cfn-guardian 0.10.0 → 0.10.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/build-gem.yml +8 -4
- data/.github/workflows/push.yml +1 -1
- data/.github/workflows/release-gem.yml +3 -3
- data/.github/workflows/release-image.yml +1 -1
- data/docs/custom_checks/ecs_container_instance_check.md +1 -1
- data/lib/cfnguardian/models/check.rb +3 -3
- data/lib/cfnguardian/models/event.rb +3 -2
- data/lib/cfnguardian/resources/ecs_cluster.rb +2 -2
- data/lib/cfnguardian/resources/elastic_search.rb +2 -0
- data/lib/cfnguardian/resources/lambda.rb +6 -0
- data/lib/cfnguardian/stacks/main.rb +11 -0
- data/lib/cfnguardian/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 19ef61efb4a240960a8ad0818184f1cdea82dc186ab48a7ed7c645b7b2f57a69
|
4
|
+
data.tar.gz: d2d6c30ea763f40b3ee726738a9c8b63a96b7844a01b0ec68aacd684f4f9f906
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: aba8ad3df1ba1491b4fb66532775c3383e094c6eddb957eb5fbaeab891f7624bd48547c88f247c2e089cadb91dd4ea441941bb96609d4e8879a67f1e76e0e8c5
|
7
|
+
data.tar.gz: 4a5bf9ea7c2649b143c881499ab5af42781703f7855d118433dc11aabef5ac6ed2905e61466b78373194a3d3282307f7d2578ae587cee5a430f560215caaa4d4
|
@@ -11,15 +11,19 @@ jobs:
|
|
11
11
|
runs-on: ubuntu-latest
|
12
12
|
|
13
13
|
steps:
|
14
|
-
-
|
15
|
-
|
16
|
-
|
14
|
+
- name: Check out the repo
|
15
|
+
uses: actions/checkout@v3
|
16
|
+
|
17
|
+
- name: Set up ruby 2.7
|
18
|
+
uses: ruby/setup-ruby@v1
|
17
19
|
with:
|
18
|
-
ruby-version: 2.7
|
20
|
+
ruby-version: 2.7
|
21
|
+
|
19
22
|
- name: rspec
|
20
23
|
run: |
|
21
24
|
gem install rspec
|
22
25
|
rspec
|
26
|
+
|
23
27
|
- name: build gem
|
24
28
|
run: |
|
25
29
|
gem build cfn-guardian.gemspec
|
data/.github/workflows/push.yml
CHANGED
@@ -11,12 +11,12 @@ jobs:
|
|
11
11
|
|
12
12
|
steps:
|
13
13
|
- name: Check out the repo
|
14
|
-
uses: actions/checkout@
|
14
|
+
uses: actions/checkout@v3
|
15
15
|
|
16
16
|
- name: Set up ruby 2.7
|
17
|
-
uses:
|
17
|
+
uses: ruby/setup-ruby@v1
|
18
18
|
with:
|
19
|
-
ruby-version: 2.7
|
19
|
+
ruby-version: 2.7
|
20
20
|
|
21
21
|
- name: Publish gem
|
22
22
|
uses: dawidd6/action-publish-gem@v1
|
@@ -53,7 +53,7 @@ module CfnGuardian
|
|
53
53
|
@name = 'WebSocketCheck'
|
54
54
|
@package = 'websocket-check'
|
55
55
|
@handler = 'handler.websocket_check'
|
56
|
-
@version = '
|
56
|
+
@version = 'fb374fcf606b921d3745d7171d81ab5a32135d2f'
|
57
57
|
@runtime = 'python3.7'
|
58
58
|
@branch = 'main'
|
59
59
|
end
|
@@ -163,9 +163,9 @@ module CfnGuardian
|
|
163
163
|
super(resource)
|
164
164
|
@group = 'ContainerInstance'
|
165
165
|
@name = 'ContainerInstanceCheck'
|
166
|
-
@package = 'ecs-
|
166
|
+
@package = 'ecs-container-instance-check'
|
167
167
|
@handler = 'handler.run_check'
|
168
|
-
@version = '
|
168
|
+
@version = '387446fbe2eb18fb4f75462c27cc07caad4a26b8'
|
169
169
|
@runtime = 'python3.7'
|
170
170
|
end
|
171
171
|
end
|
@@ -89,7 +89,7 @@ module CfnGuardian
|
|
89
89
|
@endpoint = resource['Id']
|
90
90
|
@message = resource.fetch('Message',nil)
|
91
91
|
@expected_response = resource.fetch('Expected_Response',nil)
|
92
|
-
@timeout = resource.fetch('Timeout',
|
92
|
+
@timeout = resource.fetch('Timeout',30)
|
93
93
|
@payload = resource.fetch('Payload',nil)
|
94
94
|
end
|
95
95
|
|
@@ -97,7 +97,8 @@ module CfnGuardian
|
|
97
97
|
payload = {
|
98
98
|
'ENDPOINT' => @endpoint,
|
99
99
|
'MESSAGE' => @message,
|
100
|
-
'EXPECTED_RESPONSE' => @expected_response
|
100
|
+
'EXPECTED_RESPONSE' => @expected_response,
|
101
|
+
'TIMEOUT' => @timeout
|
101
102
|
}
|
102
103
|
payload['PAYLOAD'] = @payload unless @payload.nil?
