cfn-guardian 0.3.3 → 0.6.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/build-gem.yml +25 -0
- data/.github/workflows/release-gem.yml +25 -0
- data/.github/workflows/release-image.yml +33 -0
- data/.rspec +1 -0
- data/Gemfile.lock +24 -24
- data/README.md +4 -772
- data/cfn-guardian.gemspec +1 -3
- data/docs/alarm_templates.md +130 -0
- data/docs/cli.md +182 -0
- data/docs/composite_alarms.md +24 -0
- data/docs/custom_checks/azure_file_check.md +28 -0
- data/docs/custom_checks/domain_expiry.md +10 -0
- data/docs/custom_checks/http.md +59 -0
- data/docs/custom_checks/log_group_metric_filters.md +27 -0
- data/docs/custom_checks/nrpe.md +29 -0
- data/docs/custom_checks/port.md +40 -0
- data/docs/custom_checks/sftp.md +73 -0
- data/docs/custom_checks/sql.md +44 -0
- data/docs/custom_checks/tls.md +25 -0
- data/docs/custom_metrics.md +71 -0
- data/docs/event_subscriptions.md +67 -0
- data/docs/maintenance_mode.md +85 -0
- data/docs/notifiers.md +33 -0
- data/docs/overview.md +22 -0
- data/docs/resources.md +93 -0
- data/docs/variables.md +58 -0
- data/lib/cfnguardian.rb +76 -62
- data/lib/cfnguardian/cloudwatch.rb +43 -32
- data/lib/cfnguardian/compile.rb +87 -4
- data/lib/cfnguardian/config/defaults.yaml +9 -0
- data/lib/cfnguardian/deploy.rb +2 -16
- data/lib/cfnguardian/display_formatter.rb +1 -2
- data/lib/cfnguardian/error.rb +4 -0
- data/lib/cfnguardian/models/alarm.rb +101 -29
- data/lib/cfnguardian/models/check.rb +30 -12
- data/lib/cfnguardian/models/event.rb +43 -15
- data/lib/cfnguardian/models/event_subscription.rb +96 -0
- data/lib/cfnguardian/resources/amazonmq_rabbitmq.rb +136 -0
- data/lib/cfnguardian/resources/azure_file.rb +20 -0
- data/lib/cfnguardian/resources/base.rb +126 -26
- data/lib/cfnguardian/resources/ec2_instance.rb +11 -0
- data/lib/cfnguardian/resources/http.rb +1 -0
- data/lib/cfnguardian/resources/internal_http.rb +8 -8
- data/lib/cfnguardian/resources/internal_port.rb +4 -4
- data/lib/cfnguardian/resources/internal_sftp.rb +8 -8
- data/lib/cfnguardian/resources/log_group.rb +2 -2
- data/lib/cfnguardian/resources/rds_cluster.rb +14 -0
- data/lib/cfnguardian/resources/rds_instance.rb +80 -0
- data/lib/cfnguardian/resources/redshift_cluster.rb +2 -2
- data/lib/cfnguardian/resources/sftp.rb +1 -1
- data/lib/cfnguardian/resources/sql.rb +2 -2
- data/lib/cfnguardian/stacks/main.rb +9 -8
- data/lib/cfnguardian/stacks/resources.rb +35 -6
- data/lib/cfnguardian/version.rb +1 -1
- metadata +33 -7
@@ -9,50 +9,61 @@ module CfnGuardian
|
|
9
9
|
alarm_id = alarm.resource_name.nil? ? alarm.resource_id : alarm.resource_name
|
10
10
|
return "guardian-#{alarm.group}-#{alarm_id}-#{alarm.name}"
|
11
11
|
end
|
12
|
-
|
13
|
-
def self.
|
14
|
-
alarm_names = alarms.map {|alarm| self.get_alarm_name(alarm)}
|
15
|
-
|
12
|
+
|
13
|
+
def self.get_alarms_by_prefix(prefix:, state: nil, action_prefix: nil)
|
16
14
|
client = Aws::CloudWatch::Client.new()
|
15
|
+
options = {max_records: 100}
|
16
|
+
options[:alarm_name_prefix] = prefix
|
17
|
+
|
18
|
+
unless state.nil?
