cfn-guardian 0.1.0 → 0.6.3
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.dockerignore +1 -0
- data/.github/workflows/build-gem.yml +25 -0
- data/.github/workflows/release-gem.yml +25 -0
- data/.github/workflows/release-image.yml +33 -0
- data/.rspec +1 -0
- data/Dockerfile +19 -0
- data/Gemfile.lock +39 -21
- data/README.md +9 -378
- data/cfn-guardian.gemspec +7 -5
- data/docs/alarm_templates.md +130 -0
- data/docs/cli.md +182 -0
- data/docs/composite_alarms.md +24 -0
- data/docs/custom_checks/azure_file_check.md +28 -0
- data/docs/custom_checks/domain_expiry.md +10 -0
- data/docs/custom_checks/http.md +59 -0
- data/docs/custom_checks/log_group_metric_filters.md +27 -0
- data/docs/custom_checks/nrpe.md +29 -0
- data/docs/custom_checks/port.md +40 -0
- data/docs/custom_checks/sftp.md +73 -0
- data/docs/custom_checks/sql.md +44 -0
- data/docs/custom_checks/tls.md +25 -0
- data/docs/custom_metrics.md +71 -0
- data/docs/event_subscriptions.md +67 -0
- data/docs/maintenance_mode.md +85 -0
- data/docs/notifiers.md +33 -0
- data/docs/overview.md +22 -0
- data/docs/resources.md +93 -0
- data/docs/variables.md +58 -0
- data/lib/cfnguardian.rb +325 -37
- data/lib/cfnguardian/cloudwatch.rb +132 -0
- data/lib/cfnguardian/codecommit.rb +54 -0
- data/lib/cfnguardian/codepipeline.rb +138 -0
- data/lib/cfnguardian/compile.rb +142 -18
- data/lib/cfnguardian/config/defaults.yaml +103 -0
- data/lib/cfnguardian/deploy.rb +2 -16
- data/lib/cfnguardian/display_formatter.rb +163 -0
- data/lib/cfnguardian/drift.rb +79 -0
- data/lib/cfnguardian/error.rb +4 -0
- data/lib/cfnguardian/log.rb +0 -1
- data/lib/cfnguardian/models/alarm.rb +193 -59
- data/lib/cfnguardian/models/check.rb +128 -33
- data/lib/cfnguardian/models/composite.rb +21 -0
- data/lib/cfnguardian/models/event.rb +201 -49
- data/lib/cfnguardian/models/event_subscription.rb +96 -0
- data/lib/cfnguardian/models/metric_filter.rb +28 -0
- data/lib/cfnguardian/resources/amazonmq_rabbitmq.rb +136 -0
- data/lib/cfnguardian/resources/application_targetgroup.rb +2 -0
- data/lib/cfnguardian/resources/azure_file.rb +20 -0
- data/lib/cfnguardian/resources/base.rb +155 -33
- data/lib/cfnguardian/resources/ec2_instance.rb +11 -0
- data/lib/cfnguardian/resources/ecs_service.rb +2 -2
- data/lib/cfnguardian/resources/http.rb +17 -1
- data/lib/cfnguardian/resources/internal_http.rb +74 -0
- data/lib/cfnguardian/resources/internal_port.rb +33 -0
- data/lib/cfnguardian/resources/internal_sftp.rb +58 -0
- data/lib/cfnguardian/resources/log_group.rb +26 -0
- data/lib/cfnguardian/resources/network_targetgroup.rb +1 -0
- data/lib/cfnguardian/resources/port.rb +25 -0
- data/lib/cfnguardian/resources/rds_cluster.rb +14 -0
- data/lib/cfnguardian/resources/rds_instance.rb +73 -0
- data/lib/cfnguardian/resources/redshift_cluster.rb +2 -2
- data/lib/cfnguardian/resources/sftp.rb +50 -0
- data/lib/cfnguardian/resources/sql.rb +3 -3
