {
+                                "color": "#69ae34",
+                                "value": 80
+                            },
+                            {
+                                "value": 25,
+                                "label": ""
+                            }
+                        ]
+                    ]
+                },
+                "stacked": false
+            }
+        },
+        {
+            "height": 6,
+            "width": 8,
+            "y": 28,
+            "x": 0,
+            "type": "log",
+            "properties": {
+                "query": "SOURCE '/aws/lambda/api-lambda' | fields @timestamp, @message, @logStream\n| fields levelname like /ERROR/ as is_error\n| stats sum(is_error) as errors by bin(1m)",
+                "region": "${var.region}",
+                "stacked": false,
+                "title": "API lambda errors",
+                "view": "timeSeries"
+            }
+        },
+        {
+            "height": 4,
+            "width": 8,
+            "y": 17,
+            "x": 0,
+            "type": "log",
+            "properties": {
+                "query": "SOURCE '/aws/containerinsights/${aws_eks_cluster.notification-canada-ca-eks-cluster.name}/application' | filter kubernetes.container_name like /^celery/\n| filter @message like /send_delivery_status_to_service request failed for notification_id/\n| parse log \"to url: https://* service: * exc: * \" as endpoint, service_id, error\n| stats count() as fails by service_id, endpoint, error\n| display fails, service_id, error, endpoint\n| order by fails desc\n",
+                "region": "${var.region}",
+                "stacked": false,
+                "title": "Failed Service Callbacks",
+                "view": "table"
+            }
+        },
+        {
+            "type": "log",
+            "height": 5,
+            "width": 12,
+            "y": 21,
+            "x": 0,
+            "properties": {
+                "query": "SOURCE '/aws/containerinsights/${aws_eks_cluster.notification-canada-ca-eks-cluster.name}/application' | fields @timestamp, @message, @logStream, @log,log_processed.firstTimestamp as timestamp, log_processed.involvedObject.name as pod, log_processed.involvedObject.namespace as namespace, log_processed.reason as reason, log_processed.type as level\n| filter kubernetes.container_name like /k8s-event-logger/\n| filter log_processed.involvedObject.kind like /Pod/\n| filter log_processed.type not like /Normal/\n| display timestamp, pod, namespace, reason, level\n| sort @timestamp desc\n| limit 100",
+                "region": "${var.region}",
+                "stacked": false,
+                "view": "table",
+                "title": "Abnormal Kubernetes Events"
+            }
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_cloudwatch_dashboard" "elb" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  dashboard_name = "Elastic-Load-Balancers"
+  dashboard_body = <<EOF
+{
+    "widgets": [
+        {
+            "height": 5,
+            "width": 8,
+            "y": 0,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "region": "${var.region}",
+                "metrics": [
+                    [ "AWS/ApplicationELB", "RequestCount", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "Sum", "id": "m0r0" } ]
+                ],
+                "title": "Request Count Sum",
+                "copilot": true,
+                "legend": {
+                    "position": "bottom"
+                }
+            }
+        },
+        {
+            "height": 5,
+            "width": 8,
+            "y": 0,
+            "x": 8,
+            "type": "metric",
+            "properties": {
+                "region": "${var.region}",
+                "metrics": [
+                    [ "AWS/ApplicationELB", "HTTPCode_ELB_5XX_Count", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "Sum", "id": "m0r0" } ]
+                ],
+                "title": "HTTP 5XX Count",
+                "copilot": true,
+                "legend": {
+                    "position": "bottom"
+                }
+            }
+        },
+        {
+            "height": 5,
+            "width": 8,
+            "y": 0,
+            "x": 16,
+            "type": "metric",
+            "properties": {
+                "region": "${var.region}",
+                "metrics": [
+                    [ "AWS/ApplicationELB", "ActiveConnectionCount", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "Sum", "id": "m0r0" } ]
+                ],
+                "title": "Active Connection Count Sum",
+                "copilot": true,
+                "legend": {
+                    "position": "bottom"
+                }
+            }
+        },
+        {
+            "height": 5,
+            "width": 8,
+            "y": 5,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "region": "${var.region}",
+                "metrics": [
+                    [ "AWS/ApplicationELB", "ClientTLSNegotiationErrorCount", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "Sum", "id": "m0r0" } ]
+                ],
+                "title": "Client TLS Negotiation Error Count Sum",
+                "copilot": true,
+                "legend": {
+                    "position": "bottom"
+                }
+            }
+        },
+        {
+            "height": 5,
+            "width": 8,
+            "y": 5,
+            "x": 8,
+            "type": "metric",
+            "properties": {
+                "region": "${var.region}",
+                "metrics": [
+                    [ "AWS/ApplicationELB", "ConsumedLCUs", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "Average", "id": "m0r0" } ]
+                ],
+                "title": "Consumed LC Us Average",
+                "copilot": true,
+                "legend": {
+                    "position": "bottom"
+                }
+            }
+        },
+        {
+            "height": 5,
+            "width": 8,
+            "y": 5,
+            "x": 16,
+            "type": "metric",
+            "properties": {
+                "region": "${var.region}",
+                "metrics": [
+                    [ "AWS/ApplicationELB", "HTTP_Fixed_Response_Count", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "Sum", "id": "m0r0" } ]
+                ],
+                "title": "HTTP Fixed Response Count Sum",
+                "copilot": true,
+                "legend": {
+                    "position": "bottom"
+                }
+            }
+        },
+        {
+            "height": 5,
+            "width": 8,
+            "y": 10,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "region": "${var.region}",
+                "metrics": [
+                    [ "AWS/ApplicationELB", "HTTP_Redirect_Count", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "Sum", "id": "m0r0" } ]
+                ],
+                "title": "HTTP Redirect Count Sum",
+                "copilot": true,
+                "legend": {
+                    "position": "bottom"
+                }
+            }
+        },
+        {
+            "height": 5,
+            "width": 8,
+            "y": 10,
+            "x": 8,
+            "type": "metric",
+            "properties": {
+                "region": "${var.region}",
+                "metrics": [
+                    [ "AWS/ApplicationELB", "HTTP_Redirect_Url_Limit_Exceeded_Count", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "Sum", "id": "m0r0" } ]
+                ],
+                "title": "HTTP Redirect Url Limit Exceeded Count Sum",
+                "copilot": true,
+                "legend": {
+                    "position": "bottom"
+                }
+            }
+        },
+        {
+            "height": 5,
+            "width": 8,
+            "y": 10,
+            "x": 16,
+            "type": "metric",
+            "properties": {
+                "region": "${var.region}",
+                "metrics": [
+                    [ "AWS/ApplicationELB", "HTTPCode_ELB_3XX_Count", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "Sum", "id": "m0r0" } ]
+                ],
+                "title": "HTTP Code ELB 3 XX Count Sum",
+                "copilot": true,
+                "legend": {
+                    "position": "bottom"
+                }
+            }
+        },
+        {
+            "height": 5,
+            "width": 8,
+            "y": 15,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "region": "${var.region}",
+                "metrics": [
+                    [ "AWS/ApplicationELB", "HTTPCode_ELB_4XX_Count", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "Sum", "id": "m0r0" } ]
+                ],
+                "title": "HTTP 4XX Count",
+                "copilot": true,
+                "legend": {
