cfn-guardian 0.1.0 → 0.6.3

data/lib/cfnguardian/models/event_subscription.rb

@@ -0,0 +1,96 @@
+module CfnGuardian
+    module Models
+        class BaseEventSubscription
+            
+            attr_reader :type, :group
+            attr_writer :detail
+            attr_accessor :name,
+                :enabled,
+                :hash,
+                :topic,
+                :resource_id,
+                :resource_arn,
+                :source,
+                :detail_type,
+                :detail
+
+            def initialize(resource)
+                @type = 'EventSubscription'
+                @group = self.class.name.split('::').last
+                @name = ''
+                @hash = Digest::MD5.hexdigest resource['Id']
+                @enabled = true
+                @events = []
+                @topic = 'Events'
+                @resource_id = resource['Id']
+                @resource_arn = ''
+                @source = ''
+                @detail_type = ''
+                @detail = {}
+            end
+
+            def detail
+                return @detail
+            end
+        end
+
+        class RDSEventSubscription < BaseEventSubscription
+            attr_accessor :source_id, :rds_event_category, :message
+
+            def initialize(resource)
+                super(resource)
+                @source = 'aws.rds'
+                @detail_type = 'RDS DB Instance Event'
+                @source_id = ''
+                @rds_event_category = ''
+                @message = ''
+            end
+
+            def detail
+                return {
+                    EventCategories: [@rds_event_category],
+                    SourceType: [@source_type],
+                    SourceIdentifier: ["rds:#{@resource_id}"],
+                    Message: [@message]
+                }
+            end
+        end
+
+        class RDSInstanceEventSubscription < RDSEventSubscription
+            def initialize(resource)
+                super(resource)
+                @source_type = 'DB_INSTANCE'
+            end
+        end
+
+        class RDSClusterEventSubscription < RDSEventSubscription
+            def initialize(resource)
+                super(resource)
+                @source_type = 'DB_CLUSTER'
+            end
+        end
+
+        class Ec2InstanceEventSubscription < BaseEventSubscription
+            def initialize(resource)
+                super(resource)
+                @source = 'aws.ec2'
+            end
+        end
+
+        class ApiGatewayEventSubscription < BaseEventSubscription; end
+        class ApplicationTargetGroupEventSubscription < BaseEventSubscription; end
+        class AmazonMQBrokerEventSubscription < BaseEventSubscription; end
+        class CloudFrontDistributionEventSubscription < BaseEventSubscription; end
+        class AutoScalingGroupEventSubscription < BaseEventSubscription; end
+        class DynamoDBTableEventSubscription < BaseEventSubscription; end
+        class Ec2InstanceEventSubscription < BaseEventSubscription; end
+        class ECSClusterEventSubscription < BaseEventSubscription; end
+        class ECSServiceEventSubscription < BaseEventSubscription; end
+        class ElastiCacheReplicationGroupEventSubscription < BaseEventSubscription; end
+        class ElasticLoadBalancerEventSubscription < BaseEventSubscription; end
+        class ElasticFileSystemEventSubscription < BaseEventSubscription; end
+        class LambdaEventSubscription < BaseEventSubscription; end
+        class NetworkTargetGroupEventSubscription < BaseEventSubscription; end
+        class RedshiftClusterEventSubscription < BaseEventSubscription; end
+    end
+end

data/lib/cfnguardian/models/metric_filter.rb

@@ -0,0 +1,28 @@
+require 'cfnguardian/string'
+require 'digest/md5'
+
+module CfnGuardian
+  module Models
+    class MetricFilter
+      
+      attr_reader :type,
+        :metric_namespace,
+        :name
+      attr_accessor :log_group,
+        :pattern,
+        :metric_value,
+        :metric_name
+      
+      def initialize(log_group,filter)
+        @type = 'MetricFilter'
+        @name = Digest::MD5.hexdigest(log_group + filter['MetricName'])
+        @log_group = log_group
+        @pattern = filter['Pattern']
+        @metric_value = filter.fetch('MetricValue', '1').to_s
+        @metric_name = filter['MetricName']
+        @metric_namespace = "MetricFilters"
+      end
+      
+    end
+  end
+end