- data/lib/cfnguardian/resources/tls.rb +66 -0
- data/lib/cfnguardian/s3.rb +3 -2
- data/lib/cfnguardian/stacks/main.rb +94 -72
- data/lib/cfnguardian/stacks/resources.rb +111 -43
- data/lib/cfnguardian/string.rb +12 -0
- data/lib/cfnguardian/version.rb +1 -1
- metadata +133 -10
|
@@ -2,54 +2,91 @@ require 'cfnguardian/string'
|
|
|
2
2
|
|
|
3
3
|
module CfnGuardian
|
|
4
4
|
module Models
|
|
5
|
-
class
|
|
5
|
+
class BaseCheck
|
|
6
6
|
|
|
7
7
|
attr_reader :type
|
|
8
|
-
attr_accessor :
|
|
8
|
+
attr_accessor :group,
|
|
9
9
|
:name,
|
|
10
|
+
:package,
|
|
10
11
|
:handler,
|
|
11
12
|
:version,
|
|
12
13
|
:runtime,
|
|
13
|
-
:environment
|
|
14
|
+
:environment,
|
|
15
|
+
:subnets,
|
|
16
|
+
:vpc,
|
|
17
|
+
:memory,
|
|
18
|
+
:timeout
|
|
14
19
|
|
|
15
20
|
def initialize(resource)
|
|
16
21
|
@type = 'Check'
|
|
17
|
-
@
|
|
22
|
+
@group = nil
|
|
18
23
|
@name = nil
|
|
19
24
|
@package = nil
|
|
20
25
|
@handler = nil
|
|
21
26
|
@version = nil
|
|
22
27
|
@runtime = nil
|
|
23
28
|
@environment = ''
|
|
24
|
-
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
29
|
+
@subnets = nil
|
|
30
|
+
@vpc = nil
|
|
31
|
+
@memory = 128
|
|
32
|
+
@timeout = 120
|
|
28
33
|
end
|
|
29
34
|
end
|
|
30
35
|
|
|
31
|
-
class HttpCheck <
|
|
36
|
+
class HttpCheck < BaseCheck
|
|
32
37
|
def initialize(resource)
|
|
33
38
|
super(resource)
|
|
34
|
-
@
|
|
39
|
+
@group = 'Http'
|
|
35
40
|
@name = 'HttpCheck'
|
|
36
|
-
@package = '
|
|
37
|
-
@handler = 'handler.
|
|
38
|
-
@version = '
|
|
41
|
+
@package = 'http-check'
|
|
42
|
+
@handler = 'handler.http_check'
|
|
43
|
+
@version = 'f739631de74f1a882163b7e584a8b4710ccbc134'
|
|
44
|
+
@runtime = 'python3.7'
|
|
45
|
+
end
|
|
46
|
+
end
|
|
47
|
+
|
|
48
|
+
class InternalHttpCheck < HttpCheck
|
|
49
|
+
def initialize(resource)
|
|
50
|
+
super(resource)
|
|
51
|
+
@group = 'InternalHttp'
|
|
52
|
+
@name = 'InternalHttpCheck'
|
|
53
|
+
@subnets = resource['Subnets']
|
|
54
|
+
@vpc = resource['VpcId']
|
|
55
|
+
@environment = resource['Environment']
|
|
56
|
+
end
|
|
57
|
+
end
|
|
58
|
+
|
|
59
|
+
class PortCheck < BaseCheck
|
|
60
|
+
def initialize(resource)
|
|
61
|
+
super(resource)
|
|
62
|
+
@group = 'Port'
|
|
63
|
+
@name = 'PortCheck'
|
|
64
|
+
@package = 'port-check'
|
|
65
|
+
@handler = 'handler.port_check'
|
|
66
|
+
@version = '356203b2a720ba0730622f978e677b88f8d0c328'
|
|
39
67
|
@runtime = 'python3.6'
|
|
40
68
|
end
|
|
41
69
|
end
|
|
42
70
|
|
|
43
|
-
class
|
|
44
|
-
|
|
45
|
-
|
|
71
|
+
class InternalPortCheck < PortCheck
|
|
72
|
+
def initialize(resource)
|
|
73
|
+
super(resource)
|
|
74
|
+
@group = 'InternalPort'
|
|
75
|
+
@name = 'InternalPortCheck'
|
|
76
|
+
@subnets = resource['Subnets']
|
|
77
|
+
@vpc = resource['VpcId']
|
|
78
|
+
@environment = resource['Environment']
|
|
79
|
+
end
|
|
80
|
+
end
|
|
81
|
+
|
|
82
|
+
class NrpeCheck < BaseCheck
|
|
46
83
