cfn-guardian 0.1.0 → 0.6.3

data/lib/cfnguardian/config/defaults.yaml

@@ -0,0 +1,103 @@
+Resources:
+  AmazonMQBroker:
+  - Id: Default
+  AmazonMQRabbitMQBroker:
+  - Id: Default
+  AmazonMQRabbitMQNode:
+  - Id: Default
+    Node: Default
+  AmazonMQRabbitMQQueue:
+  - Id: Default
+    Queue: Default
+    Vhost: Default
+  ApiGateway:
+  - Id: Default
+  ApplicationTargetGroup:
+  - Id: Default
+    LoadBalancer: Default
+  AutoScalingGroup:
+  - Id: Default
+  CloudFrontDistribution:
+  - Id: Default
+  DomainExpiry:
+  - Id: Default
+  DynamoDBTable:
+  - Id: Default
+  Ec2Instance:
+  - Id: Default
+  ECSCluster:
+  - Id: Default
+  ECSService:
+  - Id: Default
+    Cluster: Default
+  ElasticFileSystem:
+  - Id: Default
+  ElasticLoadBalancer:
+  - Id: Default
+  ElastiCacheReplicationGroup:
+  - Id: Default
+  Http:
+  - Id: Default
+    StatusCode: 200
+    Ssl: true
+    BodyRegex: Default
+  InternalHttp:
+  - Environment: Default
+    VpcId: vpc-default
+    Subnets:
+    - subnet-default
+    Hosts:
+    - Id: Default
+      StatusCode: 200
+      BodyRegex: Default
+  Port:
+  - Id: Default
+    Port: 0
+  InternalPort:
+  - Environment: Default
+    VpcId: vpc-default
+    Subnets:
+    - subnet-default
+    Hosts:
+    - Id: Default
+      Port: 0
+  Lambda:
+  - Id: Default
+  LogGroup:
+  - Id: Default
+    MetricFilters:
+    - MetricName: Default
+      Pattern: Default
+  NetworkTargetGroup:
+  - Id: Default
+    LoadBalancer: Default
+  Nrpe:
+  - Environment: Default
+    VpcId: vpc-default
+    Subnets:
+    - subnet-default
+    Hosts:
+    - Id: Default
+      Commands:
+      - default
+  RDSClusterInstance:
+  - Id: Default
+  RDSInstance:
+  - Id: Default
+  RedshiftCluster:
+  - Id: Default
+  Sql:
+  - Environment: Default
+    VpcId: vpc-default
+    Subnets:
+    - subnet-default
+    Hosts:
+    - Id: Default
+      SecretId: Default
+      Engine: default
+      Queries:
+      - MetricName: Default
+        Query: Default
+  SQSQueue:
+  - Id: Default
+  

data/lib/cfnguardian/deploy.rb

@@ -7,27 +7,13 @@ module CfnGuardian
   class Deploy
     include Logging
 
-    def initialize(opts,bucket)
+    def initialize(opts,bucket,parameters)
       @stack_name = opts.fetch(:stack_name,'guardian')
       @bucket = bucket
       @prefix = @stack_name
       @template_path = "out/guardian.compiled.yaml"
       @template_url = "https://#{@bucket}.s3.amazonaws.com/#{@prefix}/guardian.compiled.yaml"
-      @parameters = {}
-      
-      config = YAML.load_file(opts[:config])
-      if config.has_key?('Topics')
-        @parameters['Critical'] = config['Topics'].fetch('Critical','')
-        @parameters['Warning'] = config['Topics'].fetch('Warning','')
-        @parameters['Task'] = config['Topics'].fetch('Task','')
-        @parameters['Informational'] = config['Topics'].fetch('Informational','')
-      end
-
-      @parameters['Critical'] = opts.fetch(:sns_critical,@parameters['Critical'])
-      @parameters['Warning'] = opts.fetch(:sns_warning,@parameters['Warning'])
-      @parameters['Task'] = opts.fetch(:sns_task,@parameters['Task'])
-      @parameters['Informational'] = opts.fetch(:sns_informational,@parameters['Informational'])
-      
+      @parameters = parameters
       @client = Aws::CloudFormation::Client.new()
     end
 