|
19
|
+
options[:state_value] = state
|
20
|
+
end
|
21
|
+
|
22
|
+
unless action_prefix.nil?
|
23
|
+
options[:action_prefix] = action_prefix
|
24
|
+
end
|
25
|
+
|
26
|
+
resp = client.describe_alarms(options)
|
27
|
+
return resp.metric_alarms
|
28
|
+
end
|
29
|
+
|
30
|
+
def self.get_alarms_by_name(alarm_names:, state: nil, action_prefix: nil)
|
31
|
+
client = Aws::CloudWatch::Client.new()
|
32
|
+
options = {max_records: 100}
|
33
|
+
|
34
|
+
unless state.nil?
|
35
|
+
options[:state_value] = state
|
36
|
+
end
|
37
|
+
|
38
|
+
unless action_prefix.nil?
|
39
|
+
options[:action_prefix] = "arn:aws:sns:#{Aws.config[:region]}:#{aws_account_id()}:#{action_prefix}"
|
40
|
+
end
|
41
|
+
|
17
42
|
metric_alarms = []
|
18
43
|
alarm_names.each_slice(100) do |batch|
|
19
|
-
|
44
|
+
options[:alarm_names] = batch
|
45
|
+
resp = client.describe_alarms(options)
|
20
46
|
metric_alarms.push(*resp.metric_alarms)
|
21
47
|
end
|
22
|
-
|
48
|
+
|
23
49
|
return metric_alarms
|
24
50
|
end
|
25
|
-
|
26
|
-
def self.
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
options = {max_records: 100}
|
36
|
-
options[:state_value] = state if !state.nil?
|
37
|
-
|
38
|
-
cw_alarms = []
|
39
|
-
if !alarm_prefix.nil?
|
40
|
-
options[:alarm_name_prefix] = alarm_prefix
|
41
|
-
resp = client.describe_alarms(options)
|
42
|
-
cw_alarms = resp.metric_alarms
|
43
|
-
else
|
44
|
-
alarm_names.each_slice(100) do |batch|
|
45
|
-
options[:alarm_names] = batch
|
46
|
-
resp = client.describe_alarms(options)
|
47
|
-
cw_alarms.push(*resp.metric_alarms)
|
51
|
+
|
52
|
+
def self.filter_alarms(filters:, alarms:)
|
53
|
+
return alarms unless filters.is_a?(Hash)
|
54
|
+
filters = filters.slice('group', 'resource', 'alarm', 'stack-id')
|
55
|
+
|
56
|
+
filtered_alarms = []
|
57
|
+
alarms.each do |alarm|
|
58
|
+
if filters.values.all? {|filter| alarm.alarm_name.include? (filter)}
|
59
|
+
filtered_alarms << alarm
|
48
60
|
end
|
49
61
|
end
|
50
|
-
|
51
|
-
return
|
62
|
+
|
63
|
+
return filtered_alarms
|
52
64
|
end
|
53
65
|
|
54
66
|
def self.get_alarm_history(alarm_name,type)
|
55
|
-
rows = []
|
56
67
|
client = Aws::CloudWatch::Client.new()
|
57
68
|
|
58
69
|
logger.debug "Searching #{type} history for #{alarm_name}"
|
data/lib/cfnguardian/compile.rb
CHANGED
@@ -35,6 +35,10 @@ require 'cfnguardian/resources/log_group'
|
|
35
35
|
require 'cfnguardian/resources/sftp'
|
36
36
|
require 'cfnguardian/resources/internal_sftp'
|
37
37
|
require 'cfnguardian/resources/tls'
|
38
|
+
require 'cfnguardian/resources/azure_file'
|
39
|
+
require 'cfnguardian/resources/amazonmq_rabbitmq'
|
40
|
+
require 'cfnguardian/version'
|
41
|
+
require 'cfnguardian/error'
|
38
42
|
|
39
43
|
module CfnGuardian
|
40
44
|
class Compile
|
@@ -50,7 +54,13 @@ module CfnGuardian
|
|
50
54
|
@templates = config.fetch('Templates',{})
|
51
55
|
@topics = config.fetch('Topics',{})
|
52
56
|
@maintenance_groups = config.fetch('MaintenaceGroups', {})
|
57
|
+
@event_subscriptions = config.fetch('EventSubscriptions', {})
|
53