|
def initialize(resource)
|
|
47
84
|
super(resource)
|
|
48
|
-
@
|
|
85
|
+
@group = 'Nrpe'
|
|
49
86
|
@name = 'NrpeCheck'
|
|
50
87
|
@package = 'aws-lambda-nrpe-check'
|
|
51
88
|
@handler = 'main'
|
|
52
|
-
@version = '
|
|
89
|
+
@version = 'aa51a0ad497a6c012a3639da0eb3446e4c0f9540'
|
|
53
90
|
@runtime = 'go1.x'
|
|
54
91
|
@subnets = resource['Subnets']
|
|
55
92
|
@vpc = resource['VpcId']
|
|
@@ -57,40 +94,49 @@ module CfnGuardian
|
|
|
57
94
|
end
|
|
58
95
|
end
|
|
59
96
|
|
|
60
|
-
class SslCheck <
|
|
97
|
+
class SslCheck < BaseCheck
|
|
61
98
|
def initialize(resource)
|
|
62
99
|
super(resource)
|
|
63
|
-
@
|
|
100
|
+
@group = 'Ssl'
|
|
64
101
|
@name = 'SslCheck'
|
|
65
102
|
@package = 'aws-lambda-ssl-check'
|
|
66
103
|
@handler = 'main'
|
|
67
|
-
@version = '
|
|
104
|
+
@version = 'a25fd4006d1f95c06f3c098188543f5eea1986da'
|
|
68
105
|
@runtime = 'go1.x'
|
|
69
106
|
end
|
|
70
107
|
end
|
|
71
108
|
|
|
72
|
-
class
|
|
109
|
+
class InternalSslCheck < SslCheck
|
|
73
110
|
def initialize(resource)
|
|
74
111
|
super(resource)
|
|
75
|
-
@
|
|
112
|
+
@group = 'InternalSsl'
|
|
113
|
+
@name = 'InternalSslCheck'
|
|
114
|
+
@subnets = resource['Subnets']
|
|
115
|
+
@vpc = resource['VpcId']
|
|
116
|
+
@environment = resource['Environment']
|
|
117
|
+
end
|
|
118
|
+
end
|
|
119
|
+
|
|
120
|
+
class DomainExpiryCheck < BaseCheck
|
|
121
|
+
def initialize(resource)
|
|
122
|
+
super(resource)
|
|
123
|
+
@group = 'DomainExpiry'
|
|
76
124
|
@name = 'DomainExpiryCheck'
|
|
77
125
|
@package = 'aws-lambda-dns-check'
|
|
78
126
|
@handler = 'main'
|
|
79
|
-
@version = '
|
|
127
|
+
@version = '9db96ca32379faddc47e55849b7e296b7b70a48e'
|
|
80
128
|
@runtime = 'go1.x'
|
|
81
129
|
end
|
|
82
130
|
end
|
|
83
131
|
|
|
84
|
-
class SqlCheck <
|
|
85
|
-
attr_accessor :subnets, :vpc
|
|
86
|
-
|
|
132
|
+
class SqlCheck < BaseCheck
|
|
87
133
|
def initialize(resource)
|
|
88
134
|
super(resource)
|
|
89
|
-
@
|
|
135
|
+
@group = 'Sql'
|
|
90
136
|
@name = 'SqlCheck'
|
|
91
137
|
@package = 'aws-lambda-sql-check'
|
|
92
138
|
@handler = 'main'
|
|
93
|
-
@version = '
|
|
139
|
+
@version = '83bd6399c0376c98df90dd5f29e49d629c556cee'
|
|
94
140
|
@runtime = 'go1.x'
|
|
95
141
|
@subnets = resource['Subnets']
|
|
96
142
|
@vpc = resource['VpcId']
|
|
@@ -98,17 +144,66 @@ module CfnGuardian
|
|
|
98
144
|
end
|
|
99
145
|
end
|
|
100
146
|
|
|
101
|
-
class ContainerInstanceCheck <
|
|
147
|
+
class ContainerInstanceCheck < BaseCheck
|
|
102
148
|
def initialize(resource)
|
|
103
149
|
super(resource)
|
|
104
|
-
@
|
|
150
|
+
@group = 'ContainerInstance'
|
|
105
151
|
@name = 'ContainerInstanceCheck'
|
|
106
|
-
@package = '
|
|
152
|
+
@package = 'ecs-containder-instance-check'
|
|
107
153
|
@handler = 'handler.run_check'
|
|
108
|
-
@version = '
|
|
154
|
+
@version = '4f650d5846d6e8d19f0139bccdeeb147f03f0dd6'
|
|
109
155
|