data/lib/cfnguardian/display_formatter.rb

@@ -0,0 +1,163 @@
+require 'cfnguardian/cloudwatch'
+require 'cfnguardian/string'
+require 'time'
+
+module CfnGuardian
+  class DisplayFormatter
+    
+    def initialize(alarms=[])
+      @alarms = alarms
+    end  
+    
+    def alarms()
+      resp = []
+      
+      @alarms.each do |alarm|
+        alarm_name = CfnGuardian::CloudWatch.get_alarm_name(alarm)
+        rows = [
+          ['ResourceId', alarm.resource_id],
+          ['ResourceHash', alarm.resource_hash],
+          ['ResourceName', alarm.resource_name],
+          ['Enabled', alarm.enabled],
+          ['MetricName', alarm.metric_name],
+          ['Dimensions', alarm.dimensions],
+          ['Threshold', alarm.threshold],
+          ['Period', alarm.period],
+          ['EvaluationPeriods', alarm.evaluation_periods],
+          ['ComparisonOperator', alarm.comparison_operator],
+          ['Statistic', alarm.statistic],
+          ['ActionsEnabled', alarm.actions_enabled],
+          ['DatapointsToAlarm', alarm.datapoints_to_alarm],
+          ['ExtendedStatistic', alarm.extended_statistic],
+          ['EvaluateLowSampleCountPercentile', alarm.evaluate_low_sample_count_percentile],
+          ['Unit', alarm.unit],
+          ['AlarmAction', alarm.alarm_action],
+          ['TreatMissingData', alarm.treat_missing_data]
+        ]
+        
+        rows.select! {|row| !row[1].nil?}
+        
+        resp << {
+          title: "#{alarm.group}::#{alarm.name}".green + "\n" + alarm_name.green,
+          rows: rows
+        }
+      end
+      
+      return resp
+    end
+    
+    def compare_alarms(metric_alarms)      
+      resp = []
+      
+      @alarms.each do |alarm|
+        alarm_name = CfnGuardian::CloudWatch.get_alarm_name(alarm)
+        metric_alarm = metric_alarms.find {|ma| ma.alarm_name.include? alarm_name}
+        dimensions = metric_alarm.dimensions.map {|dim| {dim.name.to_sym => dim.value}}.inject(:merge)
+        
+        rows = [
+          ['ResourceId', alarm.resource_id, alarm.resource_id],
+          ['ResourceHash', alarm.resource_hash, alarm.resource_hash],
+          ['ResourceName', alarm.resource_name, alarm.resource_name],
+          ['Enabled', alarm.enabled, true],
+          ['MetricName', alarm.metric_name, metric_alarm.metric_name],
+          ['Dimensions', alarm.dimensions, dimensions],
+          ['Threshold', alarm.threshold.to_f, metric_alarm.threshold],
+          ['Period', alarm.period, metric_alarm.period],
+          ['EvaluationPeriods', alarm.evaluation_periods, metric_alarm.evaluation_periods],
+          ['ComparisonOperator', alarm.comparison_operator, metric_alarm.comparison_operator],
+          ['Statistic', alarm.statistic, metric_alarm.statistic],
+          ['ActionsEnabled', alarm.actions_enabled, metric_alarm.actions_enabled],
+          ['DatapointsToAlarm', alarm.datapoints_to_alarm, metric_alarm.datapoints_to_alarm],
+          ['ExtendedStatistic', alarm.extended_statistic, metric_alarm.extended_statistic],
+          ['EvaluateLowSampleCountPercentile', alarm.evaluate_low_sample_count_percentile, metric_alarm.evaluate_low_sample_count_percentile],
+          ['Unit', alarm.unit, metric_alarm.unit],
+          ['TreatMissingData', alarm.treat_missing_data, metric_alarm.treat_missing_data],
+          ['AlarmAction', alarm.alarm_action, alarm.alarm_action]
+        ]
+        
+        rows.select! {|row| !row[1].nil?}.each {|row| colour_compare_row(row)}
+        
+        if has_config_difference?(rows)
+          resp << {
+            title: "#{alarm.group}::#{alarm.name}".green + "\n" + alarm_name.green,
+            rows: rows
+          }
+        end
+      end
+      
+      return resp
+    end
+    
+    def alarm_state(metric_alarms)
+      rows = []
+      
+      metric_alarms.each do |ma|      
+        if ma.state_value == 'ALARM'
+          state_value = ma.state_value.to_s.red
+        elsif ma.state_value == 'INSUFFICIENT_DATA'
+          state_value = ma.state_value.to_s.yellow
+        else
+          state_value = ma.state_value.to_s.green
+        end
+        
+        rows << [
+          ma.alarm_name, 
+          state_value, 
+          ma.state_updated_timestamp.localtime,
+          ma.actions_enabled ? 'ENABLED'.green : 'DISABLED'.red
+        ]
+      end
+      # sort by state_value
+      return rows.sort_by {|r| r[3]}
+    end
+    
+    def alarm_history(history,type)
+      rows = []
+      line_width = 100
+      
+      history.each do |item|
+        data = JSON.load(item.history_data)
+        
+        case type
+        when "StateUpdate" 
+          rows << [
+            item.timestamp.localtime, 
+            item.history_summary,
+            data['newState']['stateReason'].word_wrap
+          ]
+        when "ConfigurationUpdate"
+          updated = []
+          if data['type'] == 'Update'
+            data['originalUpdatedFields'].each do |k,v|
+              unless k == 'alarmConfigurationUpdatedTimestamp'
+                updated << "#{k}: #{v} -> #{data['updatedAlarm'][k]}"
+              end
+            end
+          end        
+          rows << [
+            item.timestamp.localtime, 
+            data['type'],
+            updated.join("\n").word_wrap
+          ]
+        end
+      end
+      
+      return rows
+    end
+    
+    private
+    
+    def has_config_difference?(rows)
+      rows.each do |row| 
+        unless row[1].eql?(row[2])
+          return true
+        end
+      end
+      return false 
+    end
+    
+    def colour_compare_row(row)
+      return row[1].eql?(row[2]) ? row.map! {|r| r.to_s.green} : row.map! {|r| r.to_s.red}
+    end
+  end
+end

