feat(cloudwatch): add support for cross-account alarms

packages/@aws-cdk/aws-cloudwatch/README.md

@@ -160,6 +160,8 @@ The most important properties to set while creating an Alarms are:
 - `evaluationPeriods`: how many consecutive periods the metric has to be
   breaching the the threshold for the alarm to trigger.
 
+To create a cross-account alarm, make sure you have enabled [cross-account functionality](https://docs.aws.amazon.com/AmazonCloudWatch/latest/monitoring/Cross-Account-Cross-Region.html) in CloudWatch. Then, set the `account` property in the `Metric` object either manually or via the `metric.attachTo()` function.
+
 ### Alarm Actions
 
 To add actions to an alarm, use the integration classes from the

packages/@aws-cdk/aws-cloudwatch/lib/alarm.ts

@@ -257,7 +257,10 @@ export class Alarm extends AlarmBase {
     return dispatchMetric(metric, {
       withStat(stat, conf) {
         self.validateMetricStat(stat, metric);
-        if (conf.renderingProperties?.label == undefined) {
+        const canRenderAsLegacyMetric = conf.renderingProperties?.label == undefined &&
+          (stat.account == undefined || Stack.of(self).account == stat.account);
+        // Do this to disturb existing templates as little as possible
+        if (canRenderAsLegacyMetric) {
           return dropUndefined({
             dimensions: stat.dimensions,
             namespace: stat.namespace,
@@ -283,6 +286,7 @@ export class Alarm extends AlarmBase {
                 unit: stat.unitFilter,
               },
               id: 'm1',
+              accountId: stat.account,
               label: conf.renderingProperties?.label,
               returnData: true,
             } as CfnAlarm.MetricDataQueryProperty,
@@ -344,17 +348,14 @@ export class Alarm extends AlarmBase {
   }
 
   /**
-   * Validate that if a region and account are in the given stat config, they match the Alarm
+   * Validate that if a region is in the given stat config, they match the Alarm
    */
   private validateMetricStat(stat: MetricStatConfig, metric: IMetric) {
     const stack = Stack.of(this);
 
     if (definitelyDifferent(stat.region, stack.region)) {
       throw new Error(`Cannot create an Alarm in region '${stack.region}' based on metric '${metric}' in '${stat.region}'`);
     }
-    if (definitelyDifferent(stat.account, stack.account)) {
-      throw new Error(`Cannot create an Alarm in account '${stack.account}' based on metric '${metric}' in '${stat.account}'`);
-    }
   }
 }
 

packages/@aws-cdk/aws-cloudwatch/test/cross-environment.test.ts

@@ -6,11 +6,12 @@ const a = new Metric({ namespace: 'Test', metricName: 'ACount' });
 
 let stack1: Stack;
 let stack2: Stack;
+let stack3: Stack;
 describe('cross environment', () => {
   beforeEach(() => {
     stack1 = new Stack(undefined, undefined, { env: { region: 'pluto', account: '1234' } });
     stack2 = new Stack(undefined, undefined, { env: { region: 'mars', account: '5678' } });
-
+    stack3 = new Stack(undefined, undefined, { env: { region: 'pluto', account: '0000' } });
   });
 
   describe('in graphs', () => {
@@ -112,6 +113,36 @@ describe('cross environment', () => {
 
 
     });
+
+    test('metric attached to stack3 will render in stack1 ', () => {
+      //Cross-account metrics are supported in Alarms
+
+      // GIVEN
+      new Alarm(stack1, 'Alarm', {
+        threshold: 1,
+        evaluationPeriods: 1,
+        metric: a.attachTo(stack3),
+      });
+
+      // THEN
+      Template.fromStack(stack1).hasResourceProperties('AWS::CloudWatch::Alarm', {
+        Metrics: [
+          {
+            AccountId: '0000',
+            Id: 'm1',
+            MetricStat: {
+              Metric: {
+                MetricName: 'ACount',
+                Namespace: 'Test',
+              },
+              Period: 300,
+              Stat: 'Average',
+            },
+            ReturnData: true,
+          },
+        ],
+      });
+    });
   });
 });