+                    "position": "bottom"
+                }
+            }
+        },
+        {
+            "height": 5,
+            "width": 8,
+            "y": 15,
+            "x": 8,
+            "type": "metric",
+            "properties": {
+                "region": "${var.region}",
+                "metrics": [
+                    [ "AWS/ApplicationELB", "IPv6ProcessedBytes", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "Sum", "id": "m0r0" } ]
+                ],
+                "title": "I Pv 6 Processed Bytes Sum",
+                "copilot": true,
+                "legend": {
+                    "position": "bottom"
+                }
+            }
+        },
+        {
+            "height": 5,
+            "width": 8,
+            "y": 15,
+            "x": 16,
+            "type": "metric",
+            "properties": {
+                "region": "${var.region}",
+                "metrics": [
+                    [ "AWS/ApplicationELB", "IPv6RequestCount", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "Sum", "id": "m0r0" } ]
+                ],
+                "title": "I Pv 6 Request Count Sum",
+                "copilot": true,
+                "legend": {
+                    "position": "bottom"
+                }
+            }
+        },
+        {
+            "height": 5,
+            "width": 8,
+            "y": 20,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "region": "${var.region}",
+                "metrics": [
+                    [ "AWS/ApplicationELB", "NewConnectionCount", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "Sum", "id": "m0r0" } ]
+                ],
+                "title": "New Connection Count Sum",
+                "copilot": true,
+                "legend": {
+                    "position": "bottom"
+                }
+            }
+        },
+        {
+            "height": 5,
+            "width": 8,
+            "y": 20,
+            "x": 8,
+            "type": "metric",
+            "properties": {
+                "region": "${var.region}",
+                "metrics": [
+                    [ "AWS/ApplicationELB", "ProcessedBytes", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "Sum", "id": "m0r0" } ]
+                ],
+                "title": "Processed Bytes Sum",
+                "copilot": true,
+                "legend": {
+                    "position": "bottom"
+                }
+            }
+        },
+        {
+            "height": 5,
+            "width": 8,
+            "y": 20,
+            "x": 16,
+            "type": "metric",
+            "properties": {
+                "region": "${var.region}",
+                "metrics": [
+                    [ "AWS/ApplicationELB", "RejectedConnectionCount", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "Sum", "id": "m0r0" } ]
+                ],
+                "title": "Rejected Connection Count Sum",
+                "copilot": true,
+                "legend": {
+                    "position": "bottom"
+                }
+            }
+        },
+        {
+            "height": 5,
+            "width": 24,
+            "y": 25,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "region": "${var.region}",
+                "metrics": [
+                    [ "AWS/ApplicationELB", "RuleEvaluations", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "Sum", "id": "m0r0" } ]
+                ],
+                "title": "Rule Evaluations Sum",
+                "copilot": true,
+                "legend": {
+                    "position": "bottom"
+                }
+            }
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_cloudwatch_dashboard" "errors" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  dashboard_name = "Errors"
+  dashboard_body = <<EOF
+{
+    "widgets": [
+        {
+            "height": 6,
+            "width": 24,
+            "y": 3,
+            "x": 0,
+            "type": "log",
+            "properties": {
+                "query": "SOURCE '/aws/containerinsights/${aws_eks_cluster.notification-canada-ca-eks-cluster.name}/application' | fields @timestamp, log, kubernetes.labels.app as app, kubernetes.pod_name as pod_name, @logStream\n| filter kubernetes.labels.app like /admin|api/\n| filter strcontains(@message, 'HTTP/1.1\\\" 500')\n| sort @timestamp desc\n| limit 20",
+                "region": "${var.region}",
+                "title": "Admin and API 500 errors",
+                "view": "table"
+            }
+        },
+        {
+            "height": 3,
+            "width": 24,
+            "y": 0,
+            "x": 0,
+            "type": "alarm",
+            "properties": {
+                "title": "Error alarms",
+                "alarms": [
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:logs-1-500-error-1-minute-warning",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:logs-1-celery-error-1-minute-warning",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:logs-10-500-error-5-minutes-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:logs-10-celery-error-1-minute-critical",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:logs-1-error-1-minute-warning-lambda-api",
+                    "arn:aws:cloudwatch:${var.region}:${var.account_id}:alarm:logs-10-error-5-minutes-critical-lambda-api"
+                ]
+            }
+        },
+        {
+            "height": 6,
+            "width": 24,
+            "y": 9,
+            "x": 0,
+            "type": "log",
+            "properties": {
+                "query": "SOURCE '/aws/containerinsights/${aws_eks_cluster.notification-canada-ca-eks-cluster.name}/application' | fields @timestamp, log, kubernetes.labels.app as app, kubernetes.pod_name as pod_name, @logStream\n| filter kubernetes.labels.app like /^celery/\n| filter @message like /ERROR\\/.*Worker/\n| sort @timestamp desc\n| limit 20\n",
+                "region": "${var.region}",
+                "title": "Celery errors",
+                "view": "table"
+            }
+        },
+        {
+            "height": 6,
+            "width": 24,
+            "y": 15,
+            "x": 0,
+            "type": "log",
+            "properties": {
+                "query": "SOURCE '/aws/containerinsights/${aws_eks_cluster.notification-canada-ca-eks-cluster.name}/application' | SOURCE '/aws/lambda/api-lambda' | filter (ispresent(application) or ispresent(kubernetes.host)) and @message like /has been rate limited/\n| parse @message /service (?<service>.*?) has been rate limited for (?<limit_type>..........).*/\n| stats count(*) by service, limit_type\n",
+                "region": "${var.region}",
+                "stacked": false,
+                "title": "Services going over the daily limit",
+                "view": "table"
+            }
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_cloudwatch_dashboard" "kubernetes" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  dashboard_name = "Kubernetes"
+  dashboard_body = <<EOF
+{
+    "widgets": [
+        {
+            "height": 15,
+            "width": 24,
+            "y": 14,
+            "x": 0,
+            "type": "explorer",
+            "properties": {
+                "metrics": [
+                    {
+                        "metricName": "node_cpu_limit",
+                        "resourceType": "AWS::EKS::Cluster",
+                        "stat": "Maximum"
+                    },
+                    {
+                        "metricName": "node_cpu_usage_total",
+                        "resourceType": "AWS::EKS::Cluster",
+                        "stat": "Maximum"
+                    },
+                    {
+                        "metricName": "node_memory_limit",
+                        "resourceType": "AWS::EKS::Cluster",
+                        "stat": "Maximum"
+                    },
+                    {
+                        "metricName": "node_memory_working_set",
+                        "resourceType": "AWS::EKS::Cluster",
+                        "stat": "Maximum"
+                    },
+                    {
+                        "metricName": "cluster_failed_node_count",
+                        "resourceType": "AWS::EKS::Cluster",
+                        "stat": "Sum"
+                    },
+                    {
+                        "metricName": "cluster_node_count",
+                        "resourceType": "AWS::EKS::Cluster",
+                        "stat": "Sum"
+                    }
+                ],
+                "aggregateBy": {
+                    "key": "Name",
+                    "func": "MAX"
+                },
+                "labels": [
+                    {
+                        "key": "Name",
+                        "value": "notification-canada-ca"
+                    }
+                ],
+                "widgetOptions": {