58
|
|
59
|
+
# Make sure the default topics exist if they aren't supplied in the alarms.yaml
|
60
|
+
%w(Critical Warning Task Informational Events).each do |topic|
|
61
|
+
@topics[topic] = '' unless @topics.has_key?(topic)
|
62
|
+
end
|
63
|
+
|
54
64
|
@maintenance_group_list = @maintenance_groups.keys.map {|group| "#{group}MaintenanceGroup"}
|
55
65
|
@resources = []
|
56
66
|
@stacks = []
|
@@ -81,10 +91,15 @@ module CfnGuardian
|
|
81
91
|
end
|
82
92
|
end
|
83
93
|
|
84
|
-
|
85
|
-
@resources.concat resource_class.get_alarms(
|
94
|
+
template_overides = @templates.has_key?(group) ? @templates[group] : {}
|
95
|
+
@resources.concat resource_class.get_alarms(group,template_overides)
|
96
|
+
|
86
97
|
@resources.concat resource_class.get_metric_filters()
|
87
98
|
@resources.concat resource_class.get_events()
|
99
|
+
|
100
|
+
event_subscriptions = @event_subscriptions.has_key?(group) ? @event_subscriptions[group] : {}
|
101
|
+
@resources.concat resource_class.get_event_subscriptions(group,event_subscriptions)
|
102
|
+
|
88
103
|
@checks.concat resource_class.get_checks()
|
89
104
|
|
90
105
|
@cost += resource_class.get_cost
|
@@ -95,13 +110,16 @@ module CfnGuardian
|
|
95
110
|
resource_groups.each do |group, alarms|
|
96
111
|
alarms.each do |alarm, resources|
|
97
112
|
resources.each do |resource|
|
113
|
+
|
98
114
|
res = @resources.find {|r|
|
99
115
|
(r.type == 'Alarm') &&
|
100
|
-
(r.
|
116
|
+
(r.group == group && r.name == alarm) &&
|
101
117
|
(r.resource_id == resource['Id'] || r.resource_name == resource['Name'])}
|
118
|
+
|
102
119
|
unless res.nil?
|
103
120
|
res.maintenance_groups.append("#{maintenance_group}MaintenanceGroup")
|
104
121
|
end
|
122
|
+
|
105
123
|
end
|
106
124
|
end
|
107
125
|
end
|
@@ -113,11 +131,39 @@ module CfnGuardian
|
|
113
131
|
end
|
114
132
|
|
115
133
|
@ssm_parameters = @resources.select {|resource| resource.type == 'Event'}.map {|event| event.ssm_parameters}.flatten.uniq
|
134
|
+
|
135
|
+
validate_resources()
|
116
136
|
end
|
117
137
|
|
118
138
|
def alarms
|
119
139
|
@resources.select {|resource| resource.type == 'Alarm'}
|
120
140
|
end
|
141
|
+
|
142
|
+
def validate_resources()
|
143
|
+
errors = []
|
144
|
+
@resources.each do |resource|
|
145
|
+
case resource.type
|
146
|
+
when 'Alarm'
|
147
|
+
%w(metric_name namespace).each do |property|
|
148
|
+
if resource.send(property).nil?
|
149
|
+
errors << "Alarm #{resource.name} for resource #{resource.resource_id} has nil value for property #{property.to_camelcase}"
|
150
|
+
end
|
151
|
+
end
|
152
|
+
when 'Check'
|
153
|
+
# no validation check yet
|
154
|
+
when 'Event'
|
155
|
+
# no validation check yet
|
156
|
+
when 'Composite'
|
157
|
+
# no validation check yet
|
158
|
+
when 'EventSubscription'
|
159
|
+
# no validation check yet
|
160
|
+
when 'MetricFilter'
|
161
|
+
# no validation check yet
|
162
|
+
end
|
163
|
+
end
|
164
|
+
|
165
|
+
raise CfnGuardian::ValidationError, "#{errors.size} errors found\n[*] #{errors.join("\n[*] ")}" if errors.any?