@runtime = 'python3.6'
|
|
110
156
|
end
|
|
111
157
|
end
|
|
158
|
+
|
|
159
|
+
class TLSCheck < BaseCheck
|
|
160
|
+
def initialize(resource)
|
|
161
|
+
super(resource)
|
|
162
|
+
@group = 'TLS'
|
|
163
|
+
@name = 'TLSCheck'
|
|
164
|
+
@package = 'tls-version-check'
|
|
165
|
+
@handler = 'handler.run_check'
|
|
166
|
+
@version = 'de83afdde0d976364af37ad7552a8496c3c94ab5'
|
|
167
|
+
@runtime = 'python3.7'
|
|
168
|
+
end
|
|
169
|
+
end
|
|
170
|
+
|
|
171
|
+
class SFTPCheck < BaseCheck
|
|
172
|
+
def initialize(resource)
|
|
173
|
+
super(resource)
|
|
174
|
+
@group = 'SFTP'
|
|
175
|
+
@name = 'SFTPCheck'
|
|
176
|
+
@package = 'sftp-check'
|
|
177
|
+
@handler = 'handler.sftp_check'
|
|
178
|
+
@version = '987e71f2607347e13e3f156535059d6d3ce1ceed'
|
|
179
|
+
@runtime = 'python3.7'
|
|
180
|
+
end
|
|
181
|
+
end
|
|
182
|
+
|
|
183
|
+
class InternalSFTPCheck < SFTPCheck
|
|
184
|
+
def initialize(resource)
|
|
185
|
+
super(resource)
|
|
186
|
+
@group = 'InternalSFTP'
|
|
187
|
+
@name = 'InternalSFTPCheck'
|
|
188
|
+
@subnets = resource['Subnets']
|
|
189
|
+
@vpc = resource['VpcId']
|
|
190
|
+
@environment = resource['Environment']
|
|
191
|
+
end
|
|
192
|
+
end
|
|
193
|
+
|
|
194
|
+
class AzureFileCheck < BaseCheck
|
|
195
|
+
def initialize(resource)
|
|
196
|
+
super(resource)
|
|
197
|
+
@group = 'AzureFile'
|
|
198
|
+
@name = 'AzureFileCheck'
|
|
199
|
+
@package = 'azure-file-check'
|
|
200
|
+
@handler = 'handler.file_check'
|
|
201
|
+
@version = 'cc37aa8fe4855570132431611b507274b390f4c1'
|
|
202
|
+
@runtime = 'python3.7'
|
|
203
|
+
@memory = 256
|
|
204
|
+
@timeout = 600
|
|
205
|
+
end
|
|
206
|
+
end
|
|
112
207
|
|
|
113
208
|
end
|
|
114
209
|
end
|
|
@@ -0,0 +1,21 @@
|
|
|
1
|
+
module CfnGuardian
|
|
2
|
+
module Models
|
|
3
|
+
class Composite
|
|
4
|
+
|
|
5
|
+
attr_reader :type
|
|
6
|
+
attr_accessor :name,
|
|
7
|
+
:description,
|
|
8
|
+
:rule,
|
|
9
|
+
:alarm_action
|
|
10
|
+
|
|
11
|
+
def initialize(name,params = {})
|
|
12
|
+
@type = 'Composite'
|
|
13
|
+
@name = name
|
|
14
|
+
@description = params.fetch('Description', '')
|
|
15
|
+
@rule = params.fetch('Rule', 'FALSE')
|
|
16
|
+
@alarm_action = params.fetch('Action', nil)
|
|
17
|
+
end
|
|
18
|
+
|
|
19
|
+
end
|
|
20
|
+
end
|
|
21
|
+
end
|
|
@@ -2,49 +2,36 @@ require 'cfnguardian/string'
|
|
|
2
2
|
|
|
3
3
|
module CfnGuardian
|
|
4
4
|
module Models
|
|
5
|
-
class
|
|
5
|
+
class BaseEvent
|
|
6
6
|
|
|
7
7
|
attr_reader :type
|
|
8
|
-
attr_accessor :
|
|
8
|
+
attr_accessor :group,
|
|
9
9
|
:target,
|
|
10
10
|
:hash,
|
|
11
11
|
:name,
|
|
12
12
|
:cron,
|
|
13
13
|
:enabled,
|
|
14
|
-
:resource
|
|
14
|
+
:resource,
|
|
15
|
+
:environment,
|
|
16
|
+
:payload,
|
|
17
|
+
:ssm_parameters
|
|
15
18
|
|
|
16
19
|
def initialize(resource)
|
|
17
20
|
@type = 'Event'
|
|
18
|
-
@
|
|
21
|
+
@group = nil
|
|
19
22
|
@target = nil
|
|
20
23
|