+                    "legend": {
+                        "position": "bottom"
+                    },
+                    "view": "timeSeries",
+                    "stacked": false,
+                    "rowsPerPage": 50,
+                    "widgetsPerRow": 2
+                },
+                "period": 300,
+                "splitBy": "Name",
+                "region": "${var.region}"
+            }
+        },
+        {
+            "height": 7,
+            "width": 24,
+            "y": 0,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "ContainerInsights", "pod_memory_utilization_over_pod_limit", "PodName", "admin", "ClusterName", "${aws_eks_cluster.notification-canada-ca-eks-cluster.name}", "Namespace", "notification-canada-ca" ],
+                    [ "...", "api", ".", ".", ".", "." ],
+                    [ "...", "celery", ".", ".", ".", "." ],
+                    [ "...", "document-download-api", ".", ".", ".", "." ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "yAxis": {
+                    "left": {
+                        "label": "pod_memory_utilization_over_pod_limit",
+                        "min": 0,
+                        "max": 100
+                    },
+                    "right": {
+                        "label": "",
+                        "min": 0
+                    }
+                },
+                "title": "Pod mem utilization over limit",
+                "period": 300,
+                "stat": "Maximum"
+            }
+        },
+        {
+            "height": 7,
+            "width": 24,
+            "y": 7,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "ContainerInsights", "pod_cpu_utilization", "ClusterName", "${aws_eks_cluster.notification-canada-ca-eks-cluster.name}", "Service", "api", "Namespace", "notification-canada-ca", { "yAxis": "right", "stat": "Average" } ],
+                    [ "...", "celery", ".", ".", { "yAxis": "right", "stat": "Average" } ],
+                    [ "...", "admin", ".", ".", { "stat": "Average", "yAxis": "right" } ],
+                    [ ".", "service_number_of_running_pods", ".", ".", ".", "celery", ".", ".", { "yAxis": "left" } ],
+                    [ "...", "api", ".", ".", { "yAxis": "left" } ],
+                    [ "...", "admin", ".", "." ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "Maximum",
+                "period": 300,
+                "yAxis": {
+                    "left": {
+                        "min": 0,
+                        "label": "Running Pods: Max",
+                        "showUnits": false
+                    },
+                    "right": {
+                        "min": 0,
+                        "label": "Pod Instances CPU: Average"
+                    }
+                },
+                "title": "Pods Running VS Pod CPU"
+            }
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_cloudwatch_dashboard" "new-slo" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  dashboard_name = "New-SLO"
+  dashboard_body = <<EOF
+{
+    "start": "-PT720H",
+    "widgets": [
+        {
+            "height": 6,
+            "width": 6,
+            "y": 0,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ { "expression": "100 - FILL(admin_errors,0)/FILL(admin_requests, 1)*100", "label": "Success rate", "id": "e1", "period": 86400, "stat": "Sum", "color": "#1f77b4", "region": "${var.region}" } ],
+                    [ "AWS/ApplicationELB", "HTTPCode_Target_5XX_Count", "TargetGroup", "targetgroup/notification-canada-ca-alb-admin/7b55c66402cf0ba9", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "id": "admin_errors", "visible": false } ],
+                    [ ".", "RequestCount", ".", ".", ".", ".", { "id": "admin_requests", "visible": false } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "Sum",
+                "period": 86400,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "label": "99%",
+                            "value": 99,
+                            "fill": "below"
+                        }
+                    ]
+                },
+                "liveData": false,
+                "yAxis": {
+                    "left": {
+                        "showUnits": false
+                    }
+                },
+                "title": "Admin success rate"
+            }
+        },
+        {
+            "height": 6,
+            "width": 6,
+            "y": 0,
+            "x": 12,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ { "expression": "100 - 100 * m2 / m1", "label": "Success rate", "id": "e1", "region": "${var.region}", "color": "#1f77b4" } ],
+                    [ "AWS/ApiGateway", "Count", "ApiName", "api-lambda", { "visible": false, "id": "m1" } ],
+                    [ ".", "5XXError", ".", ".", { "id": "m2", "visible": false } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "Sum",
+                "period": 86400,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "label": "99%",
+                            "value": 99,
+                            "fill": "below"
+                        }
+                    ]
+                },
+                "title": "Api lambda success rate",
+                "yAxis": {
+                    "left": {
+                        "showUnits": false
+                    }
+                }
+            }
+        },
+        {
+            "height": 6,
+            "width": 6,
+            "y": 0,
+            "x": 6,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/ApplicationELB", "RequestCount", "TargetGroup", "targetgroup/notification-canada-ca-alb-api/2d9017625dea5cd0", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "id": "m1", "visible": false } ],
+                    [ ".", "HTTPCode_Target_5XX_Count", ".", ".", ".", ".", { "id": "m2", "visible": false } ],
+                    [ { "expression": "100 - m2/m1*100", "label": "Success rate", "id": "e1", "period": 86400, "stat": "Sum", "color": "#1f77b4", "region": "${var.region}" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "Sum",
+                "period": 86400,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "label": "99%",
+                            "value": 99,
+                            "fill": "below"
+                        }
+                    ]
+                },
+                "liveData": false,
+                "yAxis": {
+                    "left": {
+                        "showUnits": false
+                    }
+                },
+                "title": "API k8s success rate",
+                "timezone": "Local"
+            }
+        },
+        {
+            "height": 6,
+            "width": 6,
+            "y": 6,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/ApplicationELB", "TargetResponseTime", "TargetGroup", "targetgroup/notification-canada-ca-alb-admin/7b55c66402cf0ba9", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "p90", "label": "Latency p90" } ],
+                    [ "...", { "label": "Latency p99" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "p99",
+                "period": 86400,
+                "title": "Admin latency",
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "label": "200 ms",
+                            "value": 0.2
+                        },
+                        {
+                            "color": "#d62728",
+                            "label": "400 ms",
+                            "value": 0.4,
+                            "fill": "above"
+                        }
+                    ]
+                }
+            }
+        },
+        {
+            "height": 6,
+            "width": 6,
+            "y": 6,
+            "x": 6,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/ApplicationELB", "TargetResponseTime", "TargetGroup", "targetgroup/notification-canada-ca-alb-admin/7b55c66402cf0ba9", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "p90", "label": "Admin p90", "visible": false } ],
+                    [ "...", { "label": "Admin p99", "visible": false } ],
+                    [ "...", "targetgroup/notification-canada-ca-alb-api/2d9017625dea5cd0", ".", ".", { "stat": "p90", "label": "Latency p90", "color": "#1f77b4" } ],
+                    [ "...", { "label": "Latency p99", "color": "#ff7f0e" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "p99",
+                "period": 86400,
+                "title": "Api k8s latency",
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "label": "200 ms",
+                            "value": 0.2
+                        },
+                        {
+                            "color": "#d62728",
+                            "label": "400 ms",
+                            "value": 0.4,
+                            "fill": "above"
+                        }
+                    ]
+                }