|
103
104
|
return payload.to_json
|
@@ -23,8 +23,8 @@ module CfnGuardian::Resource
|
|
23
23
|
|
24
24
|
alarm = CfnGuardian::Models::ECSClusterAlarm.new(@resource)
|
25
25
|
alarm.namespace = 'EcsCICheck'
|
26
|
-
alarm.name = '
|
27
|
-
alarm.metric_name = '
|
26
|
+
alarm.name = 'ECSContainerInstancesDisconnected'
|
27
|
+
alarm.metric_name = 'ECSContainerInstancesDisconnected'
|
28
28
|
alarm.alarm_action = 'Critical'
|
29
29
|
alarm.threshold = 0
|
30
30
|
alarm.period = 300
|
@@ -20,6 +20,7 @@ module CfnGuardian::Resource
|
|
20
20
|
alarm.evaluation_periods = 5
|
21
21
|
alarm.datapoints_to_alarm = 3
|
22
22
|
alarm.alarm_action = 'Warning'
|
23
|
+
alarm.enabled = false
|
23
24
|
@alarms.push(alarm)
|
24
25
|
|
25
26
|
alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
|
@@ -28,6 +29,7 @@ module CfnGuardian::Resource
|
|
28
29
|
alarm.threshold = 92
|
29
30
|
alarm.evaluation_periods = 5
|
30
31
|
alarm.alarm_action = 'Critical'
|
32
|
+
alarm.enabled = false
|
31
33
|
@alarms.push(alarm)
|
32
34
|
|
33
35
|
alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
|
@@ -6,18 +6,24 @@ module CfnGuardian::Resource
|
|
6
6
|
alarm.name = 'LambdaErrors'
|
7
7
|
alarm.metric_name = 'Errors'
|
8
8
|
alarm.threshold = 0.5
|
9
|
+
alarm.evaluation_periods = 1
|
10
|
+
alarm.datapoints_to_alarm = 1
|
9
11
|
@alarms.push(alarm)
|
10
12
|
|
11
13
|
alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
|
12
14
|
alarm.name = 'Throttles'
|
13
15
|
alarm.metric_name = 'Throttles'
|
14
16
|
alarm.threshold = 0.5
|
17
|
+
alarm.evaluation_periods = 1
|
18
|
+
alarm.datapoints_to_alarm = 1
|
15
19
|
@alarms.push(alarm)
|
16
20
|
|
17
21
|
alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
|
18
22
|
alarm.name = 'DeadLetterErrors'
|
19
23
|
alarm.metric_name = 'DeadLetterErrors'
|
20
24
|
alarm.threshold = 0.5
|
25
|
+
alarm.evaluation_periods = 1
|
26
|
+
alarm.datapoints_to_alarm = 1
|
21
27
|
@alarms.push(alarm)
|
22
28
|
|
23
29
|
alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
|
@@ -81,6 +81,17 @@ module CfnGuardian
|
|
81
81
|
}]
|
82
82
|
}
|
83
83
|
}
|
84
|
+
policies << {
|
85
|
+
PolicyName: 'container-instance-check',
|
86
|
+
PolicyDocument: {
|
87
|
+
Version: '2012-10-17',
|
88
|
+
Statement: [{
|
89
|
+
Effect: 'Allow',
|
90
|
+
Action: [ 'ecs:ListContainerInstances' ],
|
91
|
+
Resource: '*'
|
92
|
+
}]
|
93
|
+
}
|
94
|
+
}
|
84
95
|
if ssm_parameters.any?
|
85
96
|
policies << {
|
86
97
|
PolicyName: 'ssm-parameters',
|
data/lib/cfnguardian/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-guardian
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.10.
|
4
|
+
version: 0.10.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Guslington
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2023-01-23 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|