@hash = Digest::MD5.hexdigest resource['Id']
|
|
21
24
|
@name = @hash
|
|
22
25
|
@cron = "* * * * ? *"
|
|
23
26
|
@enabled = true
|
|
24
27
|
@resource = resource['Id'].to_resource_name
|
|
25
|
-
|
|
26
|
-
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
type: @type,
|
|
30
|
-
class: @class,
|
|
31
|
-
target: @target,
|
|
32
|
-
hash: @hash,
|
|
33
|
-
name: @name,
|
|
34
|
-
cron: @cron,
|
|
35
|
-
enabled: @enabled,
|
|
36
|
-
resource: @resource,
|
|
37
|
-
payload: event_payload()
|
|
38
|
-
}
|
|
39
|
-
end
|
|
40
|
-
|
|
41
|
-
def event_payload
|
|
42
|
-
{}.to_json
|
|
43
|
-
end
|
|
44
|
-
|
|
28
|
+
@environment = ""
|
|
29
|
+
@payload = {}.to_json
|
|
30
|
+
@ssm_parameters = []
|
|
31
|
+
end
|
|
45
32
|
end
|
|
46
33
|
|
|
47
|
-
class HttpEvent <
|
|
34
|
+
class HttpEvent < BaseEvent
|
|
48
35
|
|
|
49
36
|
attr_accessor :endpoint,
|
|
50
37
|
:method,
|
|
@@ -56,7 +43,7 @@ module CfnGuardian
|
|
|
56
43
|
|
|
57
44
|
def initialize(resource)
|
|
58
45
|
super(resource)
|
|
59
|
-
@
|
|
46
|
+
@group = 'Http'
|
|
60
47
|
@name = 'HttpEvent'
|
|
61
48
|
@target = 'HttpCheckFunction'
|
|
62
49
|
@endpoint = resource['Id']
|
|
@@ -66,9 +53,10 @@ module CfnGuardian
|
|
|
66
53
|
@body_regex = resource.fetch('BodyRegex',nil)
|
|
67
54
|
@headers = resource.fetch('Headers',nil)
|
|
68
55
|
@payload = resource.fetch('Payload',nil)
|
|
56
|
+
@compressed = resource.fetch('Compressed',false)
|
|
69
57
|
end
|
|
70
58
|
|
|
71
|
-
def
|
|
59
|
+
def payload
|
|
72
60
|
payload = {
|
|
73
61
|
'ENDPOINT' => @endpoint,
|
|
74
62
|
'METHOD' => @method,
|
|
@@ -78,23 +66,66 @@ module CfnGuardian
|
|
|
78
66
|
payload['BODY_REGEX_MATCH'] = @body_regex unless @body_regex.nil?
|
|
79
67
|
payload['HEADERS'] = @headers unless @headers.nil?
|
|
80
68
|
payload['PAYLOAD'] = @payload unless @payload.nil?
|
|
69
|
+
payload['COMPRESSED'] = '1' if @compressed
|
|
81
70
|
return payload.to_json
|
|
82
71
|
end
|
|
83
72
|
end
|
|
84
73
|
|
|
85
|
-
class
|
|
74
|
+
class InternalHttpEvent < HttpEvent
|
|
75
|
+
def initialize(resource,environment)
|
|
76
|
+
super(resource)
|
|
77
|
+
@group = 'InternalHttp'
|
|
78
|
+
@name = 'InternalHttpEvent'
|
|
79
|
+
@target = "InternalHttpCheckFunction#{environment}"
|
|
80
|
+
@environment = environment
|
|
81
|
+
end
|
|
82
|
+
end
|
|
83
|
+
|
|
84
|
+
class PortEvent < BaseEvent
|
|
85
|
+
def initialize(resource)
|
|
86
|
+
super(resource)
|
|
87
|
+
@group = 'Port'
|
|
88
|
+
@name = 'PortEvent'
|
|
89
|
+
@target = 'PortCheckFunction'
|
|
90
|
+
@hostname = resource['Id']
|
|
91
|
+
@port = resource['Port']
|
|
92
|
+
@timeout = resource.fetch('Timeout',120)
|
|
93
|
+
end
|
|
94
|
+
|
|
95
|
+
def payload
|
|
96
|
+
return {
|
|
97
|
+
'HOSTNAME' => @hostname,
|
|
98
|
+
'PORT' => @port,
|
|
99
|
+
'TIMEOUT' => @timeout,
|
|
100
|
+
'STATUS_CODE_MATCH' => @status_code
|
|
101
|
+
}.to_json
|
|
102
|
+
end
