cfn-guardian 0.1.0 → 0.6.3
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.dockerignore +1 -0
- data/.github/workflows/build-gem.yml +25 -0
- data/.github/workflows/release-gem.yml +25 -0
- data/.github/workflows/release-image.yml +33 -0
- data/.rspec +1 -0
- data/Dockerfile +19 -0
- data/Gemfile.lock +39 -21
- data/README.md +9 -378
- data/cfn-guardian.gemspec +7 -5
- data/docs/alarm_templates.md +130 -0
- data/docs/cli.md +182 -0
- data/docs/composite_alarms.md +24 -0
- data/docs/custom_checks/azure_file_check.md +28 -0
- data/docs/custom_checks/domain_expiry.md +10 -0
- data/docs/custom_checks/http.md +59 -0
- data/docs/custom_checks/log_group_metric_filters.md +27 -0
- data/docs/custom_checks/nrpe.md +29 -0
- data/docs/custom_checks/port.md +40 -0
- data/docs/custom_checks/sftp.md +73 -0
- data/docs/custom_checks/sql.md +44 -0
- data/docs/custom_checks/tls.md +25 -0
- data/docs/custom_metrics.md +71 -0
- data/docs/event_subscriptions.md +67 -0
- data/docs/maintenance_mode.md +85 -0
- data/docs/notifiers.md +33 -0
- data/docs/overview.md +22 -0
- data/docs/resources.md +93 -0
- data/docs/variables.md +58 -0
- data/lib/cfnguardian.rb +325 -37
- data/lib/cfnguardian/cloudwatch.rb +132 -0
- data/lib/cfnguardian/codecommit.rb +54 -0
- data/lib/cfnguardian/codepipeline.rb +138 -0
- data/lib/cfnguardian/compile.rb +142 -18
- data/lib/cfnguardian/config/defaults.yaml +103 -0
- data/lib/cfnguardian/deploy.rb +2 -16
- data/lib/cfnguardian/display_formatter.rb +163 -0
- data/lib/cfnguardian/drift.rb +79 -0
- data/lib/cfnguardian/error.rb +4 -0
- data/lib/cfnguardian/log.rb +0 -1
- data/lib/cfnguardian/models/alarm.rb +193 -59
- data/lib/cfnguardian/models/check.rb +128 -33
- data/lib/cfnguardian/models/composite.rb +21 -0
- data/lib/cfnguardian/models/event.rb +201 -49
- data/lib/cfnguardian/models/event_subscription.rb +96 -0
- data/lib/cfnguardian/models/metric_filter.rb +28 -0
- data/lib/cfnguardian/resources/amazonmq_rabbitmq.rb +136 -0
- data/lib/cfnguardian/resources/application_targetgroup.rb +2 -0
- data/lib/cfnguardian/resources/azure_file.rb +20 -0
- data/lib/cfnguardian/resources/base.rb +155 -33
- data/lib/cfnguardian/resources/ec2_instance.rb +11 -0
- data/lib/cfnguardian/resources/ecs_service.rb +2 -2
- data/lib/cfnguardian/resources/http.rb +17 -1
- data/lib/cfnguardian/resources/internal_http.rb +74 -0
- data/lib/cfnguardian/resources/internal_port.rb +33 -0
- data/lib/cfnguardian/resources/internal_sftp.rb +58 -0
- data/lib/cfnguardian/resources/log_group.rb +26 -0
- data/lib/cfnguardian/resources/network_targetgroup.rb +1 -0
- data/lib/cfnguardian/resources/port.rb +25 -0
- data/lib/cfnguardian/resources/rds_cluster.rb +14 -0
- data/lib/cfnguardian/resources/rds_instance.rb +73 -0
- data/lib/cfnguardian/resources/redshift_cluster.rb +2 -2
