cfn-guardian 0.11.5 → 0.11.6
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/docs/resources.md +1 -0
- data/lib/cfnguardian/compile.rb +18 -1
- data/lib/cfnguardian/models/alarm.rb +9 -0
- data/lib/cfnguardian/models/event_subscription.rb +1 -0
- data/lib/cfnguardian/resources/acm.rb +39 -0
- data/lib/cfnguardian/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9d2c40c9c770002c29f5944836df58ce457d497b8f650c4502f18fcf4e79cd71
|
4
|
+
data.tar.gz: c8d2396742afaeecc84ffcb30aab78a6be53af64292cd362581a75275f4332cb
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: b8e74696940031d2e2010eb005172bd98eb6478b9c0feccdb7a5c413c70d6a9db36b7ab6d51022d7f2ea761a7fd170f166b3892b06e7627da2a9b7b04d2a6222
|
7
|
+
data.tar.gz: 39c24609796c7019a2cbe12ff6cef57e53a8532c89bd143eeb356813798c3fd354a24c9d61d94ff1fb981da030bdf0e42183fa2504cd7fad1a6b2155053c811c
|
data/README.md
CHANGED
data/docs/resources.md
CHANGED
data/lib/cfnguardian/compile.rb
CHANGED
@@ -5,6 +5,7 @@ require 'cfnguardian/stacks/resources'
|
|
5
5
|
require 'cfnguardian/stacks/main'
|
6
6
|
require 'cfnguardian/models/composite'
|
7
7
|
require 'cfnguardian/resources/base'
|
8
|
+
require 'cfnguardian/resources/acm'
|
8
9
|
require 'cfnguardian/resources/apigateway'
|
9
10
|
require 'cfnguardian/resources/application_targetgroup'
|
10
11
|
require 'cfnguardian/resources/amazonmq_broker'
|
@@ -139,6 +140,9 @@ module CfnGuardian
|
|
139
140
|
@cost += resource_class.get_cost
|
140
141
|
end
|
141
142
|
end
|
143
|
+
|
144
|
+
# Add default event subscriptions
|
145
|
+
@resources.concat generate_default_event_subscriptions()
|
142
146
|
|
143
147
|
@maintenance_groups.each do |maintenance_group,resource_groups|
|
144
148
|
resource_groups.each do |group, alarms|
|
@@ -251,6 +255,19 @@ module CfnGuardian
|
|
251
255
|
|
252
256
|
File.write("out/template-config.guardian.json", template.to_json)
|
253
257
|
end
|
254
|
-
|
258
|
+
|
259
|
+
def generate_default_event_subscriptions()
|
260
|
+
# List of Classes which default events should be deployed
|
261
|
+
default_resource_classes = ['CfnGuardian::Resource::Acm']
|
262
|
+
default_event_subscriptions = []
|
263
|
+
|
264
|
+
default_resource_classes.each do |resource_class|
|
265
|
+
resource_instance = Kernel.const_get(resource_class).new({"Id"=>resource_class}) # Dummy ID
|
266
|
+
default_event_subscriptions.concat(resource_instance.default_event_subscriptions())
|
267
|
+
end
|
268
|
+
|
269
|
+
return default_event_subscriptions
|
270
|
+
end
|
271
|
+
|
255
272
|
end
|
256
273
|
end
|
@@ -66,6 +66,15 @@ module CfnGuardian
|
|
66
66
|
end
|
67
67
|
end
|
68
68
|
|
69
|
+
class AcmAlarm < BaseAlarm
|
70
|
+
def initialize(resource)
|
71
|
+
super(resource)
|
72
|
+
@group = 'Acm'
|
73
|
+
@namespace = 'AWS/CertificateManager'
|
74
|
+
@dimensions = { CertificateArn: { "Fn::Sub" => "arn:aws:acm:${AWS::Region}:${AWS::AccountId}:certificate/#{resource['Id']}"}}
|
75
|
+
end
|
76
|
+
end
|
77
|
+
|
69
78
|
class ApiGatewayAlarm < BaseAlarm
|
70
79
|
def initialize(resource)
|
71
80
|
super(resource)
|
@@ -95,6 +95,7 @@ module CfnGuardian
|
|
95
95
|
end
|
96
96
|
end
|
97
97
|
|
98
|
+
class AcmEventSubscription < BaseEventSubscription; end
|
98
99
|
class ApiGatewayEventSubscription < BaseEventSubscription; end
|
99
100
|
class ApplicationTargetGroupEventSubscription < BaseEventSubscription; end
|
100
101
|
class AmazonMQBrokerEventSubscription < BaseEventSubscription; end
|
@@ -0,0 +1,39 @@
|
|
1
|
+
module CfnGuardian::Resource
|
2
|
+
class Acm < Base
|
3
|
+
|
4
|
+
def default_alarms
|
5
|
+
alarm = CfnGuardian::Models::AcmAlarm.new(@resource)
|
6
|
+
alarm.name = 'CertificateExpiry'
|
7
|
+
alarm.metric_name = 'DaysToExpiry'
|
8
|
+
alarm.statistic = 'Average'
|
9
|
+
alarm.threshold = 30
|
10
|
+
alarm.comparison_operator = 'LessThanThreshold'
|
11
|
+
alarm.evaluation_periods = 1
|
12
|
+
alarm.period = 86400
|
13
|
+
@alarms.push(alarm)
|
14
|
+
end
|
15
|
+
|
16
|
+
def default_event_subscriptions()
|
17
|
+
event_subscription = CfnGuardian::Models::AcmEventSubscription.new(@resource)
|
18
|
+
event_subscription.name = 'AcmCertificateNearExpiry'
|
19
|
+
event_subscription.detail_type = 'ACM Certificate Approaching Expiration'
|
20
|
+
event_subscription.source = 'aws.acm'
|
21
|
+
event_subscription.detail = {
|
22
|
+
'DaysToExpiry' => [31]
|
23
|
+
}
|
24
|
+
@event_subscriptions.push(event_subscription)
|
25
|
+
|
26
|
+
event_subscription = CfnGuardian::Models::AcmEventSubscription.new(@resource)
|
27
|
+
event_subscription.name = 'AcmCertificateExpired'
|
28
|
+
event_subscription.detail_type = 'ACM Certificate Expired'
|
29
|
+
event_subscription.source = 'aws.acm'
|
30
|
+
@event_subscriptions.push(event_subscription)
|
31
|
+
|
32
|
+
event_subscription = CfnGuardian::Models::AcmEventSubscription.new(@resource)
|
33
|
+
event_subscription.name = 'AcmRenewalActionRequired'
|
34
|
+
event_subscription.detail_type = 'ACM Certificate Renewal Action Required'
|
35
|
+
event_subscription.source = 'aws.acm'
|
36
|
+
@event_subscriptions.push(event_subscription)
|
37
|
+
end
|
38
|
+
end
|
39
|
+
end
|
data/lib/cfnguardian/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-guardian
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.11.
|
4
|
+
version: 0.11.6
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Guslington
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2023-
|
11
|
+
date: 2023-10-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -328,6 +328,7 @@ files:
|
|
328
328
|
- lib/cfnguardian/models/event.rb
|
329
329
|
- lib/cfnguardian/models/event_subscription.rb
|
330
330
|
- lib/cfnguardian/models/metric_filter.rb
|
331
|
+
- lib/cfnguardian/resources/acm.rb
|
331
332
|
- lib/cfnguardian/resources/amazonmq_broker.rb
|
332
333
|
- lib/cfnguardian/resources/amazonmq_rabbitmq.rb
|
333
334
|
- lib/cfnguardian/resources/apigateway.rb
|