cfn-guardian 0.1.0 → 0.3.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.dockerignore +1 -0
- data/Dockerfile +19 -0
- data/Gemfile.lock +31 -13
- data/README.md +441 -42
- data/cfn-guardian.gemspec +6 -2
- data/lib/cfnguardian.rb +301 -27
- data/lib/cfnguardian/cloudwatch.rb +121 -0
- data/lib/cfnguardian/codecommit.rb +54 -0
- data/lib/cfnguardian/codepipeline.rb +138 -0
- data/lib/cfnguardian/compile.rb +58 -17
- data/lib/cfnguardian/config/defaults.yaml +94 -0
- data/lib/cfnguardian/display_formatter.rb +164 -0
- data/lib/cfnguardian/drift.rb +79 -0
- data/lib/cfnguardian/log.rb +0 -1
- data/lib/cfnguardian/models/alarm.rb +98 -36
- data/lib/cfnguardian/models/check.rb +103 -26
- data/lib/cfnguardian/models/composite.rb +21 -0
- data/lib/cfnguardian/models/event.rb +164 -40
- data/lib/cfnguardian/models/metric_filter.rb +28 -0
- data/lib/cfnguardian/resources/application_targetgroup.rb +2 -0
- data/lib/cfnguardian/resources/base.rb +38 -16
- data/lib/cfnguardian/resources/ecs_service.rb +2 -2
- data/lib/cfnguardian/resources/http.rb +16 -1
- data/lib/cfnguardian/resources/internal_http.rb +74 -0
- data/lib/cfnguardian/resources/internal_port.rb +33 -0
- data/lib/cfnguardian/resources/internal_sftp.rb +58 -0
- data/lib/cfnguardian/resources/log_group.rb +26 -0
- data/lib/cfnguardian/resources/network_targetgroup.rb +1 -0
- data/lib/cfnguardian/resources/port.rb +25 -0
- data/lib/cfnguardian/resources/rds_instance.rb +2 -0
- data/lib/cfnguardian/resources/sftp.rb +50 -0
- data/lib/cfnguardian/resources/sql.rb +1 -1
- data/lib/cfnguardian/resources/tls.rb +66 -0
- data/lib/cfnguardian/s3.rb +3 -2
- data/lib/cfnguardian/stacks/main.rb +86 -65
- data/lib/cfnguardian/stacks/resources.rb +81 -42
- data/lib/cfnguardian/string.rb +12 -0
- data/lib/cfnguardian/version.rb +1 -1
- metadata +102 -5
@@ -0,0 +1,79 @@
|
|
1
|
+
require 'aws-sdk-cloudformation'
|
2
|
+
|
3
|
+
module CfnGuardian
|
4
|
+
class Drift
|
5
|
+
|
6
|
+
def initialize(stack)
|
7
|
+
@stack = stack
|
8
|
+
@client = Aws::CloudFormation::Client.new()
|
9
|
+
end
|
10
|
+
|
11
|
+
def find_nested_stacks
|
12
|
+
stacks = []
|
13
|
+
resp = @client.describe_stack_resources({
|
14
|
+
stack_name: @stack
|
15
|
+
})
|
16
|
+
resp.stack_resources.each do |r|
|
17
|
+
if r.resource_type == 'AWS::CloudFormation::Stack'
|
18
|
+
stacks << r.physical_resource_id
|
19
|
+
end
|
20
|
+
end
|
21
|
+
return stacks
|
22
|
+
end
|
23
|
+
|
24
|
+
def detect_drift(stack)
|
25
|
+
resp = @client.detect_stack_drift({
|
26
|
+
stack_name: stack
|
27
|
+
})
|
28
|
+
wait_for_dirft_detection(resp.stack_drift_detection_id)
|
29
|
+
end
|
30
|
+
|
31
|
+
def wait_for_dirft_detection(id,count=0)
|
32
|
+
resp = @client.describe_stack_drift_detection_status({
|
33
|
+
stack_drift_detection_id: id
|
34
|
+
})
|
35
|
+
if resp.detection_status == 'DETECTION_IN_PROGRESS' && count < 10
|
36
|
+
sleep(2)
|
37
|
+
count += 1
|
38
|
+
wait_for_dirft_detection(id,count)
|
39
|
+
end
|
40
|
+
end
|
41
|
+
|
42
|
+
def get_drift(stack)
|
43
|
+
rows = []
|
44
|
+
resp = @client.describe_stack_resource_drifts({
|
45
|
+
stack_name: stack,
|
46
|
+
stack_resource_drift_status_filters: ["MODIFIED", "DELETED"]
|
47
|
+
})
|
48
|
+
|
49
|
+
if resp.stack_resource_drifts.any?
