cfn-guardian 0.11.5 → 0.11.7
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/docs/resources.md +1 -0
- data/lib/cfnguardian/compile.rb +18 -1
- data/lib/cfnguardian/models/alarm.rb +9 -0
- data/lib/cfnguardian/models/check.rb +16 -16
- data/lib/cfnguardian/models/event_subscription.rb +1 -0
- data/lib/cfnguardian/resources/acm.rb +39 -0
- data/lib/cfnguardian/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: '0288f9b06a2fd6e602a31c949af12e5e5cd3fab1c0c954cd3a0317cd27011416'
|
|
4
|
+
data.tar.gz: 346f47481b46bc57049669188fdb872a15efd442f093ca59a204954d46548daa
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 66aacccb1582066e32779c8edef2c621eaab5858df2b402b0504ea4635fd2bb8ee30ebdebfe5c41ca62f5bbc5a4152afb816cf4162a890ccd3e33981eb1ff1cf
|
|
7
|
+
data.tar.gz: e57bb9c8a734f2e0be7d40400e9a4e76d5e89bf6b5f530115f8c44fc05e97698871f9debb55724e9bdcb29cc01eadcf0f302f60ed965572ece09885a1daa11d0
|
data/README.md
CHANGED
data/docs/resources.md
CHANGED
data/lib/cfnguardian/compile.rb
CHANGED
|
@@ -5,6 +5,7 @@ require 'cfnguardian/stacks/resources'
|
|
|
5
5
|
require 'cfnguardian/stacks/main'
|
|
6
6
|
require 'cfnguardian/models/composite'
|
|
7
7
|
require 'cfnguardian/resources/base'
|
|
8
|
+
require 'cfnguardian/resources/acm'
|
|
8
9
|
require 'cfnguardian/resources/apigateway'
|
|
9
10
|
require 'cfnguardian/resources/application_targetgroup'
|
|
10
11
|
require 'cfnguardian/resources/amazonmq_broker'
|
|
@@ -139,6 +140,9 @@ module CfnGuardian
|
|
|
139
140
|
@cost += resource_class.get_cost
|
|
140
141
|
end
|
|
141
142
|
end
|
|
143
|
+
|
|
144
|
+
# Add default event subscriptions
|
|
145
|
+
@resources.concat generate_default_event_subscriptions()
|
|
142
146
|
|
|
143
147
|
@maintenance_groups.each do |maintenance_group,resource_groups|
|
|
144
148
|
resource_groups.each do |group, alarms|
|
|
@@ -251,6 +255,19 @@ module CfnGuardian
|
|
|
251
255
|
|
|
252
256
|
File.write("out/template-config.guardian.json", template.to_json)
|
|
253
257
|
end
|
|
254
|
-
|
|
258
|
+
|
|
259
|
+
def generate_default_event_subscriptions()
|
|
260
|
+
# List of Classes which default events should be deployed
|
|
261
|
+
default_resource_classes = ['CfnGuardian::Resource::Acm']
|
|
262
|
+
default_event_subscriptions = []
|
|
263
|
+
|
|
264
|
+
default_resource_classes.each do |resource_class|
|
|
265
|
+
resource_instance = Kernel.const_get(resource_class).new({"Id"=>resource_class}) # Dummy ID
|
|
266
|
+
default_event_subscriptions.concat(resource_instance.default_event_subscriptions())
|
|
267
|
+
end
|
|
268
|
+
|
|
269
|
+
return default_event_subscriptions
|
|
270
|
+
end
|
|
271
|
+
|
|
255
272
|
end
|
|
256
273
|
end
|
|
@@ -66,6 +66,15 @@ module CfnGuardian
|
|
|
66
66
|
end
|
|
67
67
|
end
|
|
68
68
|
|
|
69
|
+
class AcmAlarm < BaseAlarm
|
|
70
|
+
def initialize(resource)
|
|
71
|
+
super(resource)
|
|
72
|
+
@group = 'Acm'
|
|
73
|
+
@namespace = 'AWS/CertificateManager'
|
|
74
|
+
@dimensions = { CertificateArn: { "Fn::Sub" => "arn:aws:acm:${AWS::Region}:${AWS::AccountId}:certificate/#{resource['Id']}"}}
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
|
|
69
78
|
class ApiGatewayAlarm < BaseAlarm
|
|
70
79
|
def initialize(resource)
|
|
71
80
|
super(resource)
|
|
@@ -42,8 +42,8 @@ module CfnGuardian
|
|
|
42
42
|
@name = 'HttpCheck'
|
|
43
43
|
@package = 'http-check'
|
|
44
44
|
@handler = 'handler.http_check'
|
|
45
|
-
@version = '
|
|
46
|
-
@runtime = 'python3.