data/lib/cfnguardian/resources/amazonmq_rabbitmq.rb

@@ -0,0 +1,136 @@
+module CfnGuardian::Resource
+  class AmazonMQRabbitMQBroker < Base
+      
+    def default_alarms
+      alarm = CfnGuardian::Models::AmazonMQRabbitMQBrokerAlarm.new(@resource)
+      alarm.name = 'ConnectionCountCritical'
+      alarm.metric_name = 'ConnectionCount'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 50
+      alarm.evaluation_periods = 5
+      alarm.treat_missing_data = 'notBreaching'
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::AmazonMQRabbitMQBrokerAlarm.new(@resource)
+      alarm.name = 'ConnectionCountWarn'
+      alarm.metric_name = 'ConnectionCount'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 25
+      alarm.evaluation_periods = 5
+      alarm.treat_missing_data = 'notBreaching'
+      alarm.alarm_action = 'Warning'
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::AmazonMQRabbitMQBrokerAlarm.new(@resource)
+      alarm.name = 'MessageCountCritical'
+      alarm.metric_name = 'MessageCount'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 500
+      alarm.evaluation_periods = 5
+      alarm.treat_missing_data = 'notBreaching'
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::AmazonMQRabbitMQBrokerAlarm.new(@resource)
+      alarm.name = 'MessageCountWarn'
+      alarm.metric_name = 'MessageCount'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 250
+      alarm.evaluation_periods = 5
+      alarm.treat_missing_data = 'notBreaching'
+      alarm.alarm_action = 'Warning'
+      @alarms.push(alarm)
+
+    end
+  end
+
+  class AmazonMQRabbitMQQueue < Base
+      
+    def default_alarms
+
+      alarm = CfnGuardian::Models::AmazonMQRabbitMQQueueAlarm.new(@resource)
+      alarm.name = 'MessageCountHighWarn'
+      alarm.metric_name = 'MessageCount'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 100
+      alarm.evaluation_periods = 5
+      alarm.treat_missing_data = 'notBreaching'
+      alarm.alarm_action = 'Warning'
+      @alarms.push(alarm)
+
+    end
+  end
+
+  class AmazonMQRabbitMQNode < Base
+
+    def default_alarms
+      alarm = CfnGuardian::Models::AmazonMQRabbitMQNodeAlarm.new(@resource)
+      alarm.name = 'SystemCpuUtilizationCritical'
+      alarm.metric_name = 'SystemCpuUtilization'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 95
+      alarm.evaluation_periods = 10
+      alarm.treat_missing_data = 'notBreaching'
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::AmazonMQRabbitMQNodeAlarm.new(@resource)
+      alarm.name = 'SystemCpuUtilizationHighBase'
+      alarm.metric_name = 'SystemCpuUtilization'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 75
+      alarm.evaluation_periods = 30
+      alarm.treat_missing_data = 'notBreaching'
+      alarm.alarm_action = 'Warning'
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::AmazonMQRabbitMQNodeAlarm.new(@resource)
+      alarm.name = 'RabbitMQMemUsedCritical'
+      alarm.metric_name = 'RabbitMQMemUsed'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 390000000
+      alarm.evaluation_periods = 5
+      alarm.treat_missing_data = 'notBreaching'
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::AmazonMQRabbitMQNodeAlarm.new(@resource)
+      alarm.name = 'RabbitMQMemUsedWarn'
+      alarm.metric_name = 'RabbitMQMemUsed'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 350000000
+      alarm.evaluation_periods = 5
+      alarm.treat_missing_data = 'notBreaching'
+      alarm.alarm_action = 'Warning'
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::AmazonMQRabbitMQNodeAlarm.new(@resource)
+      alarm.name = 'RabbitMQDiskFreeLimitCritical'
+      alarm.metric_name = 'RabbitMQDiskFreeLimit'
+      alarm.comparison_operator = 'LessThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 1200000000
+      alarm.evaluation_periods = 5
+      alarm.treat_missing_data = 'notBreaching'
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::AmazonMQRabbitMQNodeAlarm.new(@resource)
+      alarm.name = 'RabbitMQDiskFreeLimitWarn'
+      alarm.metric_name = 'RabbitMQDiskFreeLimit'
+      alarm.comparison_operator = 'LessThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 1200000000
+      alarm.evaluation_periods = 5
+      alarm.treat_missing_data = 'notBreaching'
+      alarm.alarm_action = 'Warning'
+      @alarms.push(alarm)
+
+    end
+  end
+end

data/lib/cfnguardian/resources/application_targetgroup.rb

@@ -5,9 +5,11 @@ module CfnGuardian::Resource
       alarm = CfnGuardian::Models::ApplicationTargetGroupAlarm.new(@resource)
       alarm.name = 'HealthyHosts'
       alarm.metric_name = 'HealthyHostCount'
+      alarm.comparison_operator = 'LessThanThreshold'
       alarm.statistic = 'Minimum'
       alarm.threshold = 2
       alarm.evaluation_periods = 1
+      alarm.comparison_operator = 'LessThanThreshold'
       @alarms.push(alarm)
       
       alarm = CfnGuardian::Models::ApplicationTargetGroupAlarm.new(@resource)