data/lib/cfnguardian/drift.rb

@@ -0,0 +1,79 @@
+require 'aws-sdk-cloudformation'
+
+module CfnGuardian
+  class Drift
+    
+    def initialize(stack)
+      @stack = stack
+      @client = Aws::CloudFormation::Client.new()
+    end
+    
+    def find_nested_stacks
+      stacks = []
+      resp = @client.describe_stack_resources({
+        stack_name: @stack
+      })
+      resp.stack_resources.each do |r|
+        if r.resource_type == 'AWS::CloudFormation::Stack'
+          stacks << r.physical_resource_id
+        end
+      end
+      return stacks
+    end
+    
+    def detect_drift(stack)
+      resp = @client.detect_stack_drift({
+        stack_name: stack
+      })
+      wait_for_dirft_detection(resp.stack_drift_detection_id)
+    end
+    
+    def wait_for_dirft_detection(id,count=0)
+      resp = @client.describe_stack_drift_detection_status({
+        stack_drift_detection_id: id
+      })
+      if resp.detection_status == 'DETECTION_IN_PROGRESS' && count < 10
+        sleep(2)
+        count += 1
+        wait_for_dirft_detection(id,count)
+      end
+    end
+    
+    def get_drift(stack)
+      rows = []
+      resp = @client.describe_stack_resource_drifts({
+        stack_name: stack,
+        stack_resource_drift_status_filters: ["MODIFIED", "DELETED"]
+      })
+      
+      if resp.stack_resource_drifts.any?
+        resp.stack_resource_drifts.each do |drift|
+          next if drift.resource_type != 'AWS::CloudWatch::Alarm'
+          
+          if drift.stack_resource_drift_status == 'MODIFIED'
+            drift.property_differences.each do |diff|
+              rows << [
+                drift.physical_resource_id,
+                diff.property_path,
+                diff.expected_value,
+                diff.actual_value,
+                diff.difference_type
+              ]
+            end
+          elsif drift.stack_resource_drift_status == 'DELETED'
+            rows << [
+              drift.physical_resource_id.red,
+              "",
+              "",
+              "",
+              drift.stack_resource_drift_status.red
+            ]
+          end
+        end
+      end
+      
+      return rows
+    end
+    
+  end
+end

data/lib/cfnguardian/error.rb

@@ -0,0 +1,4 @@
+module CfnGuardian
+    class ValidationError < StandardError
+    end
+end