|
50
|
+
resp.stack_resource_drifts.each do |drift|
|
51
|
+
next if drift.resource_type != 'AWS::CloudWatch::Alarm'
|
52
|
+
|
53
|
+
if drift.stack_resource_drift_status == 'MODIFIED'
|
54
|
+
drift.property_differences.each do |diff|
|
55
|
+
rows << [
|
56
|
+
drift.physical_resource_id,
|
57
|
+
diff.property_path,
|
58
|
+
diff.expected_value,
|
59
|
+
diff.actual_value,
|
60
|
+
diff.difference_type
|
61
|
+
]
|
62
|
+
end
|
63
|
+
elsif drift.stack_resource_drift_status == 'DELETED'
|
64
|
+
rows << [
|
65
|
+
drift.physical_resource_id.red,
|
66
|
+
"",
|
67
|
+
"",
|
68
|
+
"",
|
69
|
+
drift.stack_resource_drift_status.red
|
70
|
+
]
|
71
|
+
end
|
72
|
+
end
|
73
|
+
end
|
74
|
+
|
75
|
+
return rows
|
76
|
+
end
|
77
|
+
|
78
|
+
end
|
79
|
+
end
|
data/lib/cfnguardian/log.rb
CHANGED
@@ -1,11 +1,14 @@
|
|
1
1
|
require 'cfnguardian/string'
|
2
|
+
require 'digest/md5'
|
2
3
|
|
3
4
|
module CfnGuardian
|
4
5
|
module Models
|
5
6
|
class Alarm
|
6
7
|
|
7
|
-
attr_reader :type
|
8
|
-
|
8
|
+
attr_reader :type,
|
9
|
+
:resource_hash
|
10
|
+
|
11
|
+
attr_accessor :group,
|
9
12
|
:name,
|
10
13
|
:metric_name,
|
11
14
|
:namespace,
|
@@ -17,21 +20,23 @@ module CfnGuardian
|
|
17
20
|
:statistic,
|
18
21
|
:actions_enabled,
|
19
22
|
:enabled,
|
20
|
-
:
|
23
|
+
:resource_id,
|
24
|
+
:resource_name,
|
21
25
|
:alarm_action,
|
22
26
|
:treat_missing_data,
|
23
27
|
:datapoints_to_alarm,
|
24
28
|
:extended_statistic,
|
25
29
|
:evaluate_low_sample_count_percentile,
|
26
|
-
:unit
|
30
|
+
:unit,
|
31
|
+
:maintenance_groups
|
27
32
|
|
28
33
|
def initialize(resource)
|
29
34
|
@type = 'Alarm'
|
30
|
-
@
|
35
|
+
@group = nil
|
31
36
|
@name = ''
|
32
37
|
@metric_name = nil
|
33
38
|
@namespace = nil
|
34
|
-
@dimensions =
|
39
|
+
@dimensions = nil
|
35
40
|
@threshold = 0
|
36
41
|
@period = 60
|
37
42
|
@evaluation_periods = 1
|
@@ -43,28 +48,25 @@ module CfnGuardian
|
|
43
48
|
@evaluate_low_sample_count_percentile = nil
|
44
49
|
@unit = nil
|
45
50
|
@enabled = true
|
46
|
-
@
|
47
|
-
@
|
51
|
+
@resource_hash = Digest::MD5.hexdigest resource['Id']
|
52
|
+
@resource_id = resource['Id']
|
53
|
+
@resource_name = resource.fetch('Name', nil)
|
48
54
|
@alarm_action = 'Critical'
|
49
55
|
@treat_missing_data = nil
|
56
|
+
@maintenance_groups = []
|
50
57
|
end
|
51
58
|
|
52
59
|
def metric_name=(metric_name)
|
53
60
|
raise ArgumentError.new("metric_name '#{metric_name}' must be of type String, provided type '#{metric_name.class}'") unless metric_name.is_a?(String)
|
54
61
|