+            }
+        },
+        {
+            "height": 6,
+            "width": 6,
+            "y": 6,
+            "x": 12,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/ApplicationELB", "TargetResponseTime", "TargetGroup", "targetgroup/notification-canada-ca-alb-admin/7b55c66402cf0ba9", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "p90", "label": "Admin p90", "visible": false } ],
+                    [ "...", { "label": "Admin p99", "visible": false } ],
+                    [ "...", "targetgroup/notification-canada-ca-alb-api/2d9017625dea5cd0", ".", ".", { "stat": "p90", "label": "Api k8s p90", "visible": false } ],
+                    [ "...", { "label": "Api k8s p99", "visible": false } ],
+                    [ "AWS/ApiGateway", "Latency", "ApiName", "api-lambda", { "stat": "p90", "color": "#1f77b4" } ],
+                    [ "...", { "color": "#ff7f0e" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "p99",
+                "period": 86400,
+                "title": "Api lambda latency",
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "label": "200 ms",
+                            "value": 200
+                        },
+                        {
+                            "color": "#d62728",
+                            "label": "400 ms",
+                            "value": 400,
+                            "fill": "above"
+                        }
+                    ]
+                }
+            }
+        },
+        {
+            "height": 6,
+            "width": 6,
+            "y": 0,
+            "x": 18,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "NotificationCanadaCa", "${var.env}_notifications_celery_email_with-attachments_process_type-normal", "metric_type", "timing", { "stat": "p90", "label": "Send time p90" } ],
+                    [ "...", { "label": "Send time p99" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "p99",
+                "period": 86400,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "color": "#d62728",
+                            "label": "More than 60s",
+                            "value": 60
+                        },
+                        {
+                            "color": "#d62728",
+                            "label": "More than 300s",
+                            "value": 300,
+                            "fill": "above"
+                        }
+                    ]
+                },
+                "title": "Time to send emails with attachments (seconds)",
+                "yAxis": {
+                    "left": {
+                        "showUnits": false
+                    }
+                }
+            }
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_cloudwatch_dashboard" "slos" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  dashboard_name = "SLOs"
+  dashboard_body = <<EOF
+{
+    "start": "-P3D",
+    "widgets": [
+        {
+            "height": 6,
+            "width": 12,
+            "y": 37,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ { "expression": "FILL(admin_errors,0)/FILL(admin_requests, 1)*100", "label": "API error rate", "id": "e1", "period": 3600, "stat": "Sum", "color": "#d62728", "region": "${var.region}" } ],
+                    [ "AWS/ApplicationELB", "HTTPCode_Target_5XX_Count", "TargetGroup", "targetgroup/notification-canada-ca-alb-admin/7b55c66402cf0ba9", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "id": "admin_errors", "visible": false } ],
+                    [ ".", "RequestCount", ".", ".", ".", ".", { "id": "admin_requests", "visible": false } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "Sum",
+                "period": 3600,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "label": "Above 1% error rate",
+                            "value": 1,
+                            "fill": "above"
+                        }
+                    ]
+                },
+                "liveData": false,
+                "yAxis": {
+                    "left": {
+                        "showUnits": true
+                    }
+                },
+                "title": "Admin error rate per hour"
+            }
+        },
+        {
+            "height": 6,
+            "width": 12,
+            "y": 4,
+            "x": 12,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/ApplicationELB", "RequestCount", "TargetGroup", "targetgroup/notification-canada-ca-alb-api/2d9017625dea5cd0", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "id": "m1", "visible": false } ],
+                    [ ".", "HTTPCode_Target_5XX_Count", ".", ".", ".", ".", { "id": "m2", "visible": false } ],
+                    [ { "expression": "m2/m1*100", "label": "API error rate", "id": "e1", "period": 3600, "stat": "Sum", "color": "#d62728", "region": "${var.region}" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "Sum",
+                "period": 3600,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "label": "Above 1% error rate",
+                            "value": 1,
+                            "fill": "above"
+                        }
+                    ]
+                },
+                "liveData": false,
+                "yAxis": {
+                    "left": {
+                        "showUnits": true
+                    }
+                },
+                "title": "API error rate per hour"
+            }
+        },
+        {
+            "height": 6,
+            "width": 12,
+            "y": 4,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ { "expression": "(m2+m3)/m1*100", "label": "Load balancer error rate", "id": "e1", "color": "#d62728", "period": 3600, "region": "${var.region}" } ],
+                    [ "AWS/ApplicationELB", "RequestCount", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "id": "m1", "visible": false } ],
+                    [ ".", "HTTPCode_ELB_5XX_Count", ".", ".", { "id": "m2", "visible": false } ],
+                    [ ".", "HTTPCode_Target_5XX_Count", ".", ".", { "id": "m3", "visible": false } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "Sum",
+                "period": 3600,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "label": "1% error rate",
+                            "value": 1,
+                            "fill": "above"
+                        }
+                    ]
+                },
+                "title": "Load balancer error rate per hour"
+            }
+        },
+        {
+            "height": 6,
+            "width": 12,
+            "y": 30,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "NotificationCanadaCa", "${var.env}_notifications_celery_sms_process_type-normal", "metric_type", "timing", { "label": "p90" } ],
+                    [ "...", { "label": "p99", "stat": "p99" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "p90",
+                "period": 900,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "color": "#ff7f0e",
+                            "label": "More than 10s",
+                            "value": 10,
+                            "fill": "above"
+                        },
+                        {
+                            "color": "#d62728",
+                            "label": "More than 60s",
+                            "value": 60,
+                            "fill": "above"
+                        }
+                    ]
+                },
+                "title": "Delay to send SMS in seconds, per 15 minutes"
+            }
+        },
+        {
+            "height": 6,
+            "width": 12,
+            "y": 17,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "NotificationCanadaCa", "${var.env}_notifications_celery_email_no-attachments_process_type-normal", "metric_type", "timing", { "label": "p90" } ],
+                    [ "...", { "stat": "p99", "label": "p99" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "p90",
+                "period": 900,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "color": "#ff7f0e",
+                            "label": "More than 10s",
+                            "value": 10,
+                            "fill": "above"
+                        },
+                        {
+                            "color": "#d62728",
+                            "label": "More than 60s",
+                            "value": 60,
+                            "fill": "above"
+                        }
+                    ]
+                },
+                "title": "Delay to send normal emails without attachments in seconds, per 15 minutes"
+            }
+        },
+        {
+            "height": 6,
+            "width": 12,
+            "y": 17,
+            "x": 12,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "NotificationCanadaCa", "${var.env}_notifications_celery_email_no-attachments_process_type-bulk", "metric_type", "timing", { "stat": "p90", "label": "p90" } ],