|
|
45
|
+
@version = '077c726ed691a1176caf95497b8b02f05f00e0cb'
|
|
46
|
+
@runtime = 'python3.11'
|
|
47
47
|
end
|
|
48
48
|
end
|
|
49
49
|
class WebSocketCheck < BaseCheck
|
|
@@ -53,8 +53,8 @@ module CfnGuardian
|
|
|
53
53
|
@name = 'WebSocketCheck'
|
|
54
54
|
@package = 'websocket-check'
|
|
55
55
|
@handler = 'handler.websocket_check'
|
|
56
|
-
@version = '
|
|
57
|
-
@runtime = 'python3.
|
|
56
|
+
@version = 'bb0125e878e127028dfb3d4a0de93e580e77305e'
|
|
57
|
+
@runtime = 'python3.11'
|
|
58
58
|
@branch = 'main'
|
|
59
59
|
end
|
|
60
60
|
end
|
|
@@ -77,8 +77,8 @@ module CfnGuardian
|
|
|
77
77
|
@name = 'PortCheck'
|
|
78
78
|
@package = 'port-check'
|
|
79
79
|
@handler = 'handler.port_check'
|
|
80
|
-
@version = '
|
|
81
|
-
@runtime = 'python3.
|
|
80
|
+
@version = 'd773db7333fddea1f4e1781f9906bb05c363dd42'
|
|
81
|
+
@runtime = 'python3.11'
|
|
82
82
|
end
|
|
83
83
|
end
|
|
84
84
|
|
|
@@ -165,8 +165,8 @@ module CfnGuardian
|
|
|
165
165
|
@name = 'ContainerInstanceCheck'
|
|
166
166
|
@package = 'ecs-container-instance-check'
|
|
167
167
|
@handler = 'handler.run_check'
|
|
168
|
-
@version = '
|
|
169
|
-
@runtime = 'python3.
|
|
168
|
+
@version = '5cb604acccd0823c74b21e83d7e40612ef38e313'
|
|
169
|
+
@runtime = 'python3.11'
|
|
170
170
|
end
|
|
171
171
|
end
|
|
172
172
|
|
|
@@ -177,8 +177,8 @@ module CfnGuardian
|
|
|
177
177
|
@name = 'TLSCheck'
|
|
178
178
|
@package = 'tls-version-check'
|
|
179
179
|
@handler = 'handler.run_check'
|
|
180
|
-
@version = '
|
|
181
|
-
@runtime = 'python3.
|
|
180
|
+
@version = '2b4fcbf55e266e793ee06e72013ed098f4eb2c0a'
|
|
181
|
+
@runtime = 'python3.11'
|
|
182
182
|
end
|
|
183
183
|
end
|
|
184
184
|
|
|
@@ -189,8 +189,8 @@ module CfnGuardian
|
|
|
189
189
|
@name = 'SFTPCheck'
|
|
190
190
|
@package = 'sftp-check'
|
|
191
191
|
@handler = 'handler.sftp_check'
|
|
192
|
-
@version = '
|
|
193
|
-
@runtime = 'python3.
|
|
192
|
+
@version = '03e934328939cd87e5fb41fb01d6a690a94dc94c'
|
|
193
|
+
@runtime = 'python3.11'
|
|
194
194
|
end
|
|
195
195
|
end
|
|
196
196
|
|
|
@@ -212,8 +212,8 @@ module CfnGuardian
|
|
|
212
212
|
@name = 'AzureFileCheck'
|
|
213
213
|
@package = 'azure-file-check'
|
|
214
214
|
@handler = 'handler.file_check'
|
|
215
|
-
@version = '
|
|
216
|
-
@runtime = 'python3.
