cfn-guardian 0.1.0 → 0.6.3

data/lib/cfnguardian/resources/ec2_instance.rb

@@ -19,6 +19,17 @@ module CfnGuardian
         @alarms.push(alarm)
       end
       
+      def default_event_subscriptions()
+        event_subscription = CfnGuardian::Models::Ec2InstanceEventSubscription.new(@resource)
+        event_subscription.name = 'InstanceTerminated'
+        event_subscription.detail_type = 'EC2 Instance State-change Notification'
+        event_subscription.detail = {
+          'instance-id' => [@resource['Id']],
+          'state' => ['terminated']
+        }
+        @event_subscriptions.push(event_subscription)
+      end
+
     end
   end
 end

data/lib/cfnguardian/resources/ecs_service.rb

@@ -8,7 +8,7 @@ module CfnGuardian
         alarm.metric_name = 'MemoryUtilization'
         alarm.comparison_operator = 'LessThanOrEqualToThreshold'
         alarm.statistic = 'SampleCount'
-        alarm.threshold = 15
+        alarm.threshold = 0
         alarm.evaluation_periods = 10
         alarm.treat_missing_data = 'breaching'
         alarm.datapoints_to_alarm = 8
@@ -19,7 +19,7 @@ module CfnGuardian
         alarm.metric_name = 'MemoryUtilization'
         alarm.comparison_operator = 'LessThanOrEqualToThreshold'
         alarm.statistic = 'SampleCount'
-        alarm.threshold = 15
+        alarm.threshold = 1
         alarm.evaluation_periods = 10
         alarm.treat_missing_data = 'breaching'
         alarm.datapoints_to_alarm = 8

data/lib/cfnguardian/resources/http.rb

@@ -14,8 +14,9 @@ module CfnGuardian::Resource
       alarm.metric_name = 'StatusCodeMatch'
       @alarms.push(alarm)
             
-      alarm = CfnGuardian::Models::ElasticLoadBalancerAlarm.new(@resource)
+      alarm = CfnGuardian::Models::HttpAlarm.new(@resource)
       alarm.name = 'EndpointTimeTaken'
+      alarm.comparison_operator = 'GreaterThanThreshold'
       alarm.metric_name = 'TimeTaken'
       alarm.statistic = 'Minimum'
       alarm.threshold = 1000
@@ -29,6 +30,21 @@ module CfnGuardian::Resource
         alarm.metric_name = 'ResponseBodyRegexMatch'
         @alarms.push(alarm)
       end
+      
+      if @resource.has_key?('Ssl') && @resource['Ssl']
+        alarm = CfnGuardian::Models::SslAlarm.new(@resource)
+        alarm.name = 'ExpiresInDaysCritical'
+        alarm.metric_name = 'ExpiresInDays'
+        alarm.threshold = 5
+        @alarms.push(alarm)
+        
+        alarm = CfnGuardian::Models::SslAlarm.new(@resource)
+        alarm.name = 'ExpiresInDaysTask'
+        alarm.metric_name = 'ExpiresInDays'
+        alarm.alarm_action = 'Task'
+        alarm.threshold = 30
+        @alarms.push(alarm)
+      end
     end
     
     def default_events()