data/lib/cfnguardian/resources/azure_file.rb

@@ -0,0 +1,20 @@
+module CfnGuardian::Resource
+    class AzureFile < Base
+
+      def default_alarms
+        alarm = CfnGuardian::Models::AzureFileAlarm.new(@resource)
+        alarm.name = 'FileExpired'
+        alarm.metric_name = 'FileExpired'
+        @alarms.push(alarm)
+      end
+
+      def default_events
+        @events.push(CfnGuardian::Models::AzureFileEvent.new(@resource))
+      end
+
+      def default_checks
+        @checks.push(CfnGuardian::Models::AzureFileCheck.new(@resource))
+      end
+
+    end
+  end

data/lib/cfnguardian/resources/base.rb

@@ -1,95 +1,208 @@
 require 'cfnguardian/string'
+require 'cfnguardian/cloudwatch'
 require 'cfnguardian/models/alarm'
 require 'cfnguardian/models/event'
 require 'cfnguardian/models/check'
+require 'cfnguardian/models/metric_filter'
+require 'cfnguardian/models/event_subscription'
 
 module CfnGuardian::Resource
   class Base
     include Logging
     
-    def initialize(resource)
+    def initialize(resource, override_group = nil)
       @resource = resource
+      @override_group = override_group
       @alarms = []
       @events = []
       @checks = []
+      @metric_filters = []
+      @event_subscriptions = []
     end
     
+    # Overidden by inheritted classes to define default alarms
     def default_alarms()
       return @alarms
     end
     
-    def get_alarms(overides={})
+    def get_alarms(group,overides={})
       # generate default alarms
       default_alarms()
-      
+
+      # override any group properties
+      group_overrides = overides.has_key?('GroupOverrides') ? overides['GroupOverrides'] : {}
+      overides.delete('GroupOverrides')
+      if group_overrides.any?
+        @alarms.each do |alarm|
+          logger.debug("overriding #{alarm.name} alarm properties for resource #{alarm.resource_id} in resource group #{group} via group overrides") 
+          group_overrides.each {|attr,value| update_object(alarm,attr,value)}
+        end
+      end
+
       # loop over each override template for the service
-      overides.each do |name,properties|
-        
+      overides.each do |name,properties|       
         # disable default alarms
         if [false].include?(properties)
-          alarm = find_alarm(name)
+          alarms = find_alarms(name)
           
-          if !alarm.nil?
-            alarm.enabled = false 
-            logger.debug "Disabling alarm '#{name}' for resource #{alarm.resource}"
+          if !alarms.nil?
+            alarms.each do |alarm| 
+              alarm.enabled = false
+              logger.info "disabling alarm '#{name}' for resource #{alarm.resource_id}"
+            end
             next
           end
         end
-        
+
+        # continue if the override is in the incorrect format
         unless properties.is_a?(Hash)
           if name != 'Inherit'
-            logger.warn "Incorrect format for alarm '#{name}'. Should be of type 'Hash', instead got type '#{properties.class}'"
+            logger.warn "incorrect format for alarm '#{name}'. Should be of type 'Hash', instead got type '#{properties.group}'"
           end
           next
         end
-        
+
+        properties.merge!(group_overrides)
+
+        # Create a new alarm inheriting the defaults of an existing alarm
         if properties.has_key?('Inherit')
           alarm = find_alarm(properties['Inherit'])
           if !alarm.nil?
+            logger.debug("creating new alarm #{name} for alarm group #{self.class.to_s.split('::').last} inheriting properties from alarm #{properties['Inherit']}")
             inheritited_alarm = alarm.clone
             alarm.name = name
-            properties.each {|attr,value| update_alarm(inheritited_alarm,attr,value)}
+            properties.each {|attr,value| update_object(inheritited_alarm,attr,value)}
             @alarms.push(inheritited_alarm)
           else
-            logger.warn "Alarm '#{properties['Inherit']}' doesn't exists and cannot be inherited"
+            logger.warn "alarm '#{properties['Inherit']}' doesn't exists and cannot be inherited"
           end
           next
         end
         
-        alarm = find_alarm(name)
-        
-        if alarm.nil?
-          alarm = Kernel.const_get("CfnGuardian::Models::#{self.class.to_s.split('::').last}Alarm").new(properties)
-        end
-        
-        if alarm.name.nil?
-          alarm.name = name
+        alarms = find_alarms(name)
+
+        if alarms.empty?
+          # if the alarm doesn't exist and it's not being inherited from another alarm create a new alarm
+          resources = @resource.has_key?('Hosts') ? @resource['Hosts'] : [@resource]
+          resources.each do |res|
+            alarm = Kernel.const_get("CfnGuardian::Models::#{self.class.to_s.split('::').last}Alarm").new(res)
+            properties.each {|attr,value| update_object(alarm,attr,value)}
+            alarm.name = name
+            logger.debug("created new alarm #{alarm.name} for resource #{alarm.resource_id} in resource group #{group}")
+            @alarms.push(alarm)
+          end
+        else
+          # if there is an existing alarm update the properties
+          alarms.each do |alarm|
+            logger.debug("overriding #{alarm.name} alarm properties for resource #{alarm.resource_id} in resource group #{group} via alarm overrides") 
+            properties.each {|attr,value| update_object(alarm,attr,value)}
+          end
         end
-        
-        properties.each {|attr,value| update_alarm(alarm,attr,value)}
-        @alarms.push(alarm)
-        
       end
       