|
|
103
|
+
end
|
|
104
|
+
|
|
105
|
+
class InternalPortEvent < PortEvent
|
|
106
|
+
def initialize(resource,environment)
|
|
107
|
+
super(resource)
|
|
108
|
+
@group = 'InternalPort'
|
|
109
|
+
@name = 'InternalPortEvent'
|
|
110
|
+
@target = "InternalPortCheckFunction#{environment}"
|
|
111
|
+
@environment = environment
|
|
112
|
+
end
|
|
113
|
+
end
|
|
114
|
+
|
|
115
|
+
class NrpeEvent < BaseEvent
|
|
86
116
|
def initialize(resource,environment,command)
|
|
87
117
|
super(resource)
|
|
88
|
-
@
|
|
118
|
+
@group = 'Nrpe'
|
|
89
119
|
@name = 'NrpeEvent'
|
|
90
120
|
@target = "NrpeCheckFunction#{environment}"
|
|
91
121
|
@host = resource['Id']
|
|
92
122
|
@environment = environment
|
|
93
123
|
@region = resource.fetch('Region',"${AWS::Region}")
|
|
124
|
+
@hash = Digest::MD5.hexdigest "#{resource['Id']}#{command}"
|
|
94
125
|
@command = command
|
|
95
126
|
end
|
|
96
127
|
|
|
97
|
-
def
|
|
128
|
+
def payload
|
|
98
129
|
return {
|
|
99
130
|
'host' => @host,
|
|
100
131
|
'environment' => @environment,
|
|
@@ -104,18 +135,18 @@ module CfnGuardian
|
|
|
104
135
|
end
|
|
105
136
|
end
|
|
106
137
|
|
|
107
|
-
class SslEvent <
|
|
138
|
+
class SslEvent < BaseEvent
|
|
108
139
|
def initialize(resource)
|
|
109
140
|
super(resource)
|
|
110
|
-
@
|
|
141
|
+
@group = 'Ssl'
|
|
111
142
|
@name = 'SslEvent'
|
|
112
143
|
@target = 'SslCheckFunction'
|
|
113
|
-
@cron = "0 12 * * ? *"
|
|
144
|
+
@cron = resource.fetch('Schedule', "0 12 * * ? *")
|
|
114
145
|
@url = resource['Id']
|
|
115
146
|
@region = resource.fetch('Region',"${AWS::Region}")
|
|
116
147
|
end
|
|
117
148
|
|
|
118
|
-
def
|
|
149
|
+
def payload
|
|
119
150
|
return {
|
|
120
151
|
'Url' => @url,
|
|
121
152
|
'Region' => @region
|
|
@@ -123,32 +154,42 @@ module CfnGuardian
|
|
|
123
154
|
end
|
|
124
155
|
end
|
|
125
156
|
|
|
126
|
-
class
|
|
157
|
+
class InternalSslEvent < SslEvent
|
|
158
|
+
def initialize(resource,environment)
|
|
159
|
+
super(resource)
|
|
160
|
+
@group = 'InternalSsl'
|
|
161
|
+
@name = 'InternalSslEvent'
|
|
162
|
+
@target = "InternalSslCheckFunction#{environment}"
|
|
163
|
+
@environment = environment
|
|
164
|
+
end
|
|
165
|
+
end
|
|
166
|
+
|
|
167
|
+
class DomainExpiryEvent < BaseEvent
|
|
127
168
|
|
|
128
169
|
attr_accessor :domain,
|
|
129
170
|
:region
|
|
130
171
|
|
|
131
172
|
def initialize(resource)
|
|
132
173
|
super(resource)
|
|
133
|
-
@
|
|
174
|
+
@group = 'DomainExpiry'
|
|
134
175
|
@name = 'DomainExpiryEvent'
|
|
135
176
|
@target = 'DomainExpiryCheckFunction'
|
|
136
|
-
@cron = "0 12 * * ? *"
|
|
177
|
+
@cron = resource.fetch('Schedule', "0 12 * * ? *")
|
|
137
178
|
@domain = resource['Id']
|
|
138
179
|
@region = resource.fetch('Region',"${AWS::Region}")
|
|
139
180
|
end
|
|
140
181
|
|
|
141
|
-
def
|
|
142
|
-
{'Domain' => @domain}.to_json
|
|
182
|
+
def payload
|
|
183
|
+
return {'Domain' => @domain}.to_json