@metric_name=metric_name
|
55
|
-
end
|
56
|
-
|
57
|
-
def to_h
|
58
|
-
Hash[instance_variables.map { |name| [name[1..-1].to_sym, instance_variable_get(name)] } ]
|
59
|
-
end
|
60
|
-
|
62
|
+
end
|
61
63
|
end
|
62
64
|
|
63
65
|
|
64
66
|
class ApiGatewayAlarm < Alarm
|
65
67
|
def initialize(resource)
|
66
68
|
super(resource)
|
67
|
-
@
|
69
|
+
@group = 'ApiGateway'
|
68
70
|
@namespace = 'AWS/ApiGateway'
|
69
71
|
@dimensions = { ApiName: resource['Id'] }
|
70
72
|
end
|
@@ -73,7 +75,7 @@ module CfnGuardian
|
|
73
75
|
class ApplicationTargetGroupAlarm < Alarm
|
74
76
|
def initialize(resource)
|
75
77
|
super(resource)
|
76
|
-
@
|
78
|
+
@group = 'ApplicationTargetGroup'
|
77
79
|
@namespace = 'AWS/ApplicationELB'
|
78
80
|
@dimensions = {
|
79
81
|
TargetGroup: resource['Id'],
|
@@ -85,7 +87,7 @@ module CfnGuardian
|
|
85
87
|
class AmazonMQBrokerAlarm < Alarm
|
86
88
|
def initialize(resource)
|
87
89
|
super(resource)
|
88
|
-
@
|
90
|
+
@group = 'AmazonMQBroker'
|
89
91
|
@namespace = 'AWS/AmazonMQ'
|
90
92
|
@dimensions = { Broker: resource['Id'] }
|
91
93
|
end
|
@@ -94,7 +96,7 @@ module CfnGuardian
|
|
94
96
|
class CloudFrontDistributionAlarm < Alarm
|
95
97
|
def initialize(resource)
|
96
98
|
super(resource)
|
97
|
-
@
|
99
|
+
@group = 'CloudFrontDistribution'
|
98
100
|
@namespace = 'AWS/CloudFront'
|
99
101
|
@dimensions = {
|
100
102
|
DistributionId: resource['Id'],
|
@@ -108,7 +110,7 @@ module CfnGuardian
|
|
108
110
|
class AutoScalingGroupAlarm < Alarm
|
109
111
|
def initialize(resource)
|
110
112
|
super(resource)
|
111
|
-
@
|
113
|
+
@group = 'AutoScalingGroup'
|
112
114
|
@namespace = 'AWS/EC2'
|
113
115
|
@dimensions = { AutoScalingGroupName: resource['Id'] }
|
114
116
|
end
|
@@ -117,7 +119,7 @@ module CfnGuardian
|
|
117
119
|
class DomainExpiryAlarm < Alarm
|
118
120
|
def initialize(resource)
|
119
121
|
super(resource)
|
120
|
-
@
|
122
|
+
@group = 'DomainExpiry'
|
121
123
|
@namespace = 'DNS'
|
122
124
|
@dimensions = { Domain: resource['Id'] }
|
123
125
|
@comparison_operator = 'LessThanThreshold'
|
@@ -127,7 +129,7 @@ module CfnGuardian
|
|
127
129
|
class DynamoDBTableAlarm < Alarm
|
128
130
|
def initialize(resource)
|
129
131
|
super(resource)
|
130
|
-
@
|
132
|
+
@group = 'DynamoDBTable'
|
131
133
|
@namespace = 'AWS/DynamoDB'
|
132
134
|
@dimensions = { TableName: resource['Id'] }
|
133
135
|
end
|
@@ -136,7 +138,7 @@ module CfnGuardian
|
|
136
138
|
class Ec2InstanceAlarm < Alarm
|
137
139
|
def initialize(resource)
|
138
140
|
super(resource)
|
139
|
-
@
|
141
|
+