- data/lib/cfnguardian/resources/sftp.rb +50 -0
- data/lib/cfnguardian/resources/sql.rb +3 -3
- data/lib/cfnguardian/resources/tls.rb +66 -0
- data/lib/cfnguardian/s3.rb +3 -2
- data/lib/cfnguardian/stacks/main.rb +94 -72
- data/lib/cfnguardian/stacks/resources.rb +111 -43
- data/lib/cfnguardian/string.rb +12 -0
- data/lib/cfnguardian/version.rb +1 -1
- metadata +133 -10
@@ -19,6 +19,17 @@ module CfnGuardian
|
|
19
19
|
@alarms.push(alarm)
|
20
20
|
end
|
21
21
|
|
22
|
+
def default_event_subscriptions()
|
23
|
+
event_subscription = CfnGuardian::Models::Ec2InstanceEventSubscription.new(@resource)
|
24
|
+
event_subscription.name = 'InstanceTerminated'
|
25
|
+
event_subscription.detail_type = 'EC2 Instance State-change Notification'
|
26
|
+
event_subscription.detail = {
|
27
|
+
'instance-id' => [@resource['Id']],
|
28
|
+
'state' => ['terminated']
|
29
|
+
}
|
30
|
+
@event_subscriptions.push(event_subscription)
|
31
|
+
end
|
32
|
+
|
22
33
|
end
|
23
34
|
end
|
24
35
|
end
|
@@ -8,7 +8,7 @@ module CfnGuardian
|
|
8
8
|
alarm.metric_name = 'MemoryUtilization'
|
9
9
|
alarm.comparison_operator = 'LessThanOrEqualToThreshold'
|
10
10
|
alarm.statistic = 'SampleCount'
|
11
|
-
alarm.threshold =
|
11
|
+
alarm.threshold = 0
|
12
12
|
alarm.evaluation_periods = 10
|
13
13
|
alarm.treat_missing_data = 'breaching'
|
14
14
|
alarm.datapoints_to_alarm = 8
|
@@ -19,7 +19,7 @@ module CfnGuardian
|
|
19
19
|
alarm.metric_name = 'MemoryUtilization'
|
20
20
|
alarm.comparison_operator = 'LessThanOrEqualToThreshold'
|
21
21
|
alarm.statistic = 'SampleCount'
|
22
|
-
alarm.threshold =
|
22
|
+
alarm.threshold = 1
|
23
23
|
alarm.evaluation_periods = 10
|
24
24
|
alarm.treat_missing_data = 'breaching'
|
25
25
|
alarm.datapoints_to_alarm = 8
|
@@ -14,8 +14,9 @@ module CfnGuardian::Resource
|
|
14
14
|
alarm.metric_name = 'StatusCodeMatch'
|
15
15
|
@alarms.push(alarm)
|
16
16
|
|
17
|
-
alarm = CfnGuardian::Models::
|
17
|
+
alarm = CfnGuardian::Models::HttpAlarm.new(@resource)
|
18
18
|
alarm.name = 'EndpointTimeTaken'
|
19
|
+
alarm.comparison_operator = 'GreaterThanThreshold'
|
19
20
|
alarm.metric_name = 'TimeTaken'
|
20
21
|
alarm.statistic = 'Minimum'
|
21
22
|
alarm.threshold = 1000
|
@@ -29,6 +30,21 @@ module CfnGuardian::Resource
|
|
29
30
|
alarm.metric_name = 'ResponseBodyRegexMatch'
|
30
31
|
@alarms.push(alarm)
|
31
32
|
end
|
33
|
+
|
34
|
+
if @resource.has_key?('Ssl') && @resource['Ssl']
|
35
|
+
alarm = CfnGuardian::Models::SslAlarm.new(@resource)
|
36
|
+
alarm.name = 'ExpiresInDaysCritical'
|
37
|
+
alarm.metric_name = 'ExpiresInDays'
|
38
|
+
alarm.threshold = 5
|
39
|
+
@alarms.push(alarm)
|
40
|
+
|
41
|
+
alarm = CfnGuardian::Models::SslAlarm.new(@resource)
|
42
|
+
alarm.name = 'ExpiresInDaysTask'