+                    [ "...", { "label": "p99" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "p99",
+                "period": 900,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "color": "#ff7f0e",
+                            "label": "More than 300s",
+                            "value": 300,
+                            "fill": "above"
+                        },
+                        {
+                            "color": "#d62728",
+                            "label": "More than 600s",
+                            "value": 600,
+                            "fill": "above"
+                        }
+                    ]
+                },
+                "title": "Delay to send bulk emails in seconds, per 15 minutes"
+            }
+        },
+        {
+            "height": 1,
+            "width": 24,
+            "y": 36,
+            "x": 0,
+            "type": "text",
+            "properties": {
+                "markdown": "\n# Admin\n"
+            }
+        },
+        {
+            "height": 1,
+            "width": 24,
+            "y": 3,
+            "x": 0,
+            "type": "text",
+            "properties": {
+                "markdown": "\n# API\n"
+            }
+        },
+        {
+            "height": 1,
+            "width": 24,
+            "y": 16,
+            "x": 0,
+            "type": "text",
+            "properties": {
+                "markdown": "\n# Emails\n"
+            }
+        },
+        {
+            "height": 1,
+            "width": 24,
+            "y": 29,
+            "x": 0,
+            "type": "text",
+            "properties": {
+                "markdown": "\n# SMS\n"
+            }
+        },
+        {
+            "height": 3,
+            "width": 24,
+            "y": 0,
+            "x": 0,
+            "type": "text",
+            "properties": {
+                "markdown": "\n# Service Level Objectives\n\nSee our SLOs on [Google Sheets](https://docs.google.com/spreadsheets/d/1fU-FJ7THfWEqNhbpQ4r22MQipFwC7SP851ZQnOf68cM/edit#gid=0).\n\nYou can use the [public URL](https://cloudwatch.amazonaws.com/dashboard.html?dashboard=SLOs&context=eyJSIjoidXMtZWFzdC0xIiwiRCI6ImN3LWRiLTI5NjI1NTQ5NDgyNSIsIlUiOiJ1cy1lYXN0LTFfRGY5R0xRU3RnIiwiQyI6IjYya2k0cDMxOGhoN2ZzcmxjMms0bDBsbzhzIiwiSSI6InVzLWVhc3QtMTo1N2U5ZmZjMC00ZTlkLTQzM2ItYmMyYy1iZWE4NTVkZTdmOWQiLCJPIjoiYXJuOmF3czppYW06OjI5NjI1NTQ5NDgyNTpyb2xlL3NlcnZpY2Utcm9sZS9DbG91ZFdhdGNoRGFzaGJvYXJkLVB1YmxpYy1SZWFkT25seUFjY2Vzcy1TTE9zLUNZTU5QVDg3IiwiTSI6IlB1YmxpYyJ9) to share this dashboard.\n"
+            }
+        },
+        {
+            "height": 6,
+            "width": 12,
+            "y": 10,
+            "x": 12,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/ApplicationELB", "TargetResponseTime", "TargetGroup", "targetgroup/notification-canada-ca-alb-api/2d9017625dea5cd0", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}", { "stat": "p90" } ],
+                    [ "..." ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "p99",
+                "period": 900,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "label": "More than 400ms",
+                            "value": 0.4,
+                            "fill": "above"
+                        },
+                        {
+                            "label": "More than 200ms",
+                            "value": 0.2,
+                            "fill": "above"
+                        }
+                    ]
+                },
+                "title": "API HTTP response time, per 15 minutes"
+            }
+        },
+        {
+            "height": 6,
+            "width": 12,
+            "y": 30,
+            "x": 12,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/ApplicationELB", "TargetResponseTime", "TargetGroup", "targetgroup/notification-canada-ca-alb-admin/7b55c66402cf0ba9", "LoadBalancer", "${aws_alb.notification-canada-ca.arn_suffix}" ],
+                    [ "...", { "stat": "p99" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "p90",
+                "period": 900,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "label": "More than 400ms",
+                            "value": 0.4,
+                            "fill": "above"
+                        },
+                        {
+                            "label": "More than 200ms",
+                            "value": 0.2,
+                            "fill": "above"
+                        }
+                    ]
+                },
+                "title": "Admin HTTP response time, per 15 minutes"
+            }
+        },
+        {
+            "height": 6,
+            "width": 12,
+            "y": 43,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "NotificationCanadaCa", "${var.env}_notifications_celery_job_processing-start-delay", "metric_type", "timing", { "label": "p90" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "p90",
+                "period": 3600,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "label": "More than 10min",
+                            "value": 600,
+                            "fill": "above"
+                        }
+                    ]
+                },
+                "title": "Delay to send notifications with a spreadsheet, per hour"
+            }
+        },
+        {
+            "height": 6,
+            "width": 12,
+            "y": 10,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "NotificationCanadaCa", "${var.env}_notifications_api_POST_v2_notifications_post_notification_201", "metric_type", "timing" ],
+                    [ "...", { "stat": "p99" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "p90",
+                "period": 900,
+                "start": "-PT12H",
+                "end": "P0D",
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "label": "More than 400ms",
+                            "value": 0.4,
+                            "fill": "above"
+                        },
+                        {
+                            "label": "More than 200ms",
+                            "value": 0.2,
+                            "fill": "above"
+                        }
+                    ]
+                },
+                "title": "Response time when posting a notification through the API, per 15 minutes"
+            }
+        },
+        {
+            "height": 6,
+            "width": 12,
+            "y": 23,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "NotificationCanadaCa", "${var.env}_notifications_celery_callback_ses_elapsed-time", "metric_type", "timing" ],
+                    [ "...", { "stat": "p99" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "p90",
+                "period": 900,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "label": "More than 180 seconds",
+                            "value": 180,
+                            "fill": "above"
+                        },
+                        {
+                            "label": "More than 60 seconds",
+                            "value": 60,
+                            "fill": "above"
+                        }
+                    ]
+                },
+                "start": "-PT72H",
+                "end": "P0D",
+                "title": "Time to process email delivery receipts, per 15 minutes"
+            }
+        }
+    ]
+}
+EOF
+}
diff --git a/aws/pinpoint_to_sqs_sms_callbacks/dashboards.tf b/aws/pinpoint_to_sqs_sms_callbacks/dashboards.tf
index 9a2ec3af2..3cf4ad07a 100644
--- a/aws/pinpoint_to_sqs_sms_callbacks/dashboards.tf
+++ b/aws/pinpoint_to_sqs_sms_callbacks/dashboards.tf
@@ -1,5 +1,5 @@
 resource "aws_cloudwatch_dashboard" "pinpoint" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   dashboard_name = "SMS-Pinpoint"
   dashboard_body = <<EOF
 {
@@ -543,7 +543,7 @@ EOF
 }
 
 resource "aws_cloudwatch_dashboard" "sms-send-rate" {
-  count          = var.cloudwatch_enabled ? 1 : 0
+  count          = var.cloudwatch_enabled && var.env != "production" ? 1 : 0
   dashboard_name = "Specialized-sms-send-rate"
   dashboard_body = <<EOF
 {
diff --git a/aws/pinpoint_to_sqs_sms_callbacks/dashboards_kustomize.tf b/aws/pinpoint_to_sqs_sms_callbacks/dashboards_kustomize.tf
new file mode 100644
index 000000000..cd45f80d6
--- /dev/null
+++ b/aws/pinpoint_to_sqs_sms_callbacks/dashboards_kustomize.tf
@@ -0,0 +1,671 @@
+resource "aws_cloudwatch_dashboard" "pinpoint" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  dashboard_name = "SMS-Pinpoint"
+  dashboard_body = <<EOF
+{
+    "widgets": [
+        {
+            "height": 3,
+            "width": 24,
+            "y": 0,
+            "x": 0,
+            "type": "alarm",
+            "properties": {
+                "title": "Alarms",
+                "alarms": [