@group = 'Ec2Instance'
|
140
142
|
@namespace = 'AWS/EC2'
|
141
143
|
@dimensions = { InstanceId: resource['Id'] }
|
142
144
|
end
|
@@ -145,7 +147,7 @@ module CfnGuardian
|
|
145
147
|
class ECSClusterAlarm < Alarm
|
146
148
|
def initialize(resource)
|
147
149
|
super(resource)
|
148
|
-
@
|
150
|
+
@group = 'ECSCluster'
|
149
151
|
@namespace = 'AWS/ECS'
|
150
152
|
@dimensions = { ClusterName: resource['Id'] }
|
151
153
|
@threshold = 75
|
@@ -157,7 +159,7 @@ module CfnGuardian
|
|
157
159
|
class ECSServiceAlarm < Alarm
|
158
160
|
def initialize(resource)
|
159
161
|
super(resource)
|
160
|
-
@
|
162
|
+
@group = 'ECSService'
|
161
163
|
@namespace = 'AWS/ECS'
|
162
164
|
@dimensions = {
|
163
165
|
ServiceName: resource['Id'],
|
@@ -169,7 +171,7 @@ module CfnGuardian
|
|
169
171
|
class ElastiCacheReplicationGroupAlarm < Alarm
|
170
172
|
def initialize(resource)
|
171
173
|
super(resource)
|
172
|
-
@
|
174
|
+
@group = 'ElastiCacheReplicationGroup'
|
173
175
|
@namespace = 'AWS/ElastiCache'
|
174
176
|
@dimensions = { CacheClusterId: resource['Id'] }
|
175
177
|
end
|
@@ -178,7 +180,7 @@ module CfnGuardian
|
|
178
180
|
class ElasticLoadBalancerAlarm < Alarm
|
179
181
|
def initialize(resource)
|
180
182
|
super(resource)
|
181
|
-
@
|
183
|
+
@group = 'ElasticLoadBalancer'
|
182
184
|
@namespace = 'AWS/ELB'
|
183
185
|
@dimensions = { LoadBalancerName: resource['Id'] }
|
184
186
|
end
|
@@ -187,7 +189,7 @@ module CfnGuardian
|
|
187
189
|
class ElasticFileSystemAlarm < Alarm
|
188
190
|
def initialize(resource)
|
189
191
|
super(resource)
|
190
|
-
@
|
192
|
+
@group = 'ElasticFileSystem'
|
191
193
|
@namespace = 'AWS/EFS'
|
192
194
|
@dimensions = { FileSystemId: resource['Id'] }
|
193
195
|
end
|
@@ -196,7 +198,7 @@ module CfnGuardian
|
|
196
198
|
class HttpAlarm < Alarm
|
197
199
|
def initialize(resource)
|
198
200
|
super(resource)
|
199
|
-
@
|
201
|
+
@group = 'Http'
|
200
202
|
@namespace = 'HttpCheck'
|
201
203
|
@dimensions = { Endpoint: resource['Id'] }
|
202
204
|
@comparison_operator = 'LessThanThreshold'
|
@@ -204,11 +206,33 @@ module CfnGuardian
|
|
204
206
|
@evaluation_periods = 2
|
205
207
|
end
|
206
208
|
end
|
209
|
+
|
210
|
+
class PortAlarm < Alarm
|
211
|
+
def initialize(resource)
|
212
|
+
super(resource)
|
213
|
+
@group = 'Port'
|
214
|
+
@namespace = 'TcpPortCheck'
|
215
|
+
@dimensions = { Endpoint: "#{resource['Id']}:#{resource['Port']}" }
|
216
|
+
@comparison_operator = 'LessThanThreshold'
|
217
|
+
@threshold = 1
|
218
|
+
@evaluation_periods = 2
|
219
|
+
end
|
220