|
166
|
+
end
|
121
167
|
|
122
168
|
def split_resources(bucket,path)
|
123
169
|
split = @resources.each_slice(200).to_a
|
@@ -142,7 +188,7 @@ module CfnGuardian
|
|
142
188
|
File.write("out/guardian.compiled.yaml", JSON.parse(valid.to_json).to_yaml)
|
143
189
|
|
144
190
|
resources.each_with_index do |resources,index|
|
145
|
-
stack = CfnGuardian::Stacks::Resources.new(main_stack.parameters)
|
191
|
+
stack = CfnGuardian::Stacks::Resources.new(main_stack.parameters,index)
|
146
192
|
stack.build_template(resources)
|
147
193
|
valid = stack.template.validate
|
148
194
|
File.write("out/guardian-stack-#{index}.compiled.yaml", JSON.parse(valid.to_json).to_yaml)
|
@@ -152,6 +198,43 @@ module CfnGuardian
|
|
152
198
|
def clean_out_directory
|
153
199
|
Dir["out/*.yaml"].each {|file| File.delete(file)}
|
154
200
|
end
|
201
|
+
|
202
|
+
def load_parameters(options)
|
203
|
+
parameters = {}
|
204
|
+
# Load sns topic parameters in order of preference
|
205
|
+
@topics.each do |key, value|
|
206
|
+
# if parameter is passed in as a command line option
|
207
|
+
if options.has_key?("sns_#{key.downcase}")
|
208
|
+
parameters[key.to_sym] = options["sns_#{key.downcase}"]
|
209
|
+
# if parameter is in config
|
210
|
+
elsif !value.empty?
|
211
|
+
parameters[key.to_sym] = value
|
212
|
+
# if parameter is set as environment variable
|
213
|
+
elsif ENV.has_key?("GUARDIAN_TOPIC_#{key.upcase}")
|
214
|
+
parameters[key.to_sym] = ENV["GUARDIAN_TOPIC_#{key.upcase}"]
|
215
|
+
end
|
216
|
+
end
|
217
|
+
|
218
|
+
return parameters
|
219
|
+
end
|
220
|
+
|
221
|
+
def genrate_template_config(parameters)
|
222
|
+
template = {
|
223
|
+
Tags: {
|
224
|
+
'guardian:version': CfnGuardian::VERSION
|
225
|
+
}
|
226
|
+
}
|
227
|
+
|
228
|
+
if ENV.has_key?('CODEBUILD_RESOLVED_SOURCE_VERSION')
|
229
|
+
template[:Tags][:'guardian:config:commit'] = ENV['CODEBUILD_RESOLVED_SOURCE_VERSION']
|
230
|
+
end
|
231
|
+
|
232
|
+
unless parameters.empty?
|
233
|
+
template[:Parameters] = parameters
|
234
|
+
end
|
235
|
+
|
236
|
+
File.write("out/template-config.guardian.json", template.to_json)
|
237
|
+
end
|
155
238
|
|
156
239
|
end
|
157
240
|
end
|
@@ -1,6 +1,15 @@
|
|
1
1
|
Resources:
|
2
2
|
AmazonMQBroker:
|
3
3
|
- Id: Default
|
4
|
+
AmazonMQRabbitMQBroker:
|
5
|
+
- Id: Default
|
6
|
+
AmazonMQRabbitMQNode:
|
7
|
+
- Id: Default
|
8
|
+
Node: Default
|
9
|
+
AmazonMQRabbitMQQueue:
|
10
|
+
- Id: Default
|
11
|
+
Queue: Default
|
12
|
+
Vhost: Default
|
4
13
|
ApiGateway:
|
5
14
|
- Id: Default
|
6
15
|
ApplicationTargetGroup:
|
data/lib/cfnguardian/deploy.rb
CHANGED
@@ -7,27 +7,13 @@ module CfnGuardian
|
|
7
7
|
class Deploy
|
8
8
|
include Logging
|
9
9
|
|
10
|
-
def initialize(opts,bucket)
|
10
|
+
def initialize(opts,bucket,parameters)
|
11
11
|
@stack_name = opts.fetch(:stack_name,'guardian')
|
12
12
|
@bucket = bucket
|
13
13
|