data/lib/cfnguardian/log.rb

@@ -13,7 +13,6 @@ module Logging
     
     def logger
       @logger ||= Logger.new($stdout)
-      @logger.level = Logger::DEBUG
       @logger.formatter = proc do |severity, datetime, progname, msg|
         "\e[#{colors[severity.to_sym]}m#{severity}: #{msg}\e[0m\n"
       end

data/lib/cfnguardian/models/alarm.rb

@@ -1,11 +1,14 @@
 require 'cfnguardian/string'
+require 'digest/md5'
 
 module CfnGuardian
   module Models
-    class Alarm
+    class BaseAlarm
       
-      attr_reader :type
-      attr_accessor :class,
+      attr_reader :type,
+        :resource_hash
+        
+      attr_accessor :group,
         :name,
         :metric_name,
         :namespace,
@@ -17,21 +20,24 @@ module CfnGuardian
         :statistic,
         :actions_enabled,
         :enabled,
-        :resource,
+        :resource_id,
+        :resource_name,
         :alarm_action,
         :treat_missing_data,
         :datapoints_to_alarm,
         :extended_statistic,
         :evaluate_low_sample_count_percentile,
-        :unit
+        :unit,
+        :maintenance_groups,
+        :additional_notifiers
       
       def initialize(resource)
         @type = 'Alarm'
-        @class = nil
+        @group = nil
         @name = ''
         @metric_name = nil
         @namespace = nil
-        @dimensions = {}
+        @dimensions = nil
         @threshold = 0
         @period = 60
         @evaluation_periods = 1
@@ -43,37 +49,35 @@ module CfnGuardian
         @evaluate_low_sample_count_percentile = nil
         @unit = nil
         @enabled = true
-        @resource_name = Digest::MD5.hexdigest resource['Id']
-        @resource = resource['Id']
+        @resource_hash = Digest::MD5.hexdigest resource['Id']
+        @resource_id = resource['Id']
+        @resource_name = resource.fetch('Name', nil)
         @alarm_action = 'Critical'
         @treat_missing_data = nil
+        @maintenance_groups = []
+        @additional_notifiers = []
       end
       
       def metric_name=(metric_name)
         raise ArgumentError.new("metric_name '#{metric_name}' must be of type String, provided type '#{metric_name.class}'") unless metric_name.is_a?(String)
         @metric_name=metric_name
-      end
-      
-      def to_h
-        Hash[instance_variables.map { |name| [name[1..-1].to_sym, instance_variable_get(name)] } ]
-      end
-      
+      end      
     end
     
     
-    class ApiGatewayAlarm < Alarm
+    class ApiGatewayAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'ApiGateway'
+        @group = 'ApiGateway'
         @namespace = 'AWS/ApiGateway'
         @dimensions = { ApiName: resource['Id'] }
       end
     end
     
-    class ApplicationTargetGroupAlarm < Alarm
+    class ApplicationTargetGroupAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'ApplicationTargetGroup'
+        @group = 'ApplicationTargetGroup'
         @namespace = 'AWS/ApplicationELB'
         @dimensions = { 
           TargetGroup: resource['Id'],
@@ -82,19 +86,53 @@ module CfnGuardian
       end
     end
     
-    class AmazonMQBrokerAlarm < Alarm
+    class AmazonMQBrokerAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'AmazonMQBroker'
+        @namespace = 'AWS/AmazonMQ'
+        @dimensions = { Broker: resource['Id'] }
+      end
+    end
+
+    class AmazonMQRabbitMQBrokerAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'AmazonMQBroker'
+        @group = 'AmazonMQRabbitMQBroker'
         @namespace = 'AWS/AmazonMQ'
         @dimensions = { Broker: resource['Id'] }
       end
     end
+
+    class AmazonMQRabbitMQNodeAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'AmazonMQRabbitMQNode'
+        @namespace = 'AWS/AmazonMQ'
+        @dimensions = { 
+          Broker: resource['Id'],
+          Node: resource['Node']
+        }
+      end
+    end
+
+    class AmazonMQRabbitMQQueueAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'AmazonMQRabbitMQQueue'
+        @namespace = 'AWS/AmazonMQ'
+        @dimensions = { 
+          Broker: resource['Id'],
+          Queue: resource['Queue'],
+          VirtualHost: resource['Vhost']
+        }
+      end
+    end
     