data/lib/cfnguardian/resources/internal_http.rb

@@ -0,0 +1,74 @@
+require 'digest/md5'
+
+module CfnGuardian::Resource
+  class InternalHttp < Base
+    
+    def initialize(resource, override_group = nil)
+      super(resource, override_group)
+      @resource_list = resource['Hosts']
+      @environment = resource['Environment']
+    end
+    
+    def default_alarms    
+      @resource_list.each do |host|
+        alarm = CfnGuardian::Models::InternalHttpAlarm.new(host)
+        alarm.name = 'EndpointAvailable'
+        alarm.metric_name = 'Available'
+        @alarms.push(alarm)
+        
+        alarm = CfnGuardian::Models::InternalHttpAlarm.new(host)
+        alarm.name = 'EndpointStatusCodeMatch'
+        alarm.metric_name = 'StatusCodeMatch'
+        @alarms.push(alarm)
+              
+        alarm = CfnGuardian::Models::InternalHttpAlarm.new(host)
+        alarm.name = 'EndpointTimeTaken'
+        alarm.comparison_operator = 'GreaterThanThreshold'
+        alarm.metric_name = 'TimeTaken'
+        alarm.statistic = 'Minimum'
+        alarm.threshold = 1000
+        alarm.period = 300
+        alarm.evaluation_periods = 1
+        @alarms.push(alarm)
+        
+        if host.has_key?('BodyRegex')
+          alarm = CfnGuardian::Models::InternalHttpAlarm.new(host)
+          alarm.name = 'EndpointBodyRegexMatch'
+          alarm.metric_name = 'ResponseBodyRegexMatch'
+          @alarms.push(alarm)
+        end
+        
+        if host.has_key?('Ssl') && host['Ssl']
+          alarm = CfnGuardian::Models::InternalSslAlarm.new(host)
+          alarm.name = 'ExpiresInDaysCritical'
+          alarm.metric_name = 'ExpiresInDays'
+          alarm.threshold = 5
+          @alarms.push(alarm)
+          
+          alarm = CfnGuardian::Models::InternalSslAlarm.new(host)
+          alarm.name = 'ExpiresInDaysTask'
+          alarm.metric_name = 'ExpiresInDays'
+          alarm.threshold = 30
+          @alarms.push(alarm)
+        end
+      end
+    end
+    
+    def default_events()
+      @resource_list.each do |host| 
+        @events.push(CfnGuardian::Models::InternalHttpEvent.new(host,@environment))
+        if host.has_key?('Ssl') && host['Ssl']
+          @events.push(CfnGuardian::Models::InternalSslEvent.new(host,@environment))
+        end
+      end
+    end
+    
+    def default_checks()
+      @checks.push(CfnGuardian::Models::InternalHttpCheck.new(@resource))
+      if @resource_list.any? {|host| host.has_key?('Ssl') && host['Ssl'] }
+        @checks.push(CfnGuardian::Models::InternalSslCheck.new(@resource))
+      end
+    end
+    
+  end
+end

data/lib/cfnguardian/resources/internal_port.rb

@@ -0,0 +1,33 @@
+module CfnGuardian::Resource
+  class InternalPort < Base
+    
+    def initialize(resource, override_group = nil)
+      super(resource, override_group)
+      @resource_list = resource['Hosts']
+      @environment = resource['Environment']
+    end
+    
+    def default_alarms    
+      @resource_list.each do |host|
+        alarm = CfnGuardian::Models::InternalPortAlarm.new(host)
+        alarm.name = 'EndpointAvailable'
+        alarm.metric_name = 'Available'
+        @alarms.push(alarm)
+        
+        alarm = CfnGuardian::Models::InternalPortAlarm.new(host)
+        alarm.name = 'EndpointTimeTaken'
+        alarm.metric_name = 'TimeTaken'
+        @alarms.push(alarm)
+      end
+    end
+    
+    def default_events()
+      @resource_list.each {|host| @events.push(CfnGuardian::Models::InternalPortEvent.new(host,@environment))}
+    end
+    
+    def default_checks()
+      @checks.push(CfnGuardian::Models::InternalPortCheck.new(@resource))
+    end
+    
+  end
+end

data/lib/cfnguardian/resources/internal_sftp.rb

@@ -0,0 +1,58 @@
+module CfnGuardian::Resource
+  class InternalSFTP < Base
+    
+    def initialize(resource, override_group = nil)
+      super(resource, override_group)
+      @resource_list = resource['Hosts']
+      @environment = resource['Environment']
+    end
+    
+    def default_alarms
+      @resource_list.each do |host|
+        alarm = CfnGuardian::Models::InternalSFTPAlarm.new(host)
+        alarm.name = 'Available'
+        alarm.metric_name = 'Available'
+        @alarms.push(alarm)
+        
+        alarm = CfnGuardian::Models::InternalSFTPAlarm.new(host)
+        alarm.name = 'ConnectionTime'
+        alarm.metric_name = 'ConnectionTime'
+        alarm.comparison_operator = 'GreaterThanThreshold'
+        alarm.statistic = 'Minimum'
+        alarm.threshold = 1000
+        @alarms.push(alarm)
+        
+        if host.has_key?('File')
+          alarm = CfnGuardian::Models::InternalSFTPAlarm.new(host)
+          alarm.name = 'FileExists'
+          alarm.metric_name = 'FileExists'
+          @alarms.push(alarm)
+        
+          alarm = CfnGuardian::Models::InternalSFTPAlarm.new(host)
+          alarm.name = 'FileGetTime'
+          alarm.metric_name = 'FileGetTime'
+          alarm.comparison_operator = 'GreaterThanThreshold'
+          alarm.statistic = 'Minimum'
+          alarm.threshold = 1000
+          @alarms.push(alarm)
+          
+          if host.has_key?('FileBodyMatch')
+            alarm = CfnGuardian::Models::InternalSFTPAlarm.new(host)
+            alarm.name = 'FileBodyMatch'
+            alarm.metric_name = 'FileBodyMatch'
+            @alarms.push(alarm)
+          end
+        end
+      end
+    end
+    
+    def default_events
+      @resource_list.each {|host| @events.push(CfnGuardian::Models::InternalSFTPEvent.new(host,@environment)) }
+    end
+    
+    def default_checks
+      @checks.push(CfnGuardian::Models::InternalSFTPCheck.new(@resource))
+    end
+    
+  end
+end