|
43
|
+
alarm.metric_name = 'ExpiresInDays'
|
44
|
+
alarm.alarm_action = 'Task'
|
45
|
+
alarm.threshold = 30
|
46
|
+
@alarms.push(alarm)
|
47
|
+
end
|
32
48
|
end
|
33
49
|
|
34
50
|
def default_events()
|
@@ -0,0 +1,74 @@
|
|
1
|
+
require 'digest/md5'
|
2
|
+
|
3
|
+
module CfnGuardian::Resource
|
4
|
+
class InternalHttp < Base
|
5
|
+
|
6
|
+
def initialize(resource, override_group = nil)
|
7
|
+
super(resource, override_group)
|
8
|
+
@resource_list = resource['Hosts']
|
9
|
+
@environment = resource['Environment']
|
10
|
+
end
|
11
|
+
|
12
|
+
def default_alarms
|
13
|
+
@resource_list.each do |host|
|
14
|
+
alarm = CfnGuardian::Models::InternalHttpAlarm.new(host)
|
15
|
+
alarm.name = 'EndpointAvailable'
|
16
|
+
alarm.metric_name = 'Available'
|
17
|
+
@alarms.push(alarm)
|
18
|
+
|
19
|
+
alarm = CfnGuardian::Models::InternalHttpAlarm.new(host)
|
20
|
+
alarm.name = 'EndpointStatusCodeMatch'
|
21
|
+
alarm.metric_name = 'StatusCodeMatch'
|
22
|
+
@alarms.push(alarm)
|
23
|
+
|
24
|
+
alarm = CfnGuardian::Models::InternalHttpAlarm.new(host)
|
25
|
+
alarm.name = 'EndpointTimeTaken'
|
26
|
+
alarm.comparison_operator = 'GreaterThanThreshold'
|
27
|
+
alarm.metric_name = 'TimeTaken'
|
28
|
+
alarm.statistic = 'Minimum'
|
29
|
+
alarm.threshold = 1000
|
30
|
+
alarm.period = 300
|
31
|
+
alarm.evaluation_periods = 1
|
32
|
+
@alarms.push(alarm)
|
33
|
+
|
34
|
+
if host.has_key?('BodyRegex')
|
35
|
+
alarm = CfnGuardian::Models::InternalHttpAlarm.new(host)
|
36
|
+
alarm.name = 'EndpointBodyRegexMatch'
|
37
|
+
alarm.metric_name = 'ResponseBodyRegexMatch'
|
38
|
+
@alarms.push(alarm)
|
39
|
+
end
|
40
|
+
|
41
|
+
if host.has_key?('Ssl') && host['Ssl']
|
42
|
+
alarm = CfnGuardian::Models::InternalSslAlarm.new(host)
|
43
|
+
alarm.name = 'ExpiresInDaysCritical'
|
44
|
+
alarm.metric_name = 'ExpiresInDays'
|
45
|
+
alarm.threshold = 5
|
46
|
+
@alarms.push(alarm)
|
47
|
+
|
48
|
+
alarm = CfnGuardian::Models::InternalSslAlarm.new(host)
|
49
|
+
alarm.name = 'ExpiresInDaysTask'
|
50
|
+
alarm.metric_name = 'ExpiresInDays'
|
51
|
+
alarm.threshold = 30
|
52
|
+
@alarms.push(alarm)
|
53
|
+
end
|
54
|
+
end
|
55
|
+
end
|
56
|
+
|
57
|
+
def default_events()
|
58
|
+
@resource_list.each do |host|
|
59
|
+
@events.push(CfnGuardian::Models::InternalHttpEvent.new(host,@environment))
|
60
|
+
if host.has_key?('Ssl') && host['Ssl']
|
61
|
+
@events.push(CfnGuardian::Models::InternalSslEvent.new(host,@environment))
|
62
|
+
end
|
63
|
+
end
|
64
|
+
end
|
65
|
+
|
66
|
+
def default_checks()
|
67
|
+
@checks.push(CfnGuardian::Models::InternalHttpCheck.new(@resource))
|
68
|
+
if @resource_list.any? {|host| host.has_key?('Ssl') && host['Ssl'] }
|
69
|
+
@checks.push(CfnGuardian::Models::InternalSslCheck.new(@resource))
