cfn-guardian 0.10.0 → 0.10.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/build-gem.yml +8 -4
- data/.github/workflows/push.yml +1 -1
- data/.github/workflows/release-gem.yml +3 -3
- data/.github/workflows/release-image.yml +1 -1
- data/docs/custom_checks/ecs_container_instance_check.md +1 -1
- data/lib/cfnguardian/models/check.rb +3 -3
- data/lib/cfnguardian/models/event.rb +3 -2
- data/lib/cfnguardian/resources/ecs_cluster.rb +2 -2
- data/lib/cfnguardian/resources/elastic_search.rb +2 -0
- data/lib/cfnguardian/resources/lambda.rb +6 -0
- data/lib/cfnguardian/stacks/main.rb +11 -0
- data/lib/cfnguardian/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 19ef61efb4a240960a8ad0818184f1cdea82dc186ab48a7ed7c645b7b2f57a69
|
|
4
|
+
data.tar.gz: d2d6c30ea763f40b3ee726738a9c8b63a96b7844a01b0ec68aacd684f4f9f906
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: aba8ad3df1ba1491b4fb66532775c3383e094c6eddb957eb5fbaeab891f7624bd48547c88f247c2e089cadb91dd4ea441941bb96609d4e8879a67f1e76e0e8c5
|
|
7
|
+
data.tar.gz: 4a5bf9ea7c2649b143c881499ab5af42781703f7855d118433dc11aabef5ac6ed2905e61466b78373194a3d3282307f7d2578ae587cee5a430f560215caaa4d4
|
|
@@ -11,15 +11,19 @@ jobs:
|
|
|
11
11
|
runs-on: ubuntu-latest
|
|
12
12
|
|
|
13
13
|
steps:
|
|
14
|
-
-
|
|
15
|
-
|
|
16
|
-
|
|
14
|
+
- name: Check out the repo
|
|
15
|
+
uses: actions/checkout@v3
|
|
16
|
+
|
|
17
|
+
- name: Set up ruby 2.7
|
|
18
|
+
uses: ruby/setup-ruby@v1
|
|
17
19
|
with:
|
|
18
|
-
ruby-version: 2.7
|
|
20
|
+
ruby-version: 2.7
|
|
21
|
+
|
|
19
22
|
- name: rspec
|
|
20
23
|
run: |
|
|
21
24
|
gem install rspec
|
|
22
25
|
rspec
|
|
26
|
+
|
|
23
27
|
- name: build gem
|
|
24
28
|
run: |
|
|
25
29
|
gem build cfn-guardian.gemspec
|
data/.github/workflows/push.yml
CHANGED
|
@@ -11,12 +11,12 @@ jobs:
|
|
|
11
11
|
|
|
12
12
|
steps:
|
|
13
13
|
- name: Check out the repo
|
|
14
|
-
uses: actions/checkout@
|
|
14
|
+
uses: actions/checkout@v3
|
|
15
15
|
|
|
16
16
|
- name: Set up ruby 2.7
|
|
17
|
-
uses:
|
|
17
|
+
uses: ruby/setup-ruby@v1
|
|
18
18
|
with:
|
|
19
|
-
ruby-version: 2.7
|
|
19
|
+
ruby-version: 2.7
|
|
20
20
|
|
|
21
21
|
- name: Publish gem
|
|
22
22
|
uses: dawidd6/action-publish-gem@v1
|
|
@@ -53,7 +53,7 @@ module CfnGuardian
|
|
|
53
53
|
@name = 'WebSocketCheck'
|
|
54
54
|
@package = 'websocket-check'
|
|
55
55
|
@handler = 'handler.websocket_check'
|
|
56
|
-
@version = '
|
|
56
|
+
@version = 'fb374fcf606b921d3745d7171d81ab5a32135d2f'
|
|
57
57
|
@runtime = 'python3.7'
|
|
58
58
|
@branch = 'main'
|
|
59
59
|
end
|
|
@@ -163,9 +163,9 @@ module CfnGuardian
|
|
|
163
163
|
super(resource)
|
|
164
164
|
@group = 'ContainerInstance'
|
|
165
165
|
@name = 'ContainerInstanceCheck'
|
|
166
|
-
@package = 'ecs-
|
|
166
|
+
@package = 'ecs-container-instance-check'
|
|
167
167
|
@handler = 'handler.run_check'
|
|
168
|
-
@version = '
|
|
168
|
+
@version = '387446fbe2eb18fb4f75462c27cc07caad4a26b8'
|
|
169
169
|
@runtime = 'python3.7'
|
|
170
170
|
end
|
|
171
171
|
end
|
|
@@ -89,7 +89,7 @@ module CfnGuardian
|
|
|
89
89
|
@endpoint = resource['Id']
|
|
90
90
|
@message = resource.fetch('Message',nil)
|
|
91
91
|
@expected_response = resource.fetch('Expected_Response',nil)
|
|
92
|
-
@timeout = resource.fetch('Timeout',
|
|
92
|
+
@timeout = resource.fetch('Timeout',30)
|
|
93
93
|
@payload = resource.fetch('Payload',nil)
|
|
94
94
|
end
|
|
95
95
|
|
|
@@ -97,7 +97,8 @@ module CfnGuardian
|
|
|
97
97
|
payload = {
|
|
98
98
|
'ENDPOINT' => @endpoint,
|
|
99
99
|
'MESSAGE' => @message,
|
|
100
|
-
'EXPECTED_RESPONSE' => @expected_response
|
|
100
|
+
'EXPECTED_RESPONSE' => @expected_response,
|
|
101
|
+
'TIMEOUT' => @timeout
|
|
101
102
|
}
|
|
102
103
|
payload['PAYLOAD'] = @payload unless @payload.nil?