@prefix = @stack_name
|
14
14
|
@template_path = "out/guardian.compiled.yaml"
|
15
15
|
@template_url = "https://#{@bucket}.s3.amazonaws.com/#{@prefix}/guardian.compiled.yaml"
|
16
|
-
@parameters =
|
17
|
-
|
18
|
-
config = YAML.load_file(opts[:config])
|
19
|
-
if config.has_key?('Topics')
|
20
|
-
@parameters['Critical'] = config['Topics'].fetch('Critical','')
|
21
|
-
@parameters['Warning'] = config['Topics'].fetch('Warning','')
|
22
|
-
@parameters['Task'] = config['Topics'].fetch('Task','')
|
23
|
-
@parameters['Informational'] = config['Topics'].fetch('Informational','')
|
24
|
-
end
|
25
|
-
|
26
|
-
@parameters['Critical'] = opts.fetch(:sns_critical,@parameters['Critical'])
|
27
|
-
@parameters['Warning'] = opts.fetch(:sns_warning,@parameters['Warning'])
|
28
|
-
@parameters['Task'] = opts.fetch(:sns_task,@parameters['Task'])
|
29
|
-
@parameters['Informational'] = opts.fetch(:sns_informational,@parameters['Informational'])
|
30
|
-
|
16
|
+
@parameters = parameters
|
31
17
|
@client = Aws::CloudFormation::Client.new()
|
32
18
|
end
|
33
19
|
|
@@ -14,7 +14,6 @@ module CfnGuardian
|
|
14
14
|
|
15
15
|
@alarms.each do |alarm|
|
16
16
|
alarm_name = CfnGuardian::CloudWatch.get_alarm_name(alarm)
|
17
|
-
puts alarm_name
|
18
17
|
rows = [
|
19
18
|
['ResourceId', alarm.resource_id],
|
20
19
|
['ResourceHash', alarm.resource_hash],
|
@@ -52,7 +51,7 @@ module CfnGuardian
|
|
52
51
|
|
53
52
|
@alarms.each do |alarm|
|
54
53
|
alarm_name = CfnGuardian::CloudWatch.get_alarm_name(alarm)
|
55
|
-
metric_alarm = metric_alarms.find {|ma| ma.alarm_name
|
54
|
+
metric_alarm = metric_alarms.find {|ma| ma.alarm_name.include? alarm_name}
|
56
55
|
dimensions = metric_alarm.dimensions.map {|dim| {dim.name.to_sym => dim.value}}.inject(:merge)
|
57
56
|
|
58
57
|
rows = [
|
@@ -3,7 +3,7 @@ require 'digest/md5'
|
|
3
3
|
|
4
4
|
module CfnGuardian
|
5
5
|
module Models
|
6
|
-
class
|
6
|
+
class BaseAlarm
|
7
7
|
|
8
8
|
attr_reader :type,
|
9
9
|
:resource_hash
|
@@ -28,7 +28,8 @@ module CfnGuardian
|
|
28
28
|
:extended_statistic,
|
29
29
|
:evaluate_low_sample_count_percentile,
|
30
30
|
:unit,
|
31
|
-
:maintenance_groups
|
31
|
+
:maintenance_groups,
|
32
|
+
:additional_notifiers
|
32
33
|
|
33
34
|
def initialize(resource)
|
34
35
|
@type = 'Alarm'
|
@@ -54,6 +55,7 @@ module CfnGuardian
|
|
54
55
|
@alarm_action = 'Critical'
|
55
56
|
@treat_missing_data = nil
|
56
57
|
@maintenance_groups = []
|
58
|
+
@additional_notifiers = []
|
57
59
|
end
|
58
60
|
|
59
61
|
def metric_name=(metric_name)
|
@@ -63,7 +65,7 @@ module CfnGuardian
|
|
63
65
|
end
|
64
66
|
|
65
67
|
|
66
|
-
class ApiGatewayAlarm <
|
68
|
+
class ApiGatewayAlarm < BaseAlarm
|
67
69
|
def initialize(resource)
|
68
70
|
super(resource)
|
69
71
|
@group = 'ApiGateway'
|
@@ -72,7 +74,7 @@ module CfnGuardian
|
|
72
74
|
end
|
73
75
|
end
|
74
76
|
|
75
|
-
class ApplicationTargetGroupAlarm <