|
70
|
+
end
|
71
|
+
end
|
72
|
+
|
73
|
+
end
|
74
|
+
end
|
@@ -0,0 +1,33 @@
|
|
1
|
+
module CfnGuardian::Resource
|
2
|
+
class InternalPort < Base
|
3
|
+
|
4
|
+
def initialize(resource, override_group = nil)
|
5
|
+
super(resource, override_group)
|
6
|
+
@resource_list = resource['Hosts']
|
7
|
+
@environment = resource['Environment']
|
8
|
+
end
|
9
|
+
|
10
|
+
def default_alarms
|
11
|
+
@resource_list.each do |host|
|
12
|
+
alarm = CfnGuardian::Models::InternalPortAlarm.new(host)
|
13
|
+
alarm.name = 'EndpointAvailable'
|
14
|
+
alarm.metric_name = 'Available'
|
15
|
+
@alarms.push(alarm)
|
16
|
+
|
17
|
+
alarm = CfnGuardian::Models::InternalPortAlarm.new(host)
|
18
|
+
alarm.name = 'EndpointTimeTaken'
|
19
|
+
alarm.metric_name = 'TimeTaken'
|
20
|
+
@alarms.push(alarm)
|
21
|
+
end
|
22
|
+
end
|
23
|
+
|
24
|
+
def default_events()
|
25
|
+
@resource_list.each {|host| @events.push(CfnGuardian::Models::InternalPortEvent.new(host,@environment))}
|
26
|
+
end
|
27
|
+
|
28
|
+
def default_checks()
|
29
|
+
@checks.push(CfnGuardian::Models::InternalPortCheck.new(@resource))
|
30
|
+
end
|
31
|
+
|
32
|
+
end
|
33
|
+
end
|
@@ -0,0 +1,58 @@
|
|
1
|
+
module CfnGuardian::Resource
|
2
|
+
class InternalSFTP < Base
|
3
|
+
|
4
|
+
def initialize(resource, override_group = nil)
|
5
|
+
super(resource, override_group)
|
6
|
+
@resource_list = resource['Hosts']
|
7
|
+
@environment = resource['Environment']
|
8
|
+
end
|
9
|
+
|
10
|
+
def default_alarms
|
11
|
+
@resource_list.each do |host|
|
12
|
+
alarm = CfnGuardian::Models::InternalSFTPAlarm.new(host)
|
13
|
+
alarm.name = 'Available'
|
14
|
+
alarm.metric_name = 'Available'
|
15
|
+
@alarms.push(alarm)
|
16
|
+
|
17
|
+
alarm = CfnGuardian::Models::InternalSFTPAlarm.new(host)
|
18
|
+
alarm.name = 'ConnectionTime'
|
19
|
+
alarm.metric_name = 'ConnectionTime'
|
20
|
+
alarm.comparison_operator = 'GreaterThanThreshold'
|
21
|
+
alarm.statistic = 'Minimum'
|
22
|
+
alarm.threshold = 1000
|
23
|
+
@alarms.push(alarm)
|
24
|
+
|
25
|
+
if host.has_key?('File')
|
26
|
+
alarm = CfnGuardian::Models::InternalSFTPAlarm.new(host)
|
27
|
+
alarm.name = 'FileExists'
|
28
|
+
alarm.metric_name = 'FileExists'
|
29
|
+
@alarms.push(alarm)
|
30
|
+
|
31
|
+
alarm = CfnGuardian::Models::InternalSFTPAlarm.new(host)
|
32
|
+
alarm.name = 'FileGetTime'
|
33
|
+
alarm.metric_name = 'FileGetTime'
|
34
|
+
alarm.comparison_operator = 'GreaterThanThreshold'
|
35
|
+
alarm.statistic = 'Minimum'
|
36
|
+
alarm.threshold = 1000
|
37
|
+
@alarms.push(alarm)
|
38
|
+
|
39
|
+
if host.has_key?('FileBodyMatch')
|
40
|
+
alarm = CfnGuardian::Models::InternalSFTPAlarm.new(host)
|
41
|
+
alarm.name = 'FileBodyMatch'
|
42
|
+
alarm.metric_name = 'FileBodyMatch'
|
43
|
+
@alarms.push(alarm)
|