|
+
end
|
221
|
+
|
222
|
+
class SslAlarm < Alarm
|
223
|
+
def initialize(resource)
|
224
|
+
super(resource)
|
225
|
+
@group = 'Ssl'
|
226
|
+
@namespace = 'SSL'
|
227
|
+
@dimensions = { URL: resource['Id'] }
|
228
|
+
@comparison_operator = 'LessThanThreshold'
|
229
|
+
end
|
230
|
+
end
|
207
231
|
|
208
232
|
class NrpeAlarm < Alarm
|
209
233
|
def initialize(resource,environment)
|
210
234
|
super(resource)
|
211
|
-
@
|
235
|
+
@group = 'Nrpe'
|
212
236
|
@namespace = 'NRPE'
|
213
237
|
@dimensions = { Host: "#{environment}-#{resource['Id']}" }
|
214
238
|
@treat_missing_data = 'breaching'
|
@@ -219,7 +243,7 @@ module CfnGuardian
|
|
219
243
|
class LambdaAlarm < Alarm
|
220
244
|
def initialize(resource)
|
221
245
|
super(resource)
|
222
|
-
@
|
246
|
+
@group = 'Lambda'
|
223
247
|
@namespace = 'AWS/Lambda'
|
224
248
|
@dimensions = { FunctionName: resource['Id'] }
|
225
249
|
@statistic = 'Average'
|
@@ -230,7 +254,7 @@ module CfnGuardian
|
|
230
254
|
class NetworkTargetGroupAlarm < Alarm
|
231
255
|
def initialize(resource)
|
232
256
|
super(resource)
|
233
|
-
@
|
257
|
+
@group = 'NetworkTargetGroup'
|
234
258
|
@namespace = 'AWS/NetworkELB'
|
235
259
|
@dimensions = {
|
236
260
|
TargetGroup: resource['Id'],
|
@@ -242,7 +266,7 @@ module CfnGuardian
|
|
242
266
|
class RedshiftClusterAlarm < Alarm
|
243
267
|
def initialize(resource)
|
244
268
|
super(resource)
|
245
|
-
@
|
269
|
+
@group = 'RedshiftCluster'
|
246
270
|
@namespace = 'AWS/Redshift'
|
247
271
|
@dimensions = { ClusterIdentifier: resource['Id'] }
|
248
272
|
end
|
@@ -251,7 +275,7 @@ module CfnGuardian
|
|
251
275
|
class RDSClusterInstanceAlarm < Alarm
|
252
276
|
def initialize(resource)
|
253
277
|
super(resource)
|
254
|
-
@
|
278
|
+
@group = 'RDSClusterInstance'
|
255
279
|
@namespace = 'AWS/RDS'
|
256
280
|
@dimensions = { DBInstanceIdentifier: resource['Id'] }
|
257
281
|
end
|
@@ -260,7 +284,7 @@ module CfnGuardian
|
|
260
284
|
class RDSInstanceAlarm < Alarm
|
261
285
|
def initialize(resource)
|
262
286
|
super(resource)
|
263
|
-
@
|
287
|
+
@group = 'RDSInstance'
|
264
288
|
@namespace = 'AWS/RDS'
|
265
289
|
@dimensions = { DBInstanceIdentifier: resource['Id'] }
|
266
290
|
end
|
@@ -269,7 +293,7 @@ module CfnGuardian
|
|
269
293
|
class SqlAlarm < Alarm
|
270
294
|
def initialize(resource)
|
271
295
|
super(resource)
|
272
|
-
@
|
296
|
+
@group = 'Sql'
|
273
297
|
@namespace = 'SQL'
|
274
298
|
@dimensions = { Host: resource['Id'] }
|
275
299
|
@treat_missing_data = 'breaching'
|
@@ -280,7 +304,7 @@ module CfnGuardian