-    class CloudFrontDistributionAlarm < Alarm
+    class CloudFrontDistributionAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'CloudFrontDistribution'
+        @group = 'CloudFrontDistribution'
         @namespace = 'AWS/CloudFront'
         @dimensions = { 
           DistributionId: resource['Id'],
@@ -105,47 +143,47 @@ module CfnGuardian
       end
     end
     
-    class AutoScalingGroupAlarm < Alarm
+    class AutoScalingGroupAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'AutoScalingGroup'
+        @group = 'AutoScalingGroup'
         @namespace = 'AWS/EC2'
         @dimensions = { AutoScalingGroupName: resource['Id'] }
       end
     end
     
-    class DomainExpiryAlarm < Alarm
+    class DomainExpiryAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'DomainExpiry'
+        @group = 'DomainExpiry'
         @namespace = 'DNS'
         @dimensions = { Domain: resource['Id'] }
         @comparison_operator = 'LessThanThreshold'
       end
     end
     
-    class DynamoDBTableAlarm < Alarm
+    class DynamoDBTableAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'DynamoDBTable'
+        @group = 'DynamoDBTable'
         @namespace = 'AWS/DynamoDB'
         @dimensions = { TableName: resource['Id'] }
       end
     end
     
-    class Ec2InstanceAlarm < Alarm
+    class Ec2InstanceAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'Ec2Instance'
+        @group = 'Ec2Instance'
         @namespace = 'AWS/EC2'
         @dimensions = { InstanceId: resource['Id'] }
       end
     end
     
-    class ECSClusterAlarm < Alarm
+    class ECSClusterAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'ECSCluster'
+        @group = 'ECSCluster'
         @namespace = 'AWS/ECS'
         @dimensions = { ClusterName: resource['Id'] }
         @threshold = 75
@@ -154,10 +192,10 @@ module CfnGuardian
       end
     end
     
-    class ECSServiceAlarm < Alarm
+    class ECSServiceAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'ECSService'
+        @group = 'ECSService'
         @namespace = 'AWS/ECS'
         @dimensions = {
           ServiceName: resource['Id'],
@@ -166,37 +204,37 @@ module CfnGuardian
       end
     end
     
-    class ElastiCacheReplicationGroupAlarm < Alarm
+    class ElastiCacheReplicationGroupAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'ElastiCacheReplicationGroup'
+        @group = 'ElastiCacheReplicationGroup'
         @namespace = 'AWS/ElastiCache'
         @dimensions = { CacheClusterId: resource['Id'] }
       end
     end
     
-    class ElasticLoadBalancerAlarm < Alarm
+    class ElasticLoadBalancerAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'ElasticLoadBalancer'
+        @group = 'ElasticLoadBalancer'
         @namespace = 'AWS/ELB'
         @dimensions = { LoadBalancerName: resource['Id'] }
       end
     end
     
-    class ElasticFileSystemAlarm < Alarm
+    class ElasticFileSystemAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'ElasticFileSystem'
+        @group = 'ElasticFileSystem'
         @namespace = 'AWS/EFS'
         @dimensions = { FileSystemId: resource['Id'] }
       end
     end
     
-    class HttpAlarm < Alarm
+    class HttpAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'Http'
+        @group = 'Http'
         @namespace = 'HttpCheck'
         @dimensions = { Endpoint: resource['Id'] }
         @comparison_operator = 'LessThanThreshold'
@@ -204,11 +242,51 @@ module CfnGuardian
         @evaluation_periods = 2
       end
     end
+
+    class InternalHttpAlarm < HttpAlarm
+      def initialize(resource)
+        super(resource)
+      end
+    end
+
+    class PortAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'Port'
+        @namespace = 'TcpPortCheck'
+        @dimensions = { Endpoint: "#{resource['Id']}:#{resource['Port']}" }
+        @comparison_operator = 'LessThanThreshold'
+        @threshold = 1
+        @evaluation_periods = 2
+      end
+    end
+
+    class InternalPortAlarm < PortAlarm
+      def initialize(resource)
+        super(resource)
+      end
+    end
     