|
|
143
184
|
end
|
|
144
185
|
end
|
|
145
186
|
|
|
146
|
-
class SqlEvent <
|
|
147
|
-
def initialize(resource,query)
|
|
187
|
+
class SqlEvent < BaseEvent
|
|
188
|
+
def initialize(resource,query,environment)
|
|
148
189
|
super(resource)
|
|
149
|
-
@
|
|
190
|
+
@group = 'Sql'
|
|
150
191
|
@name = 'SqlEvent'
|
|
151
|
-
@target =
|
|
192
|
+
@target = "SqlCheckFunction#{environment}"
|
|
152
193
|
@host = resource['Id']
|
|
153
194
|
@engine = resource['Engine']
|
|
154
195
|
@port = resource['Port']
|
|
@@ -157,9 +198,10 @@ module CfnGuardian
|
|
|
157
198
|
@query = query
|
|
158
199
|
@region = resource.fetch('Region',"${AWS::Region}")
|
|
159
200
|
@test_type = '1-row-1-value-zero-is-good'
|
|
201
|
+
@environment = environment
|
|
160
202
|
end
|
|
161
203
|
|
|
162
|
-
def
|
|
204
|
+
def payload
|
|
163
205
|
return {
|
|
164
206
|
'Host' => @host,
|
|
165
207
|
'Engine' => @engine,
|
|
@@ -171,20 +213,130 @@ module CfnGuardian
|
|
|
171
213
|
'TestType' => @test_type
|
|
172
214
|
}.to_json
|
|
173
215
|
end
|
|
216
|
+
|
|
217
|
+
def ssm_parameters
|
|
218
|
+
params = []
|
|
219
|
+
params << @ssm_username
|
|
220
|
+
params << @ssm_password
|
|
221
|
+
return params
|
|
222
|
+
end
|
|
174
223
|
end
|
|
175
224
|
|
|
176
|
-
class ContainerInstanceEvent <
|
|
225
|
+
class ContainerInstanceEvent < BaseEvent
|
|
177
226
|
def initialize(resource)
|
|
178
227
|
super(resource)
|
|
179
|
-
@
|
|
228
|
+
@group = 'ContainerInstance'
|
|
180
229
|
@name = 'ContainerInstanceEvent'
|
|
181
230
|
@target = 'ContainerInstanceCheckFunction'
|
|
182
|
-
@cron = "0/5 * * * ? *"
|
|
231
|
+
@cron = resource.fetch('Schedule', "0/5 * * * ? *")
|
|
183
232
|
@cluster = resource['Id']
|
|
184
233
|
end
|
|
185
234
|
|
|
186
|
-
def
|
|
187
|
-
{'CLUSTER' => @cluster}.to_json
|
|
235
|
+
def payload
|
|
236
|
+
return {'CLUSTER' => @cluster}.to_json
|
|
237
|
+
end
|
|
238
|
+
end
|
|
239
|
+
|
|
240
|
+
class SFTPEvent < BaseEvent
|
|
241
|
+
def initialize(resource)
|
|
242
|
+
super(resource)
|
|
243
|
+
@group = 'SFTP'
|
|
244
|
+
@name = 'SFTPEvent'
|
|
245
|
+
@target = 'SFTPCheckFunction'
|
|
246
|
+
@cron = resource.fetch('Schedule', "0/5 * * * ? *")
|
|
247
|
+
@host = resource['Id']
|
|
248
|
+
@user = resource['User']
|
|
249
|
+
@port = resource.fetch('Port', nil)
|
|
250
|
+
@server_key = resource.fetch('ServerKey', nil)
|
|
251
|
+
@password = resource.fetch('Password', nil)
|
|
252
|
+
@private_key = resource.fetch('PrivateKey', nil)
|
|
253
|
+
@private_key_pass = resource.fetch('PrivateKeyPass', nil)
|
|
254
|
+
@file = resource.fetch('File', nil)
|
|
255
|
+
@file_regex_match = resource.fetch('FileRegexMatch', nil)
|
|
256
|
+
end
|
|
257
|
+
|
|
258
|
+
def payload
|
|
259
|
+
payload = {
|
|
260
|
+
'HOSTNAME' => @host,
|
|
261
|
+
'USERNAME' => @user
|
|
262
|
+
}
|
|
263
|
+
payload['PORT'] = @port unless @port.nil?