|
|
280
304
|
class SQSQueueAlarm < Alarm
|
281
305
|
def initialize(resource)
|
282
306
|
super(resource)
|
283
|
-
@
|
307
|
+
@group = 'SQSQueue'
|
284
308
|
@namespace = 'AWS/SQS'
|
285
309
|
@dimensions = { QueueName: resource['Id'] }
|
286
310
|
@statistic = 'Average'
|
@@ -288,5 +312,43 @@ module CfnGuardian
|
|
288
312
|
end
|
289
313
|
end
|
290
314
|
|
315
|
+
class LogGroupAlarm < Alarm
|
316
|
+
def initialize(resource)
|
317
|
+
super(resource)
|
318
|
+
@group = 'LogGroup'
|
319
|
+
@namespace = "MetricFilters"
|
320
|
+
@statistic = 'Sum'
|
321
|
+
@threshold = 1
|
322
|
+
@period = 300
|
323
|
+
@alarm_action = 'Informational'
|
324
|
+
end
|
325
|
+
end
|
326
|
+
|
327
|
+
class SFTPAlarm < Alarm
|
328
|
+
def initialize(resource)
|
329
|
+
super(resource)
|
330
|
+
@group = 'SFTP'
|
331
|
+
@namespace = 'SftpCheck'
|
332
|
+
@period = 300
|
333
|
+
@comparison_operator = 'LessThanThreshold'
|
334
|
+
@threshold = 1
|
335
|
+
@dimensions = { Host: resource['Id'], User: resource['User'] }
|
336
|
+
end
|
337
|
+
end
|
338
|
+
|
339
|
+
class TLSAlarm < Alarm
|
340
|
+
def initialize(resource)
|
341
|
+
super(resource)
|
342
|
+
@group = 'TLS'
|
343
|
+
@namespace = 'TLSVersionCheck'
|
344
|
+
@period = 300
|
345
|
+
@port = resource.fetch('Port', 443)
|
346
|
+
@dimensions = { Endpoint: "#{resource['Id']}:#{@port}" }
|
347
|
+
@comparison_operator = 'LessThanThreshold'
|
348
|
+
@threshold = 1
|
349
|
+
@evaluation_periods = 1
|
350
|
+
end
|
351
|
+
end
|
352
|
+
|
291
353
|
end
|
292
354
|
end
|
@@ -5,51 +5,84 @@ module CfnGuardian
|
|
5
5
|
class Check
|
6
6
|
|
7
7
|
attr_reader :type
|
8
|
-
attr_accessor :
|
8
|
+
attr_accessor :group,
|
9
9
|
:name,
|
10
|
+
:package,
|
10
11
|
:handler,
|
11
12
|
:version,
|
12
13
|
:runtime,
|
13
|
-
:environment
|
14
|
+
:environment,
|
15
|
+
:subnets,
|
16
|
+
:vpc
|
14
17
|
|
15
18
|
def initialize(resource)
|
16
19
|
@type = 'Check'
|
17
|
-
@
|
20
|
+
@group = nil
|
18
21
|
@name = nil
|
19
22
|
@package = nil
|
20
23
|
@handler = nil
|
21
24
|
@version = nil
|
22
25
|
@runtime = nil
|
23
26
|
@environment = ''
|
24
|
-
|
25
|
-
|
26
|
-
def to_h
|
27
|
-
Hash[instance_variables.map { |name| [name[1..-1].to_sym, instance_variable_get(name)] } ]
|
27
|
+
@subnets = nil
|
28
|
+
@vpc = nil
|
28
29
|
end
|
29
30
|
end
|
30
31
|
|
31
32
|
class HttpCheck < Check
|
32
33
|
def initialize(resource)
|
33
34
|
super(resource)
|
34
|
-
@
|
35
|
+
@group = 'Http'
|
35
36
|
@name = 'HttpCheck'
|
36
|
-
@package = '
|
37
|
-
@handler = 'handler.