-    class NrpeAlarm < Alarm
+    class SslAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'Ssl'
+        @namespace = 'SSL'
+        @dimensions = { URL: resource['Id'] }
+        @comparison_operator = 'LessThanThreshold'
+      end
+    end
+
+    class InternalSslAlarm < SslAlarm
+      def initialize(resource)
+        super(resource)
+      end
+    end
+    
+    class NrpeAlarm < BaseAlarm
       def initialize(resource,environment)
         super(resource)
-        @class = 'Nrpe'
+        @group = 'Nrpe'
         @namespace = 'NRPE'
         @dimensions = { Host: "#{environment}-#{resource['Id']}" }
         @treat_missing_data = 'breaching'
@@ -216,10 +294,10 @@ module CfnGuardian
       end
     end
 
-    class LambdaAlarm < Alarm
+    class LambdaAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'Lambda'
+        @group = 'Lambda'
         @namespace = 'AWS/Lambda'
         @dimensions = { FunctionName: resource['Id'] }
         @statistic = 'Average'
@@ -227,10 +305,10 @@ module CfnGuardian
       end
     end
     
-    class NetworkTargetGroupAlarm < Alarm
+    class NetworkTargetGroupAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'NetworkTargetGroup'
+        @group = 'NetworkTargetGroup'
         @namespace = 'AWS/NetworkELB'
         @dimensions = { 
           TargetGroup: resource['Id'],
@@ -239,37 +317,37 @@ module CfnGuardian
       end
     end
     
-    class RedshiftClusterAlarm < Alarm
+    class RedshiftClusterAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'RedshiftCluster'
+        @group = 'RedshiftCluster'
         @namespace = 'AWS/Redshift'
         @dimensions = { ClusterIdentifier: resource['Id'] }
       end
     end
     
-    class RDSClusterInstanceAlarm < Alarm
+    class RDSClusterInstanceAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'RDSClusterInstance'
+        @group = 'RDSClusterInstance'
         @namespace = 'AWS/RDS'
         @dimensions = { DBInstanceIdentifier: resource['Id'] }
       end
     end
     
-    class RDSInstanceAlarm < Alarm
+    class RDSInstanceAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'RDSInstance'
+        @group = 'RDSInstance'
         @namespace = 'AWS/RDS'
         @dimensions = { DBInstanceIdentifier: resource['Id'] }
       end
     end
     
-    class SqlAlarm < Alarm
+    class SqlAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'Sql'
+        @group = 'Sql'
         @namespace = 'SQL'
         @dimensions = { Host: resource['Id'] }
         @treat_missing_data = 'breaching'
@@ -277,10 +355,10 @@ module CfnGuardian
       end
     end
     
-    class SQSQueueAlarm < Alarm
+    class SQSQueueAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
-        @class = 'SQSQueue'
+        @group = 'SQSQueue'
         @namespace = 'AWS/SQS'
         @dimensions = { QueueName: resource['Id'] }
         @statistic = 'Average'
@@ -288,5 +366,61 @@ module CfnGuardian
       end
     end
     
+    class LogGroupAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'LogGroup'
+        @namespace = "MetricFilters"
+        @statistic = 'Sum'
+        @threshold = 1
+        @period = 300
+        @alarm_action = 'Informational'
+      end
+    end
+    
+    class SFTPAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'SFTP'
+        @namespace = 'SftpCheck'
+        @period = 300
+        @comparison_operator = 'LessThanThreshold'
+        @threshold = 1
+        @dimensions = { Host: resource['Id'], User: resource['User'] }
+      end
+    end
+
+    class InternalSFTPAlarm < SFTPAlarm
+      def initialize(resource)
+        super(resource)
+      end
+    end
+    
+    class TLSAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'TLS'
+        @namespace = 'TLSVersionCheck'
+        @period = 300
+        @port = resource.fetch('Port', 443)
+        @dimensions = { Endpoint: "#{resource['Id']}:#{@port}" }
+        @comparison_operator = 'LessThanThreshold'
+        @threshold = 1
+        @evaluation_periods = 1
+      end
+    end
+
+    class AzureFileAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'AzureFile'
+        @namespace = 'FileAgeCheck'
+        @period = 300
+        @comparison_operator = 'GreaterThanThreshold'
+        @threshold = 0
+        @dimensions = { StorageAccount: resource['Id'], StorageContainer: resource['Container'] }
+      end
+    end
+    
   end
 end