|
|
215
|
+
@version = '6a5abdbed4408592a3045638a1a5a74c89a37e12'
|
|
216
|
+
@runtime = 'python3.11'
|
|
217
217
|
@memory = 256
|
|
218
218
|
@timeout = 600
|
|
219
219
|
end
|
|
@@ -225,8 +225,8 @@ module CfnGuardian
|
|
|
225
225
|
@name = 'MaintenanceGroupCheck'
|
|
226
226
|
@package = 'maintenance-group-check'
|
|
227
227
|
@handler = 'handler.maintenance_group_check'
|
|
228
|
-
@version = '
|
|
229
|
-
@runtime = 'python3.
|
|
228
|
+
@version = '5e880ffc7d0c478383fa353e28fe3e9f8310a93c'
|
|
229
|
+
@runtime = 'python3.11'
|
|
230
230
|
end
|
|
231
231
|
end
|
|
232
232
|
|
|
@@ -95,6 +95,7 @@ module CfnGuardian
|
|
|
95
95
|
end
|
|
96
96
|
end
|
|
97
97
|
|
|
98
|
+
class AcmEventSubscription < BaseEventSubscription; end
|
|
98
99
|
class ApiGatewayEventSubscription < BaseEventSubscription; end
|
|
99
100
|
class ApplicationTargetGroupEventSubscription < BaseEventSubscription; end
|
|
100
101
|
class AmazonMQBrokerEventSubscription < BaseEventSubscription; end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
module CfnGuardian::Resource
|
|
2
|
+
class Acm < Base
|
|
3
|
+
|
|
4
|
+
def default_alarms
|
|
5
|
+
alarm = CfnGuardian::Models::AcmAlarm.new(@resource)
|
|
6
|
+
alarm.name = 'CertificateExpiry'
|
|
7
|
+
alarm.metric_name = 'DaysToExpiry'
|
|
8
|
+
alarm.statistic = 'Average'
|
|
9
|
+
alarm.threshold = 30
|
|
10
|
+
alarm.comparison_operator = 'LessThanThreshold'
|
|
11
|
+
alarm.evaluation_periods = 1
|
|
12
|
+
alarm.period = 86400
|
|
13
|
+
@alarms.push(alarm)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def default_event_subscriptions()
|
|
17
|
+
event_subscription = CfnGuardian::Models::AcmEventSubscription.new(@resource)
|
|
18
|
+
event_subscription.name = 'AcmCertificateNearExpiry'
|
|
19
|
+
event_subscription.detail_type = 'ACM Certificate Approaching Expiration'
|
|
20
|
+
event_subscription.source = 'aws.acm'
|
|
21
|
+
event_subscription.detail = {
|
|
22
|
+
'DaysToExpiry' => [31]
|
|
23
|
+
}
|
|
24
|
+
@event_subscriptions.push(event_subscription)
|
|
25
|
+
|
|
26
|
+
event_subscription = CfnGuardian::Models::AcmEventSubscription.new(@resource)
|
|
27
|
+
event_subscription.name = 'AcmCertificateExpired'
|
|
28
|
+
event_subscription.detail_type = 'ACM Certificate Expired'
|
|
29
|
+
event_subscription.source = 'aws.acm'
|
|
30
|
+
@event_subscriptions.push(event_subscription)
|
|
31
|
+
|
|
32
|
+
event_subscription = CfnGuardian::Models::AcmEventSubscription.new(@resource)
|
|
33
|
+
event_subscription.name = 'AcmRenewalActionRequired'
|
|
34
|
+
event_subscription.detail_type = 'ACM Certificate Renewal Action Required'
|
|
35
|
+
event_subscription.source = 'aws.acm'
|
|
36
|
+
@event_subscriptions.push(event_subscription)
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
data/lib/cfnguardian/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-guardian
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.11.
|
|
4
|
+
version: 0.11.7
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Guslington
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-11-24 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|
|
@@ -328,6 +328,7 @@ files:
|
|
|
328
328
|
- lib/cfnguardian/models/event.rb
|
|
329
329
|
- lib/cfnguardian/models/event_subscription.rb
|
|
330
330
|
- lib/cfnguardian/models/metric_filter.rb
|
|
331
|
+
- lib/cfnguardian/resources/acm.rb
|
|
331
332
|
- lib/cfnguardian/resources/amazonmq_broker.rb
|
|
332
333
|
- lib/cfnguardian/resources/amazonmq_rabbitmq.rb
|
|
333
334
|
- lib/cfnguardian/resources/apigateway.rb
|