data/lib/cfnguardian/resources/log_group.rb

@@ -0,0 +1,26 @@
+module CfnGuardian::Resource
+  class LogGroup < Base
+    
+    def initialize(resource, override_group = nil)
+      super(resource, override_group)
+      @resource_list = resource['MetricFilters']
+    end
+    
+    def default_alarms()
+      @resource_list.each do |filter|
+        alarm = CfnGuardian::Models::LogGroupAlarm.new(@resource)
+        alarm.name = filter['MetricName']
+        alarm.metric_name = filter['MetricName']
+        @alarms.push(alarm)
+      end
+    end
+    
+    def default_metric_filters()
+      @resource_list.each do |filter|
+        metric_filter = CfnGuardian::Models::MetricFilter.new(@resource['Id'],filter)
+        @metric_filters.push(metric_filter)
+      end
+    end
+    
+  end
+end

data/lib/cfnguardian/resources/network_targetgroup.rb

@@ -5,6 +5,7 @@ module CfnGuardian::Resource
       alarm = CfnGuardian::Models::NetworkTargetGroupAlarm.new(@resource)
       alarm.name = 'HealthyHosts'
       alarm.metric_name = 'HealthyHostCount'
+      alarm.comparison_operator = 'LessThanThreshold'
       alarm.statistic = 'Minimum'
       alarm.threshold = 2
       alarm.evaluation_periods = 1

data/lib/cfnguardian/resources/port.rb

@@ -0,0 +1,25 @@
+module CfnGuardian::Resource
+  class Port < Base
+    
+    def default_alarms    
+      alarm = CfnGuardian::Models::PortAlarm.new(@resource)
+      alarm.name = 'EndpointAvailable'
+      alarm.metric_name = 'Available'
+      @alarms.push(alarm)
+      
+      alarm = CfnGuardian::Models::PortAlarm.new(@resource)
+      alarm.name = 'EndpointTimeTaken'
+      alarm.metric_name = 'TimeTaken'
+      @alarms.push(alarm)
+    end
+    
+    def default_events()
+      @events.push(CfnGuardian::Models::PortEvent.new(@resource))
+    end
+    
+    def default_checks()
+      @checks.push(CfnGuardian::Models::PortCheck.new(@resource))
+    end
+    
+  end
+end

data/lib/cfnguardian/resources/rds_cluster.rb

@@ -0,0 +1,14 @@
+module CfnGuardian::Resource
+    class RDSCluster < Base
+           
+      def default_event_subscriptions()
+        event_subscription = CfnGuardian::Models::RDSClusterEventSubscription.new(@resource)
+        event_subscription.name = 'FailoverFailed'
+        event_subscription.rds_event_category = 'failover'
+        event_subscription.message = 'A failover for the DB cluster has failed.'
+        @event_subscriptions.push(event_subscription)
+      end
+  
+    end
+  end
+  

data/lib/cfnguardian/resources/rds_instance.rb

@@ -7,6 +7,7 @@ module CfnGuardian::Resource
       alarm.metric_name = 'FreeStorageSpace'
       alarm.threshold = 50000000000
       alarm.evaluation_periods = 1
+      alarm.comparison_operator = 'LessThanThreshold'
       @alarms.push(alarm)
       
       alarm = CfnGuardian::Models::RDSInstanceAlarm.new(@resource)
@@ -14,6 +15,7 @@ module CfnGuardian::Resource
       alarm.metric_name = 'FreeStorageSpace'
       alarm.threshold = 100000000000
       alarm.evaluation_periods = 1
+      alarm.comparison_operator = 'LessThanThreshold'
       alarm.alarm_action = 'Task'
       @alarms.push(alarm)
          
@@ -41,5 +43,76 @@ module CfnGuardian::Resource
       @alarms.push(alarm)
     end
     