+                    "${aws_cloudwatch_metric_alarm.pinpoint-sms-success-rate-critical[0].arn}",
+                    "${aws_cloudwatch_metric_alarm.pinpoint-sms-success-rate-warning[0].arn}",
+                    "${var.sqs_send_sms_high_queue_delay_warning_arn}",
+                    "${var.sqs_send_sms_high_queue_delay_critical_arn}",
+                    "${var.sqs_send_sms_medium_queue_delay_warning_arn}",
+                    "${var.sqs_send_sms_medium_queue_delay_critical_arn}",
+                    "${var.sqs_send_sms_low_queue_delay_warning_arn}",
+                    "${var.sqs_send_sms_low_queue_delay_critical_arn}",
+                    "${aws_cloudwatch_metric_alarm.total-sms-spending-critical[0].arn}",
+                    "${aws_cloudwatch_metric_alarm.total-sms-spending-warning[0].arn}"
+                ]
+            }
+        },
+        {
+            "height": 6,
+            "width": 9,
+            "y": 5,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "LogMetrics", "pinpoint-sms-successes" ]
+                ],
+                "view": "timeSeries",
+                "stacked": true,
+                "region": "${var.region}",
+                "stat": "Sum",
+                "period": 300,
+                "title": "SMS delivered per 5m"
+            }
+        },
+        {
+            "height": 6,
+            "width": 9,
+            "y": 11,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "LogMetrics", "pinpoint-sms-failures" ]
+                ],
+                "view": "timeSeries",
+                "stacked": true,
+                "region": "${var.region}",
+                "stat": "Sum",
+                "period": 300,
+                "title": "SMS failures per 5m"
+            }
+        },
+        {
+            "height": 6,
+            "width": 9,
+            "y": 45,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/SQS", "ApproximateAgeOfOldestMessage", "QueueName", "${var.celery_queue_prefix}delivery-receipts" ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "title": "Approximate age of oldest message in delivery-receipts",
+                "stat": "Average",
+                "period": 60,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "color": "#ff7f0e",
+                            "label": "Above 30s",
+                            "value": 30,
+                            "fill": "above"
+                        },
+                        {
+                            "color": "#d62728",
+                            "label": "Above 60s",
+                            "value": 60,
+                            "fill": "above"
+                        }
+                    ]
+                }
+            }
+        },
+        {
+            "height": 6,
+            "width": 9,
+            "y": 45,
+            "x": 9,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/SQS", "ApproximateNumberOfMessagesVisible", "QueueName", "${var.celery_queue_prefix}delivery-receipts" ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "Average",
+                "period": 60,
+                "title": "Number of messages visible in delivery-receipts"
+            }
+        },
+        {
+            "height": 6,
+            "width": 9,
+            "y": 11,
+            "x": 9,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "NotificationCanadaCa", "${var.env}_notifications_celery_clients_pinpoint_request-time", "metric_type", "timing" ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "p90",
+                "period": 60,
+                "title": "p90 Pinpoint request time in ms",
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "label": "Above 200ms",
+                            "value": 0.2,
+                            "fill": "above"
+                        },
+                        {
+                            "label": "Above 100ms",
+                            "value": 0.1,
+                            "fill": "above"
+                        }
+                    ]
+                }
+            }
+        },
+        {
+            "height": 6,
+            "width": 9,
+            "y": 39,
+            "x": 9,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "NotificationCanadaCa", "${var.env}_notifications_celery_tasks_process_pinpoint_results", "metric_type", "counter" ]
+                ],
+                "view": "timeSeries",
+                "stacked": true,
+                "region": "${var.region}",
+                "stat": "Sum",
+                "period": 300,
+                "title": "Celery: Number of Pinpoint delivery receipts processed"
+            }
+        },
+        {
+            "height": 2,
+            "width": 24,
+            "y": 3,
+            "x": 0,
+            "type": "text",
+            "properties": {
+                "markdown": "\n# Sending SMS with Pinpoint\n"
+            }
+        },
+        {
+            "height": 2,
+            "width": 24,
+            "y": 37,
+            "x": 0,
+            "type": "text",
+            "properties": {
+                "markdown": "\n# Delivery receipts\n"
+            }
+        },
+        {
+            "height": 6,
+            "width": 9,
+            "y": 39,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/Lambda", "Invocations", "FunctionName", "pinpoint-to-sqs-sms-callbacks" ],
+                    [ ".", "Errors", ".", ".", { "color": "#d62728", "yAxis": "right" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": true,
+                "region": "${var.region}",
+                "stat": "Sum",
+                "period": 300,
+                "title": "Pinpoint Callback Lambda invocations per 5m"
+            }
+        },
+        {
+            "height": 18,
+            "width": 6,
+            "y": 5,
+            "x": 18,
+            "type": "text",
+            "properties": {
+                "markdown": "\n## Limits\n- [Spending limit](https://${var.region}.console.aws.amazon.com/sns/v3/home?region=${var.region}#/mobile/text-messaging) of 30,000 USD/month\n\n## Message flow\nAfter a notification has been created in the database, Celery sends the SMS to the provider using the `deliver_sms` Celery task. This Celery task is assigned to the SQS queue [${var.celery_queue_prefix}send-sms-low](#/queues/https%3A%2F%2Fsqs.${var.region}.amazonaws.com%2F${var.account_id}%2F${var.celery_queue_prefix}send-sms-low), [${var.celery_queue_prefix}send-sms-medium](#/queues/https%3A%2F%2Fsqs.${var.region}.amazonaws.com%2F${var.account_id}%2F${var.celery_queue_prefix}send-sms-medium), or [${var.celery_queue_prefix}send-sms-high](#/queues/https%3A%2F%2Fsqs.${var.region}.amazonaws.com%2F${var.account_id}%2F${var.celery_queue_prefix}send-sms-high) depending on the SMS priority. This task calls the SNS pr Pinpoint API to send a text message.\n\n## SMS IDs\nAWS keeps track of SMS with a `messageId`, the value of SNS' `messageId` is stored in the `Notification` object in the `reference` column.\n\n## Logging\nCelery tasks output multiple messages when processing tasks/calling the SNS/Pinpoint API, take a look at the relevant Celery code to know more.\n\nAfter an SMS has been sent by SNS, the delivery details are stored in CloudWatch Log groups:\n\n- [sns/${var.region}/${var.account_id}/DirectPublishToPhoneNumber](#logsV2:log-groups/log-group/sns$252F${var.region}$252F${var.account_id}$252FDirectPublishToPhoneNumber) for successful deliveries\n- [sns/${var.region}/${var.account_id}/DirectPublishToPhoneNumber/Failure](#logsV2:log-groups/log-group/sns$252F${var.region}$252F${var.account_id}$252FDirectPublishToPhoneNumber$252FFailure) for failures\n\n## Phone numbers\n\nSMS sent in `${var.region}` use phone numbers reserved for Notify's use\n\n### ⚠️  SNS in `us-west-2`\nIf a Notify service has an inbound number attached, SMS will be sent with SNS using a long code phone number ordered on Pinpoint in the `us-west-2` region. Statistics for this region and alarms are **not visible on this dashboard**.\n"
+            }
+        },
+        {
+            "height": 6,
+            "width": 9,
+            "y": 17,
+            "x": 9,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "NotificationCanadaCa", "${var.env}_notifications_celery_tasks_deliver_sms", "metric_type", "counter" ]
+                ],
+                "view": "timeSeries",
+                "stacked": true,
+                "region": "${var.region}",
+                "stat": "Sum",
+                "period": 300,
+                "title": "Number of deliver_sms Celery tasks per 5m"
+            }
+        },
+        {
+            "height": 9,
+            "width": 6,
+            "y": 39,
+            "x": 18,
+            "type": "text",
+            "properties": {