|
38
|
-
@version = '
|
37
|
+
@package = 'http-check'
|
38
|
+
@handler = 'handler.http_check'
|
39
|
+
@version = '0bc33e51abb1f27729ecb170611bf6b440e71a0e'
|
40
|
+
@runtime = 'python3.7'
|
41
|
+
end
|
42
|
+
end
|
43
|
+
|
44
|
+
class InternalHttpCheck < HttpCheck
|
45
|
+
def initialize(resource)
|
46
|
+
super(resource)
|
47
|
+
@group = 'InternalHttp'
|
48
|
+
@name = 'InternalHttpCheck'
|
49
|
+
@subnets = resource['Subnets']
|
50
|
+
@vpc = resource['VpcId']
|
51
|
+
@environment = resource['Environment']
|
52
|
+
end
|
53
|
+
end
|
54
|
+
|
55
|
+
class PortCheck < Check
|
56
|
+
def initialize(resource)
|
57
|
+
super(resource)
|
58
|
+
@group = 'Port'
|
59
|
+
@name = 'PortCheck'
|
60
|
+
@package = 'port-check'
|
61
|
+
@handler = 'handler.port_check'
|
62
|
+
@version = '356203b2a720ba0730622f978e677b88f8d0c328'
|
39
63
|
@runtime = 'python3.6'
|
40
64
|
end
|
41
65
|
end
|
42
66
|
|
67
|
+
class InternalPortCheck < PortCheck
|
68
|
+
def initialize(resource)
|
69
|
+
super(resource)
|
70
|
+
@group = 'InternalPort'
|
71
|
+
@name = 'InternalPortCheck'
|
72
|
+
@subnets = resource['Subnets']
|
73
|
+
@vpc = resource['VpcId']
|
74
|
+
@environment = resource['Environment']
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
43
78
|
class NrpeCheck < Check
|
44
|
-
attr_accessor :subnets, :vpc
|
45
|
-
|
46
79
|
def initialize(resource)
|
47
80
|
super(resource)
|
48
|
-
@
|
81
|
+
@group = 'Nrpe'
|
49
82
|
@name = 'NrpeCheck'
|
50
83
|
@package = 'aws-lambda-nrpe-check'
|
51
84
|
@handler = 'main'
|
52
|
-
@version = '
|
85
|
+
@version = 'aa51a0ad497a6c012a3639da0eb3446e4c0f9540'
|
53
86
|
@runtime = 'go1.x'
|
54
87
|
@subnets = resource['Subnets']
|
55
88
|
@vpc = resource['VpcId']
|
@@ -60,37 +93,46 @@ module CfnGuardian
|
|
60
93
|
class SslCheck < Check
|
61
94
|
def initialize(resource)
|
62
95
|
super(resource)
|
63
|
-
@
|
96
|
+
@group = 'Ssl'
|
64
97
|
@name = 'SslCheck'
|
65
98
|
@package = 'aws-lambda-ssl-check'
|
66
99
|
@handler = 'main'
|
67
|
-
@version = '
|
100
|
+
@version = 'a25fd4006d1f95c06f3c098188543f5eea1986da'
|
68
101
|
@runtime = 'go1.x'
|
69
102
|
end
|
70
103
|
end
|
71
104
|
|
105
|
+
class InternalSslCheck < SslCheck
|
106
|
+
def initialize(resource)
|
107
|
+
super(resource)
|
108
|
+
@group = 'InternalSsl'
|
109
|
+
@name = 'InternalSslCheck'
|
110
|
+
@subnets = resource['Subnets']
|
111
|
+
@vpc = resource['VpcId']
|
112
|
+
@environment = resource['Environment']
|
113
|
+
end
|
114
|
+
end
|
115
|
+
|
72
116
|