+    def default_event_subscriptions()
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'MasterPasswordReset'
+      event_subscription.rds_event_category = 'configuration change'
+      event_subscription.message = 'The master password for the DB instance has been reset.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'MasterPasswordResetFailure'
+      event_subscription.rds_event_category = 'configuration change'
+      event_subscription.message = 'An attempt to reset the master password for the DB instance has failed.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'Deletion'
+      event_subscription.rds_event_category = 'deletion'
+      event_subscription.message = 'The DB instance has been deleted.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'MultiAZFailoverStarted'
+      event_subscription.rds_event_category = 'failover'
+      event_subscription.message = 'A Multi-AZ failover that resulted in the promotion of a standby instance has started.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'MultiAZFailoverComplete'
+      event_subscription.rds_event_category = 'failover'
+      event_subscription.message = 'A Multi-AZ failover has completed.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'DBFailure'
+      event_subscription.rds_event_category = 'failure'
+      event_subscription.message = 'The DB instance has failed due to an incompatible configuration or an underlying storage issue. Begin a point-in-time-restore for the DB instance.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'TableCountExceedsRecommended'
+      event_subscription.rds_event_category = 'notification'
+      event_subscription.message = 'The number of tables you have for your DB instance exceeds the recommended best practices for Amazon RDS.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'DatabasesCountExceedsRecommended'
+      event_subscription.rds_event_category = 'notification'
+      event_subscription.message = 'The number of databases you have for your DB instance exceeds the recommended best practices for Amazon RDS.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'ReplicationFailure'
+      event_subscription.enabled = false
+      event_subscription.rds_event_category = 'read replica'
+      event_subscription.message = 'An error has occurred in the read replication process.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'ReplicationTerminated'
+      event_subscription.enabled = false
+      event_subscription.rds_event_category = 'read replica'
+      event_subscription.message = 'Replication on the read replica was terminated.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'ReplicationStopped'
+      event_subscription.enabled = false
+      event_subscription.rds_event_category = 'read replica'
+      event_subscription.message = 'Replication on the read replica was manually stopped.'
+      @event_subscriptions.push(event_subscription)
+    end
+
   end
 end

data/lib/cfnguardian/resources/redshift_cluster.rb

@@ -20,9 +20,9 @@ module CfnGuardian::Resource
       alarm = CfnGuardian::Models::RedshiftClusterAlarm.new(@resource)
       alarm.name = 'UnHealthyCluster'
       alarm.metric_name = 'HealthStatus'
-      alarm.threshold = 0
+      alarm.comparison_operator = 'LessThanThreshold'
+      alarm.threshold = 1
       alarm.evaluation_periods = 10
-      alarm.treat_missing_data = 'notBreaching'
       @alarms.push(alarm)
     end
     

data/lib/cfnguardian/resources/sftp.rb

@@ -0,0 +1,50 @@
+module CfnGuardian::Resource
+  class SFTP < Base
+    
+    def default_alarms    
+      alarm = CfnGuardian::Models::SFTPAlarm.new(@resource)
+      alarm.name = 'Available'
+      alarm.metric_name = 'Available'
+      @alarms.push(alarm)
+      
+      alarm = CfnGuardian::Models::SFTPAlarm.new(@resource)
+      alarm.name = 'ConnectionTime'
+      alarm.metric_name = 'ConnectionTime'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Minimum'
+      alarm.threshold = 1000
+      @alarms.push(alarm)
+      
+      if @resource.has_key?('File')
+        alarm = CfnGuardian::Models::SFTPAlarm.new(@resource)
+        alarm.name = 'FileExists'
+        alarm.metric_name = 'FileExists'
+        @alarms.push(alarm)
+      
+        alarm = CfnGuardian::Models::SFTPAlarm.new(@resource)
+        alarm.name = 'FileGetTime'
+        alarm.metric_name = 'FileGetTime'
+        alarm.comparison_operator = 'GreaterThanThreshold'
+        alarm.statistic = 'Minimum'
+        alarm.threshold = 1000
+        @alarms.push(alarm)
+        
+        if @resource.has_key?('FileBodyMatch')
+          alarm = CfnGuardian::Models::SFTPAlarm.new(@resource)
+          alarm.name = 'FileBodyMatch'
+          alarm.metric_name = 'FileBodyMatch'
+          @alarms.push(alarm)
+        end
+      end
+    end
+    
+    def default_events
+      @events.push(CfnGuardian::Models::SFTPEvent.new(@resource))
+    end
+    
+    def default_checks
+      @checks.push(CfnGuardian::Models::SFTPCheck.new(@resource))
+    end
+    
+  end
+end