+                "markdown": "\n## Message flow\nAfter an SMS has been sent by Pinpoint, the delivery details are stored in CloudWatch Log groups:\n\n- [sns/${var.region}/${var.account_id}/PinpointDirectPublishToPhoneNumber](#logsV2:log-groups/log-group/sns$252F${var.region}$252F${var.account_id}$252FPinpointDirectPublishToPhoneNumber) for successful deliveries\n- [sns/${var.region}/${var.account_id}/PinpointDirectPublishToPhoneNumber/Failure](#logsV2:log-groups/log-group/sns$252F${var.region}$252F${var.account_id}$252FPinpointDirectPublishToPhoneNumber$252FFailure) for failures\n\nThe log groups are subscribed the Lambda function [pinpoint-to-sqs-sms-callbacks](#/functions/pinpoint-to-sqs-sms-callbacks?tab=configuration). This Lambda adds messages to the SQS queue `delivery-receipts` to trigger the Celery task in charge of updating notifications in the database, `process-pinpoint-result`.\n\nSee the relevant [AWS documentation](https://docs.aws.amazon.com/sns/latest/dg/sms_stats_cloudwatch.html#sns-viewing-cloudwatch-logs) for these messages.\n"
+            }
+        },
+        {
+            "height": 3,
+            "width": 24,
+            "y": 51,
+            "x": 0,
+            "type": "log",
+            "properties": {
+                "query": "SOURCE 'sns/${var.region}/${var.account_id}/PinpointDirectPublishToPhoneNumber/Failure' | fields @timestamp as Timestamp, messageId as MessageID, messageStatus as status, destinationPhoneNumber as Destination, messageStatusDescription as ProviderResponse\n| sort @timestamp desc\n| limit 20",
+                "region": "${var.region}",
+                "stacked": false,
+                "view": "table",
+                "title": "Pinpoint SMS Errors Log / ${var.region}"
+            }
+        },
+        {
+            "height": 6,
+            "width": 9,
+            "y": 5,
+            "x": 9,
+            "type": "metric",
+            "properties": {
+                "sparkline": true,
+                "metrics": [
+                    [ "NotificationCanadaCa", "${var.env}_notifications_celery_clients_sns_request-time", "metric_type", "timing", { "visible": false } ],
+                    [ ".", "${var.env}_notifications_celery_sms_total-time", ".", "." ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "p90",
+                "period": 60,
+                "title": "SMS (SNS and Pinpoint) sending time in seconds",
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "label": "Above 1 minute",
+                            "value": 60,
+                            "fill": "above"
+                        },
+                        {
+                            "label": "Above 30 seconds",
+                            "value": 30,
+                            "fill": "above"
+                        }
+                    ]
+                },
+                "start": "-PT3H",
+                "end": "P0D",
+                "yAxis": {
+                    "left": {
+                        "min": 0,
+                        "showUnits": false,
+                        "label": "Sending time (sent_at - created_at)"
+                    }
+                },
+                "setPeriodToTimeRange": true
+            }
+        },
+        {
+            "height": 6,
+            "width": 24,
+            "y": 63,
+            "x": 0,
+            "type": "log",
+            "properties": {
+                "query": "SOURCE 'sns/${var.region}/${var.account_id}/PinpointDirectPublishToPhoneNumber' | filter isFinal = 1 \n| stats avg((eventTimestamp - messageRequestTimestamp) / 1000 / 60) as Avg_carrier_time_minutes, count(*) as Number by carrierName as Carrier",
+                "region": "${var.region}",
+                "title": "Carrier Dwell Times",
+                "view": "table"
+            }
+        },
+        {
+            "height": 6,
+            "width": 24,
+            "y": 57,
+            "x": 0,
+            "type": "log",
+            "properties": {
+                "query": "SOURCE 'sns/${var.region}/${var.account_id}/PinpointDirectPublishToPhoneNumber' | SOURCE 'sns/${var.region}/${var.account_id}/DirectPublishToPhoneNumber/Failure' | stats avg(delivery.dwellTimeMsUntilDeviceAck / 1000 / 60) as Avg_carrier_time_minutes by bin(30s)",
+                "region": "${var.region}",
+                "stacked": false,
+                "view": "timeSeries",
+                "title": "dwellTimeMsUntilDeviceAck"
+            }
+        },
+        {
+            "height": 6,
+            "width": 8,
+            "y": 25,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/SQS", "ApproximateAgeOfOldestMessage", "QueueName", "${var.celery_queue_prefix}${var.sqs_send_sms_high_queue_name}", { "region": "${var.region}" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "title": "Approximate age of oldest message in ${var.sqs_send_sms_high_queue_name}",
+                "stat": "Average",
+                "period": 60,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "color": "#ff7f0e",
+                            "label": "Above 10 sec",
+                            "value": 10,
+                            "fill": "above"
+                        },
+                        {
+                            "color": "#d62728",
+                            "label": "Above 60 sec",
+                            "value": 60,
+                            "fill": "above"
+                        }
+                    ]
+                },
+                "yAxis": {
+                    "left": {
+                        "showUnits": true
+                    }
+                }
+            }
+        },
+        {
+            "height": 6,
+            "width": 8,
+            "y": 25,
+            "x": 8,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/SQS", "ApproximateAgeOfOldestMessage", "QueueName", "${var.celery_queue_prefix}${var.sqs_send_sms_medium_queue_name}", { "region": "${var.region}" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "title": "Approximate age of oldest message in ${var.sqs_send_sms_medium_queue_name}",
+                "stat": "Average",
+                "period": 60,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "color": "#ff7f0e",
+                            "label": "Above 10 min",
+                            "value": 600,
+                            "fill": "above"
+                        },
+                        {
+                            "color": "#d62728",
+                            "label": "Above 15 min",
+                            "value": 900,
+                            "fill": "above"
+                        }
+                    ]
+                }
+            }
+        },
+        {
+            "height": 6,
+            "width": 8,
+            "y": 25,
+            "x": 16,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/SQS", "ApproximateAgeOfOldestMessage", "QueueName", "${var.celery_queue_prefix}${var.sqs_send_sms_low_queue_name}", { "region": "${var.region}" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "title": "Approximate age of oldest message in ${var.sqs_send_sms_low_queue_name}",
+                "stat": "Average",
+                "period": 60,
+                "annotations": {
+                    "horizontal": [
+                        {
+                            "color": "#ff7f0e",
+                            "label": "Above 10 min",
+                            "value": 600,
+                            "fill": "above"
+                        },
+                        {
+                            "color": "#d62728",
+                            "label": "Above 3 hours",
+                            "value": 10800,
+                            "fill": "above"
+                        }
+                    ]
+                }
+            }
+        },
+        {
+            "height": 2,
+            "width": 24,
+            "y": 23,
+            "x": 0,
+            "type": "text",
+            "properties": {
+                "markdown": "\n# Delivery queues\n"
+            }
+        },
+        {
+            "height": 6,
+            "width": 8,
+            "y": 31,
+            "x": 0,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/SQS", "ApproximateNumberOfMessagesVisible", "QueueName", "${var.celery_queue_prefix}${var.sqs_send_sms_high_queue_name}", { "region": "${var.region}" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "Average",
+                "period": 60,
+                "title": "Number of messages visible in ${var.sqs_send_sms_high_queue_name}"
+            }
+        },
+        {
+            "height": 6,
+            "width": 8,
+            "y": 31,
+            "x": 16,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/SQS", "ApproximateNumberOfMessagesVisible", "QueueName", "${var.celery_queue_prefix}${var.sqs_send_sms_low_queue_name}", { "region": "${var.region}" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "Average",