44
|
+
end
|
45
|
+
end
|
46
|
+
end
|
47
|
+
end
|
48
|
+
|
49
|
+
def default_events
|
50
|
+
@resource_list.each {|host| @events.push(CfnGuardian::Models::InternalSFTPEvent.new(host,@environment)) }
|
51
|
+
end
|
52
|
+
|
53
|
+
def default_checks
|
54
|
+
@checks.push(CfnGuardian::Models::InternalSFTPCheck.new(@resource))
|
55
|
+
end
|
56
|
+
|
57
|
+
end
|
58
|
+
end
|
@@ -0,0 +1,26 @@
|
|
1
|
+
module CfnGuardian::Resource
|
2
|
+
class LogGroup < Base
|
3
|
+
|
4
|
+
def initialize(resource, override_group = nil)
|
5
|
+
super(resource, override_group)
|
6
|
+
@resource_list = resource['MetricFilters']
|
7
|
+
end
|
8
|
+
|
9
|
+
def default_alarms()
|
10
|
+
@resource_list.each do |filter|
|
11
|
+
alarm = CfnGuardian::Models::LogGroupAlarm.new(@resource)
|
12
|
+
alarm.name = filter['MetricName']
|
13
|
+
alarm.metric_name = filter['MetricName']
|
14
|
+
@alarms.push(alarm)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
|
18
|
+
def default_metric_filters()
|
19
|
+
@resource_list.each do |filter|
|
20
|
+
metric_filter = CfnGuardian::Models::MetricFilter.new(@resource['Id'],filter)
|
21
|
+
@metric_filters.push(metric_filter)
|
22
|
+
end
|
23
|
+
end
|
24
|
+
|
25
|
+
end
|
26
|
+
end
|
@@ -5,6 +5,7 @@ module CfnGuardian::Resource
|
|
5
5
|
alarm = CfnGuardian::Models::NetworkTargetGroupAlarm.new(@resource)
|
6
6
|
alarm.name = 'HealthyHosts'
|
7
7
|
alarm.metric_name = 'HealthyHostCount'
|
8
|
+
alarm.comparison_operator = 'LessThanThreshold'
|
8
9
|
alarm.statistic = 'Minimum'
|
9
10
|
alarm.threshold = 2
|
10
11
|
alarm.evaluation_periods = 1
|
@@ -0,0 +1,25 @@
|
|
1
|
+
module CfnGuardian::Resource
|
2
|
+
class Port < Base
|
3
|
+
|
4
|
+
def default_alarms
|
5
|
+
alarm = CfnGuardian::Models::PortAlarm.new(@resource)
|
6
|
+
alarm.name = 'EndpointAvailable'
|
7
|
+
alarm.metric_name = 'Available'
|
8
|
+
@alarms.push(alarm)
|
9
|
+
|
10
|
+
alarm = CfnGuardian::Models::PortAlarm.new(@resource)
|
11
|
+
alarm.name = 'EndpointTimeTaken'
|
12
|
+
alarm.metric_name = 'TimeTaken'
|
13
|
+
@alarms.push(alarm)
|
14
|
+
end
|
15
|
+
|
16
|
+
def default_events()
|
17
|
+
@events.push(CfnGuardian::Models::PortEvent.new(@resource))
|
18
|
+
end
|
19
|
+
|
20
|
+
def default_checks()
|
21
|
+
@checks.push(CfnGuardian::Models::PortCheck.new(@resource))
|
22
|
+
end
|
23
|
+
|
24
|
+
end
|
25
|
+
end
|
@@ -0,0 +1,14 @@
|
|
1
|
+
module CfnGuardian::Resource
|
2
|
+
class RDSCluster < Base
|
3
|
+
|
4
|
+
def default_event_subscriptions()
|
5
|
+
event_subscription = CfnGuardian::Models::RDSClusterEventSubscription.new(@resource)
|
6
|
+
event_subscription.name = 'FailoverFailed'
|
7
|
+
event_subscription.rds_event_category = 'failover'
|
8
|
+
event_subscription.message = 'A failover for the DB cluster has failed.'