-      return @alarms.select{|a| a.enabled}.map {|a| a.to_h}
+      unless @override_group.nil?
+        @alarms.each {|a| a.group = @override_group}
+      end
+      
+      # String interpolation for alarm dimensions
+      @alarms.each do |alarm|
+        next if alarm.dimensions.nil?
+        alarm.dimensions.each do |k,v|
+          if v.match?(/^\${Resource::.*[A-Za-z]}$/)
+            resource_key = v.tr('${}', '').split('Resource::').last
+            if @resource.has_key?(resource_key)
+              logger.debug "overriding alarm #{alarm.name} dimension key '#{k}' with value '#{@resource[resource_key]}'" 
+              alarm.dimensions[k] = @resource[resource_key]
+            end
+          end
+        end
+      end
+
+      return @alarms.select{|a| a.enabled}
     end
     
+    # Overidden by inheritted classes to define default events
     def default_events()
       return @events
     end
     
     def get_events()
       default_events()
-      return @events.select{|e| e.enabled}.map {|e| e.to_h}
+      return @events.select{|e| e.enabled}
     end
     
+    # Overidden by inheritted classes to define default checks
     def default_checks()
       return @checks
     end
     
     def get_checks()
       default_checks()
-      return @checks.map {|c| c.to_h}
+      return @checks
+    end
+    
+    # Overidden by inheritted classes to define default checks
+    def default_metric_filters()
+      return @metric_filters
+    end
+    
+    def get_metric_filters()
+      default_metric_filters()
+      return @metric_filters
+    end
+
+    # Overidden by inheritted classes to define default checks
+    def default_event_subscriptions()
+      return @event_subscriptions
+    end
+    
+    def get_event_subscriptions(group, overides)
+      # generate defailt event subscriptions
+      default_event_subscriptions()
+
+      # overide the defaults
+      overides.each do |name, properties|
+        event_subscription = find_event_subscriptions(name)
+
+        # disbable the event subscription if the value is false
+        if [false].include?(properties)
+          unless event_subscription.nil?
+            event_subscription.enabled = false
+            logger.info "Disabling event subscription #{name} for #{group} #{event_subscription.resource_id}"
+          end
+
+          next
+        end
+
+        # ignore all properties not in a proper format
+        next unless properties.is_a?(Hash) 
+
+        # Create a new event subscription by inheriting an existing one
+        if properties.has_key?('Inherit')
+          inherit_event_subscription = find_event_subscriptions(properties['Inherit'])
+          
+          if inherit_event_subscription.nil?
+            logger.warn "Unable to create #{topic} RDSEventSubscription by inheriting #{properties['Inherit']} as it cannot be found"
+            next
+          end
+
+          event_subscription = inherit_event_subscription.clone
+          event_subscription.enabled = true
+          event_subscription.name = name
+          @event_subscriptions.push(event_subscription) 
+          logger.debug "Inheriting RDSEventSubscription #{properties['Inherit']}"
+        end
+
+        if event_subscription.nil?
+          event_subscription = Kernel.const_get("CfnGuardian::Models::#{self.class.to_s.split('::').last}EventSubscription").new(@resource)
+          event_subscription.name = name
+          @event_subscriptions.push(event_subscription) 
+        end
+
+        properties.each {|attr,value| update_object(event_subscription,attr,value)}
+      end
+
+      return @event_subscriptions.select {|es| es.enabled }
     end
     
     def get_cost()
@@ -101,13 +214,22 @@ module CfnGuardian::Resource
     def find_alarm(name)
       @alarms.detect {|alarm| alarm.name == name}
     end
-    
-    def update_alarm(alarm,attr,value)
+
+    def find_alarms(name)
+      @alarms.find_all {|alarm| alarm.name == name}
+    end
+
+    def find_event_subscriptions(name)
+      @event_subscriptions.detect {|es| es.name == name}
+    end
+
+    def update_object(obj,attr,value)
+      logger.debug("overriding #{obj.type} property '#{attr}' with value #{value} for resource id: #{obj.resource_id}")
       begin
-        alarm.send("#{attr.to_underscore}=",value)
+        obj.send("#{attr.to_underscore}=",value.clone)
       rescue NoMethodError => e
         if !e.message.match?(/inherit/)
-          logger.warn "Unknown key '#{attr}' for #{alarm.resource} alarm #{alarm.name}"
+          logger.warn "Unknown property '#{attr}' for type: #{obj.type} and resource id: #{obj.resource_id}"
         end
       end
     end