|
|
264
|
+
payload['SERVER_KEY'] = @server_key unless @server_key.nil?
|
|
265
|
+
payload['PASSWORD'] = @password unless @password.nil?
|
|
266
|
+
payload['PRIVATEKEY'] = @private_key unless @private_key.nil?
|
|
267
|
+
payload['PRIVATEKEY_PASSWORD'] = @private_key_pass unless @private_key_pass.nil?
|
|
268
|
+
payload['FILE'] = @file unless @file.nil?
|
|
269
|
+
payload['FILE_REGEX_MATCH'] = @file_regex_match unless @file_regex_match.nil?
|
|
270
|
+
return payload.to_json
|
|
271
|
+
end
|
|
272
|
+
|
|
273
|
+
def ssm_parameters
|
|
274
|
+
params = []
|
|
275
|
+
params << @password unless @password.nil?
|
|
276
|
+
params << @private_key unless @private_key.nil?
|
|
277
|
+
params << @private_key_pass unless @private_key_pass.nil?
|
|
278
|
+
return params
|
|
279
|
+
end
|
|
280
|
+
end
|
|
281
|
+
|
|
282
|
+
class InternalSFTPEvent < SFTPEvent
|
|
283
|
+
def initialize(resource,environment)
|
|
284
|
+
super(resource)
|
|
285
|
+
@group = 'InternalSFTP'
|
|
286
|
+
@name = 'InternalSFTPEvent'
|
|
287
|
+
@target = "InternalSFTPCheckFunction#{environment}"
|
|
288
|
+
@environment = environment
|
|
289
|
+
end
|
|
290
|
+
end
|
|
291
|
+
|
|
292
|
+
class TLSEvent < BaseEvent
|
|
293
|
+
def initialize(resource)
|
|
294
|
+
super(resource)
|
|
295
|
+
@group = 'TLS'
|
|
296
|
+
@name = 'TLSEvent'
|
|
297
|
+
@target = 'TLSCheckFunction'
|
|
298
|
+
@cron = resource.fetch('Schedule', "0/5 * * * ? *")
|
|
299
|
+
@host = resource['Id']
|
|
300
|
+
@port = resource.fetch('Port', 443)
|
|
301
|
+
@check_max = resource.fetch('MaxSupported', nil)
|
|
302
|
+
@versions = resource.fetch('Versions', ['SSLv2','SSLv3','TLSv1','TLSv1.1','TLSv1.2'])
|
|
303
|
+
end
|
|
304
|
+
|
|
305
|
+
def payload
|
|
306
|
+
payload = {
|
|
307
|
+
'HOSTNAME' => @host,
|
|
308
|
+
'PORT' => @port
|
|
309
|
+
}
|
|
310
|
+
payload['CHECK_MAX_SUPPORTED'] = @check_max.nil?
|
|
311
|
+
payload['PROTOCOLS'] = @versions unless @versions.nil?
|
|
312
|
+
return payload.to_json
|
|
313
|
+
end
|
|
314
|
+
end
|
|
315
|
+
|
|
316
|
+
class AzureFileEvent < BaseEvent
|
|
317
|
+
def initialize(resource)
|
|
318
|
+
super(resource)
|
|
319
|
+
@group = 'AzureFile'
|
|
320
|
+
@name = 'AzureFileEvent'
|
|
321
|
+
@target = 'AzureFileCheckFunction'
|
|
322
|
+
@cron = resource.fetch('Schedule', "0/5 * * * ? *")
|
|
323
|
+
@storage_account = resource['Id']
|
|
324
|
+
@container = resource['Container']
|
|
325
|
+
@connection_string = resource['ConnectionString']
|
|
326
|
+
@search = resource['Search']
|
|
327
|
+
end
|
|
328
|
+
|
|
329
|
+
def payload
|
|
330
|
+
return {
|
|
331
|
+
'STORAGE_ACCOUNT' => @storage_account,
|
|
332
|
+
'CONTAINER' => @container,
|
|
333
|
+
'CONNECTION_STRING' => @connection_string,
|
|
334
|
+
'SEARCH' => @search
|
|
335
|
+
}.to_json
|
|
336
|
+
end
|
|
337
|
+
|
|
338
|
+
def ssm_parameters
|
|
339
|
+
return [@connection_string]
|
|
188
340
|
end
|
|
189
341
|
end
|
|
190
342
|
|