|
9
|
+
@event_subscriptions.push(event_subscription)
|
10
|
+
end
|
11
|
+
|
12
|
+
end
|
13
|
+
end
|
14
|
+
|
@@ -7,6 +7,7 @@ module CfnGuardian::Resource
|
|
7
7
|
alarm.metric_name = 'FreeStorageSpace'
|
8
8
|
alarm.threshold = 50000000000
|
9
9
|
alarm.evaluation_periods = 1
|
10
|
+
alarm.comparison_operator = 'LessThanThreshold'
|
10
11
|
@alarms.push(alarm)
|
11
12
|
|
12
13
|
alarm = CfnGuardian::Models::RDSInstanceAlarm.new(@resource)
|
@@ -14,6 +15,7 @@ module CfnGuardian::Resource
|
|
14
15
|
alarm.metric_name = 'FreeStorageSpace'
|
15
16
|
alarm.threshold = 100000000000
|
16
17
|
alarm.evaluation_periods = 1
|
18
|
+
alarm.comparison_operator = 'LessThanThreshold'
|
17
19
|
alarm.alarm_action = 'Task'
|
18
20
|
@alarms.push(alarm)
|
19
21
|
|
@@ -41,5 +43,76 @@ module CfnGuardian::Resource
|
|
41
43
|
@alarms.push(alarm)
|
42
44
|
end
|
43
45
|
|
46
|
+
def default_event_subscriptions()
|
47
|
+
event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
|
48
|
+
event_subscription.name = 'MasterPasswordReset'
|
49
|
+
event_subscription.rds_event_category = 'configuration change'
|
50
|
+
event_subscription.message = 'The master password for the DB instance has been reset.'
|
51
|
+
@event_subscriptions.push(event_subscription)
|
52
|
+
|
53
|
+
event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
|
54
|
+
event_subscription.name = 'MasterPasswordResetFailure'
|
55
|
+
event_subscription.rds_event_category = 'configuration change'
|
56
|
+
event_subscription.message = 'An attempt to reset the master password for the DB instance has failed.'
|
57
|
+
@event_subscriptions.push(event_subscription)
|
58
|
+
|
59
|
+
event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
|
60
|
+
event_subscription.name = 'Deletion'
|
61
|
+
event_subscription.rds_event_category = 'deletion'
|
62
|
+
event_subscription.message = 'The DB instance has been deleted.'
|
63
|
+
@event_subscriptions.push(event_subscription)
|
64
|
+
|
65
|
+
event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
|
66
|
+
event_subscription.name = 'MultiAZFailoverStarted'
|
67
|
+
event_subscription.rds_event_category = 'failover'
|
68
|
+
event_subscription.message = 'A Multi-AZ failover that resulted in the promotion of a standby instance has started.'
|
69
|
+
@event_subscriptions.push(event_subscription)
|
70
|
+
|
71
|
+
event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
|
72
|
+
event_subscription.name = 'MultiAZFailoverComplete'
|
73
|
+
event_subscription.rds_event_category = 'failover'
|
74
|
+
event_subscription.message = 'A Multi-AZ failover has completed.'
|
75
|
+
@event_subscriptions.push(event_subscription)
|
76
|
+
|
77
|
+
event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
|
78
|
+
event_subscription.name = 'DBFailure'
|
79
|
+
event_subscription.rds_event_category = 'failure'
|
80
|
+
event_subscription.message = 'The DB instance has failed due to an incompatible configuration or an underlying storage issue. Begin a point-in-time-restore for the DB instance.'
|
81
|
+
@event_subscriptions.push(event_subscription)
|
82
|
+
|
83
|
+
event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
|
84
|
+
event_subscription.name = 'TableCountExceedsRecommended'
|
85
|
+
event_subscription.rds_event_category = 'notification'
|
86
|
+
event_subscription.message = 'The number of tables you have for your DB instance exceeds the recommended best practices for Amazon RDS.'
|
87
|
+
@event_subscriptions.push(event_subscription)
|
88
|
+
|
89
|
+
event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
|
90
|
+
event_subscription.name = 'DatabasesCountExceedsRecommended'
|
91
|
+
event_subscription.rds_event_category = 'notification'
|
92
|
+
event_subscription.message = 'The number of databases you have for your DB instance exceeds the recommended best practices for Amazon RDS.'
|
93
|
+
@event_subscriptions.push(event_subscription)
|
94
|
+
|
95
|
+
event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
|
96
|
+
event_subscription.name = 'ReplicationFailure'
|
97
|
+
event_subscription.enabled = false
|
98
|
+
event_subscription.rds_event_category = 'read replica'
|
99
|
+
event_subscription.message = 'An error has occurred in the read replication process.'