class DomainExpiryCheck < Check
|
73
117
|
def initialize(resource)
|
74
118
|
super(resource)
|
75
|
-
@
|
119
|
+
@group = 'DomainExpiry'
|
76
120
|
@name = 'DomainExpiryCheck'
|
77
121
|
@package = 'aws-lambda-dns-check'
|
78
122
|
@handler = 'main'
|
79
|
-
@version = '
|
123
|
+
@version = '9db96ca32379faddc47e55849b7e296b7b70a48e'
|
80
124
|
@runtime = 'go1.x'
|
81
125
|
end
|
82
126
|
end
|
83
127
|
|
84
128
|
class SqlCheck < Check
|
85
|
-
attr_accessor :subnets, :vpc
|
86
|
-
|
87
129
|
def initialize(resource)
|
88
130
|
super(resource)
|
89
|
-
@
|
131
|
+
@group = 'Sql'
|
90
132
|
@name = 'SqlCheck'
|
91
133
|
@package = 'aws-lambda-sql-check'
|
92
134
|
@handler = 'main'
|
93
|
-
@version = '
|
135
|
+
@version = '83bd6399c0376c98df90dd5f29e49d629c556cee'
|
94
136
|
@runtime = 'go1.x'
|
95
137
|
@subnets = resource['Subnets']
|
96
138
|
@vpc = resource['VpcId']
|
@@ -101,14 +143,49 @@ module CfnGuardian
|
|
101
143
|
class ContainerInstanceCheck < Check
|
102
144
|
def initialize(resource)
|
103
145
|
super(resource)
|
104
|
-
@
|
146
|
+
@group = 'ContainerInstance'
|
105
147
|
@name = 'ContainerInstanceCheck'
|
106
|
-
@package = '
|
148
|
+
@package = 'ecs-containder-instance-check'
|
107
149
|
@handler = 'handler.run_check'
|
108
|
-
@version = '
|
150
|
+
@version = '4f650d5846d6e8d19f0139bccdeeb147f03f0dd6'
|
109
151
|
@runtime = 'python3.6'
|
110
152
|
end
|
111
153
|
end
|
154
|
+
|
155
|
+
class TLSCheck < Check
|
156
|
+
def initialize(resource)
|
157
|
+
super(resource)
|
158
|
+
@group = 'TLS'
|
159
|
+
@name = 'TLSCheck'
|
160
|
+
@package = 'tls-version-check'
|
161
|
+
@handler = 'handler.run_check'
|
162
|
+
@version = 'de83afdde0d976364af37ad7552a8496c3c94ab5'
|
163
|
+
@runtime = 'python3.7'
|
164
|
+
end
|
165
|
+
end
|
166
|
+
|
167
|
+
class SFTPCheck < Check
|
168
|
+
def initialize(resource)
|
169
|
+
super(resource)
|
170
|
+
@group = 'SFTP'
|
171
|
+
@name = 'SFTPCheck'
|
172
|
+
@package = 'sftp-check'
|
173
|
+
@handler = 'handler.sftp_check'
|
174
|
+
@version = '987e71f2607347e13e3f156535059d6d3ce1ceed'
|
175
|
+
@runtime = 'python3.7'
|
176
|
+
end
|
177
|
+
end
|
178
|
+
|
179
|
+
class InternalSFTPCheck < SFTPCheck
|
180
|
+
def initialize(resource)
|
181
|
+
super(resource)
|
182
|
+
@group = 'InternalSFTP'
|
183
|
+
@name = 'InternalSFTPCheck'
|
184
|
+
@subnets = resource['Subnets']
|
185
|
+
@vpc = resource['VpcId']
|
186
|
+
@environment = resource['Environment']
|
187
|
+
end
|
188
|
+
end
|
112
189
|
|
113
190
|
end
|
114
191
|
end
|