|
|
103
104
|
return payload.to_json
|
|
@@ -23,8 +23,8 @@ module CfnGuardian::Resource
|
|
|
23
23
|
|
|
24
24
|
alarm = CfnGuardian::Models::ECSClusterAlarm.new(@resource)
|
|
25
25
|
alarm.namespace = 'EcsCICheck'
|
|
26
|
-
alarm.name = '
|
|
27
|
-
alarm.metric_name = '
|
|
26
|
+
alarm.name = 'ECSContainerInstancesDisconnected'
|
|
27
|
+
alarm.metric_name = 'ECSContainerInstancesDisconnected'
|
|
28
28
|
alarm.alarm_action = 'Critical'
|
|
29
29
|
alarm.threshold = 0
|
|
30
30
|
alarm.period = 300
|
|
@@ -20,6 +20,7 @@ module CfnGuardian::Resource
|
|
|
20
20
|
alarm.evaluation_periods = 5
|
|
21
21
|
alarm.datapoints_to_alarm = 3
|
|
22
22
|
alarm.alarm_action = 'Warning'
|
|
23
|
+
alarm.enabled = false
|
|
23
24
|
@alarms.push(alarm)
|
|
24
25
|
|
|
25
26
|
alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
|
|
@@ -28,6 +29,7 @@ module CfnGuardian::Resource
|
|
|
28
29
|
alarm.threshold = 92
|
|
29
30
|
alarm.evaluation_periods = 5
|
|
30
31
|
alarm.alarm_action = 'Critical'
|
|
32
|
+
alarm.enabled = false
|
|
31
33
|
@alarms.push(alarm)
|
|
32
34
|
|
|
33
35
|
alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
|
|
@@ -6,18 +6,24 @@ module CfnGuardian::Resource
|
|
|
6
6
|
alarm.name = 'LambdaErrors'
|
|
7
7
|
alarm.metric_name = 'Errors'
|
|
8
8
|
alarm.threshold = 0.5
|
|
9
|
+
alarm.evaluation_periods = 1
|
|
10
|
+
alarm.datapoints_to_alarm = 1
|
|
9
11
|
@alarms.push(alarm)
|
|
10
12
|
|
|
11
13
|
alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
|
|
12
14
|
alarm.name = 'Throttles'
|
|
13
15
|
alarm.metric_name = 'Throttles'
|
|
14
16
|
alarm.threshold = 0.5
|
|
17
|
+
alarm.evaluation_periods = 1
|
|
18
|
+
alarm.datapoints_to_alarm = 1
|
|
15
19
|
@alarms.push(alarm)
|
|
16
20
|
|
|
17
21
|
alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
|
|
18
22
|
alarm.name = 'DeadLetterErrors'
|
|
19
23
|
alarm.metric_name = 'DeadLetterErrors'
|
|
20
24
|
alarm.threshold = 0.5
|
|
25
|
+
alarm.evaluation_periods = 1
|
|
26
|
+
alarm.datapoints_to_alarm = 1
|
|
21
27
|
@alarms.push(alarm)
|
|
22
28
|
|
|
23
29
|
alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
|
|
@@ -81,6 +81,17 @@ module CfnGuardian
|
|
|
81
81
|
}]
|
|
82
82
|
}
|
|
83
83
|
}
|
|
84
|
+
policies << {
|
|
85
|
+
PolicyName: 'container-instance-check',
|
|
86
|
+
PolicyDocument: {
|
|
87
|
+
Version: '2012-10-17',
|
|
88
|
+
Statement: [{
|
|
89
|
+
Effect: 'Allow',
|
|
90
|
+
Action: [ 'ecs:ListContainerInstances' ],
|
|
91
|
+
Resource: '*'
|
|
92
|
+
}]
|
|
93
|
+
}
|
|
94
|
+
}
|
|
84
95
|
if ssm_parameters.any?
|
|
85
96
|
policies << {
|
|
86
97
|
PolicyName: 'ssm-parameters',
|
data/lib/cfnguardian/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-guardian
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.10.
|
|
4
|
+
version: 0.10.4
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Guslington
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2023-01-23 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|