|
100
|
+
@event_subscriptions.push(event_subscription)
|
101
|
+
|
102
|
+
event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
|
103
|
+
event_subscription.name = 'ReplicationTerminated'
|
104
|
+
event_subscription.enabled = false
|
105
|
+
event_subscription.rds_event_category = 'read replica'
|
106
|
+
event_subscription.message = 'Replication on the read replica was terminated.'
|
107
|
+
@event_subscriptions.push(event_subscription)
|
108
|
+
|
109
|
+
event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
|
110
|
+
event_subscription.name = 'ReplicationStopped'
|
111
|
+
event_subscription.enabled = false
|
112
|
+
event_subscription.rds_event_category = 'read replica'
|
113
|
+
event_subscription.message = 'Replication on the read replica was manually stopped.'
|
114
|
+
@event_subscriptions.push(event_subscription)
|
115
|
+
end
|
116
|
+
|
44
117
|
end
|
45
118
|
end
|
@@ -20,9 +20,9 @@ module CfnGuardian::Resource
|
|
20
20
|
alarm = CfnGuardian::Models::RedshiftClusterAlarm.new(@resource)
|
21
21
|
alarm.name = 'UnHealthyCluster'
|
22
22
|
alarm.metric_name = 'HealthStatus'
|
23
|
-
alarm.
|
23
|
+
alarm.comparison_operator = 'LessThanThreshold'
|
24
|
+
alarm.threshold = 1
|
24
25
|
alarm.evaluation_periods = 10
|
25
|
-
alarm.treat_missing_data = 'notBreaching'
|
26
26
|
@alarms.push(alarm)
|
27
27
|
end
|
28
28
|
|
@@ -0,0 +1,50 @@
|
|
1
|
+
module CfnGuardian::Resource
|
2
|
+
class SFTP < Base
|
3
|
+
|
4
|
+
def default_alarms
|
5
|
+
alarm = CfnGuardian::Models::SFTPAlarm.new(@resource)
|
6
|
+
alarm.name = 'Available'
|
7
|
+
alarm.metric_name = 'Available'
|
8
|
+
@alarms.push(alarm)
|
9
|
+
|
10
|
+
alarm = CfnGuardian::Models::SFTPAlarm.new(@resource)
|
11
|
+
alarm.name = 'ConnectionTime'
|
12
|
+
alarm.metric_name = 'ConnectionTime'
|
13
|
+
alarm.comparison_operator = 'GreaterThanThreshold'
|
14
|
+
alarm.statistic = 'Minimum'
|
15
|
+
alarm.threshold = 1000
|
16
|
+
@alarms.push(alarm)
|
17
|
+
|
18
|
+
if @resource.has_key?('File')
|
19
|
+
alarm = CfnGuardian::Models::SFTPAlarm.new(@resource)
|
20
|
+
alarm.name = 'FileExists'
|
21
|
+
alarm.metric_name = 'FileExists'
|
22
|
+
@alarms.push(alarm)
|
23
|
+
|
24
|
+
alarm = CfnGuardian::Models::SFTPAlarm.new(@resource)
|
25
|
+
alarm.name = 'FileGetTime'
|
26
|
+
alarm.metric_name = 'FileGetTime'
|
27
|
+
alarm.comparison_operator = 'GreaterThanThreshold'
|
28
|
+
alarm.statistic = 'Minimum'
|
29
|
+
alarm.threshold = 1000
|
30
|
+
@alarms.push(alarm)
|
31
|
+
|
32
|
+
if @resource.has_key?('FileBodyMatch')
|
33
|
+
alarm = CfnGuardian::Models::SFTPAlarm.new(@resource)
|
34
|
+
alarm.name = 'FileBodyMatch'
|
35
|
+
alarm.metric_name = 'FileBodyMatch'
|
36
|
+
@alarms.push(alarm)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
40
|
+
|
41
|
+
def default_events
|
42
|
+
@events.push(CfnGuardian::Models::SFTPEvent.new(@resource))
|
43
|
+
end
|
44
|
+
|
45
|
+
def default_checks
|
46
|
+
@checks.push(CfnGuardian::Models::SFTPCheck.new(@resource))
|
47
|
+
end
|
48
|
+
|
49
|
+
end
|
50
|
+
end
|