+                "period": 60,
+                "title": "Number of messages visible in ${var.sqs_send_sms_low_queue_name}"
+            }
+        },
+        {
+            "height": 6,
+            "width": 8,
+            "y": 31,
+            "x": 8,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/SQS", "ApproximateNumberOfMessagesVisible", "QueueName", "${var.celery_queue_prefix}${var.sqs_send_sms_medium_queue_name}", { "region": "${var.region}" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "stat": "Average",
+                "period": 60,
+                "title": "Number of messages visible in ${var.sqs_send_sms_medium_queue_name}"
+            }
+        },
+        {
+            "type": "metric",
+            "x": 0,
+            "y": 54,
+            "width": 24,
+            "height": 9,
+            "properties": {
+                "sparkline": true,
+                "metrics": [
+                    [ "LogMetrics", "pinpoint-sms-failures-carriers", "Carrier", "Bell Cellular Inc. / Aliant Telecom" ],
+                    [ "LogMetrics", "pinpoint-sms-failures-carriers", "Carrier", "BRAGG Communications INC." ],
+                    [ "LogMetrics", "pinpoint-sms-failures-carriers", "Carrier", "Chunghwa Telecom LDM" ],
+                    [ "LogMetrics", "pinpoint-sms-failures-carriers", "Carrier", "Farmers Mutual Telephone Company Inc." ],
+                    [ "LogMetrics", "pinpoint-sms-failures-carriers", "Carrier", "Freedom Mobile Inc." ],
+                    [ "LogMetrics", "pinpoint-sms-failures-carriers", "Carrier", "Iristel Inc." ],
+                    [ "LogMetrics", "pinpoint-sms-failures-carriers", "Carrier", "Maritime Telephone & Telegraph Ltd" ],
+                    [ "LogMetrics", "pinpoint-sms-failures-carriers", "Carrier", "MTS Communications Inc." ],
+                    [ "LogMetrics", "pinpoint-sms-failures-carriers", "Carrier", "Rogers Communications Canada Inc." ],
+                    [ "LogMetrics", "pinpoint-sms-failures-carriers", "Carrier", "SK Telecom" ],
+                    [ "LogMetrics", "pinpoint-sms-failures-carriers", "Carrier", "Taiwan Mobile Co Ltd." ],
+                    [ "LogMetrics", "pinpoint-sms-failures-carriers", "Carrier", "Telus Communications" ],
+                    [ "LogMetrics", "pinpoint-sms-failures-carriers", "Carrier", "TIM Celular S.A." ],
+                    [ "LogMetrics", "pinpoint-sms-failures-carriers", "Carrier", "TURKCELL" ],
+                    [ "LogMetrics", "pinpoint-sms-failures-carriers", "Carrier", "Videotron Ltd." ]
+                ],
+                "view": "singleValue",
+                "stacked": false,
+                "start": "-PT24H",
+                "region": "ca-central-1",
+                "yAxis": {
+                    "left": {
+                        "min": 0,
+                        "max": 15
+                    }
+                },
+                "stat": "Sum",
+                "period": 86400,
+                "title": "Carrier failures over the past day"
+            }
+        }
+    ]
+}
+EOF
+}
+
+resource "aws_cloudwatch_dashboard" "sms-send-rate" {
+  count          = var.cloudwatch_enabled && var.env == "production" ? 1 : 0
+  dashboard_name = "Specialized-sms-send-rate"
+  dashboard_body = <<EOF
+{
+    "widgets": [
+        {
+            "height": 6,
+            "width": 8,
+            "y": 0,
+            "x": 0,
+            "type": "log",
+            "properties": {
+                "query": "SOURCE 'sns/${var.region}/${var.account_id}/PinpointDirectPublishToPhoneNumber' | filter isFinal = 1 \n| stats sum(totalMessageParts) as fragments, count(*) as sms by datefloor(messageRequestTimestamp, 1m)",
+                "region": "${var.region}",
+                "stacked": false,
+                "title": "SMS Send Rate Per Minute",
+                "view": "timeSeries"
+            }
+        },
+        {
+            "height": 6,
+            "width": 6,
+            "y": 6,
+            "x": 12,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "AWS/SQS", "ApproximateAgeOfOldestMessage", "QueueName", "${var.celery_queue_prefix}${var.sqs_send_sms_high_queue_name}", { "region": "${var.region}", "label": "High" } ],
+                    [ "AWS/SQS", "ApproximateAgeOfOldestMessage", "QueueName", "${var.celery_queue_prefix}${var.sqs_send_sms_medium_queue_name}", { "region": "${var.region}", "label": "Medium" } ],
+                    [ "AWS/SQS", "ApproximateAgeOfOldestMessage", "QueueName", "${var.celery_queue_prefix}${var.sqs_send_sms_low_queue_name}", { "region": "${var.region}", "label": "Low" } ]
+                ],
+                "view": "singleValue",
+                "stacked": false,
+                "region": "${var.region}",
+                "title": "SMS SQS Queues Delays",
+                "period": 60,
+                "stat": "Maximum",
+                "sparkline": true
+            }
+        },
+        {
+            "height": 6,
+            "width": 6,
+            "y": 6,
+            "x": 18,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "ContainerInsights/Prometheus", "kube_deployment_status_replicas_available", "namespace", "notification-canada-ca", "ClusterName", "notification-canada-ca-${var.env}-eks-cluster", "deployment", "celery-sms-send-primary", { "region": "${var.region}", "label": "celery-sms-send-primary" } ],
+                    [ "ContainerInsights/Prometheus", "kube_deployment_status_replicas_available", "namespace", "notification-canada-ca", "ClusterName", "notification-canada-ca-${var.env}-eks-cluster", "deployment", "celery-sms-send-scalable", { "region": "${var.region}", "label": "celery-sms-send-scalable" } ]
+                ],
+                "sparkline": true,
+                "view": "singleValue",
+                "region": "${var.region}",
+                "title": "Pods",
+                "period": 60,
+                "stat": "Maximum"
+            }
+        },
+        {
+            "height": 6,
+            "width": 8,
+            "y": 0,
+            "x": 8,
+            "type": "metric",
+            "properties": {
+                "metrics": [
+                    [ "NotificationCanadaCa", "${var.env}_notifications_celery_sms_total-time", "metric_type", "timing", { "region": "${var.region}", "label": "time" } ]
+                ],
+                "view": "timeSeries",
+                "stacked": false,
+                "region": "${var.region}",
+                "title": "Average Notify SMS Send Time",
+                "period": 60,
+                "stat": "Average",
+                "yAxis": {
+                    "left": {
+                        "showUnits": false,
+                        "label": "seconds"
+                    }
+                }
+            }
+        },
+        {
+            "height": 6,
+            "width": 12,
+            "y": 6,
+            "x": 0,
+            "type": "log",
+            "properties": {
+                "query": "SOURCE '/aws/containerinsights/notification-canada-ca-${var.env}-eks-cluster/application' | fields @timestamp as Time, kubernetes.container_name as Deployment, log\n| filter kubernetes.container_name like /^celery-sms-send/\n| filter @message like /ERROR\\/.*Worker/ or @message like /ERROR\\/MainProcess/ \n| sort @timestamp desc\n",
+                "region": "${var.region}",
+                "stacked": false,
+                "title": "SMS Sending Celery Errors",
+                "view": "table"
+            }
+        },
+        {
+            "height": 6,
+            "width": 8,
+            "y": 0,
+            "x": 16,
+            "type": "log",
+            "properties": {
+                "query": "SOURCE '/aws/containerinsights/notification-canada-ca-${var.env}-eks-cluster/application' | fields @timestamp, log, kubernetes.container_name as app, kubernetes.pod_name as pod_name, @logStream\n| filter kubernetes.container_name like /^celery-sms/\n| filter @message like /succeeded/\n| fields strcontains(@message, 'Task deliver_throttled_sms') as is_throttled_sms\n| fields strcontains(@message, 'Task deliver_sms') as is_normal_sms\n| stats sum(is_normal_sms) as normal_sms, sum(is_throttled_sms) as throttled_sms by bin(1m)",
+                "queryLanguage": "LOGSQL",
+                "region": "${var.region}",
+                "title": "Normal vs Throttled SMS",
+                "view": "timeSeries",
+                "stacked": false
+            }
+        },
+        {
+            "height": 6,
+            "width": 24,
+            "y": 12,
+            "x": 0,
+            "type": "text",
+            "properties": {
+                "markdown": "# Notes\n\n- send time will go up substantially while sending throttled SMS\n"
+            }
+        }
+    ]
+}
+EOF
+}