|
77
|
+
class ApplicationTargetGroupAlarm < BaseAlarm
|
76
78
|
def initialize(resource)
|
77
79
|
super(resource)
|
78
80
|
@group = 'ApplicationTargetGroup'
|
@@ -84,7 +86,7 @@ module CfnGuardian
|
|
84
86
|
end
|
85
87
|
end
|
86
88
|
|
87
|
-
class AmazonMQBrokerAlarm <
|
89
|
+
class AmazonMQBrokerAlarm < BaseAlarm
|
88
90
|
def initialize(resource)
|
89
91
|
super(resource)
|
90
92
|
@group = 'AmazonMQBroker'
|
@@ -92,8 +94,42 @@ module CfnGuardian
|
|
92
94
|
@dimensions = { Broker: resource['Id'] }
|
93
95
|
end
|
94
96
|
end
|
97
|
+
|
98
|
+
class AmazonMQRabbitMQBrokerAlarm < BaseAlarm
|
99
|
+
def initialize(resource)
|
100
|
+
super(resource)
|
101
|
+
@group = 'AmazonMQRabbitMQBroker'
|
102
|
+
@namespace = 'AWS/AmazonMQ'
|
103
|
+
@dimensions = { Broker: resource['Id'] }
|
104
|
+
end
|
105
|
+
end
|
106
|
+
|
107
|
+
class AmazonMQRabbitMQNodeAlarm < BaseAlarm
|
108
|
+
def initialize(resource)
|
109
|
+
super(resource)
|
110
|
+
@group = 'AmazonMQRabbitMQNode'
|
111
|
+
@namespace = 'AWS/AmazonMQ'
|
112
|
+
@dimensions = {
|
113
|
+
Broker: resource['Id'],
|
114
|
+
Node: resource['Node']
|
115
|
+
}
|
116
|
+
end
|
117
|
+
end
|
118
|
+
|
119
|
+
class AmazonMQRabbitMQQueueAlarm < BaseAlarm
|
120
|
+
def initialize(resource)
|
121
|
+
super(resource)
|
122
|
+
@group = 'AmazonMQRabbitMQQueue'
|
123
|
+
@namespace = 'AWS/AmazonMQ'
|
124
|
+
@dimensions = {
|
125
|
+
Broker: resource['Id'],
|
126
|
+
Queue: resource['Queue'],
|
127
|
+
VirtualHost: resource['Vhost']
|
128
|
+
}
|
129
|
+
end
|
130
|
+
end
|
95
131
|
|
96
|
-
class CloudFrontDistributionAlarm <
|
132
|
+
class CloudFrontDistributionAlarm < BaseAlarm
|
97
133
|
def initialize(resource)
|
98
134
|
super(resource)
|
99
135
|
@group = 'CloudFrontDistribution'
|
@@ -107,7 +143,7 @@ module CfnGuardian
|
|
107
143
|
end
|
108
144
|
end
|
109
145
|
|
110
|
-
class AutoScalingGroupAlarm <
|
146
|
+
class AutoScalingGroupAlarm < BaseAlarm
|
111
147
|
def initialize(resource)
|
112
148
|
super(resource)
|
113
149
|
@group = 'AutoScalingGroup'
|
@@ -116,7 +152,7 @@ module CfnGuardian
|
|
116
152
|
end
|
117
153
|
end
|
118
154
|
|
119
|
-
class DomainExpiryAlarm <
|
155
|
+
class DomainExpiryAlarm < BaseAlarm
|
120
156
|
def initialize(resource)
|
121
157
|
super(resource)
|
122
158
|
@group = 'DomainExpiry'
|
@@ -126,7 +162,7 @@ module CfnGuardian
|
|
126
162
|
end
|
127
163
|
end
|
128
164
|
|
129
|
-
class DynamoDBTableAlarm <
|
165
|
+
class DynamoDBTableAlarm < BaseAlarm
|
130
166
|
def initialize(resource)
|
131
167
|
super(resource)
|
132
168
|
@group = 'DynamoDBTable'
|
@@ -135,7 +171,7 @@ module CfnGuardian
|
|
135
171
|
end
|
136
172
|
end
|
137
173
|
|
138
|
-
class Ec2InstanceAlarm <
|
174
|
+
class Ec2InstanceAlarm < BaseAlarm
|
139
175
|
def initialize(resource)
|
140
176
|
super(resource)
|
141
177
|
@group = 'Ec2Instance'
|
@@ -144,7 +180,7 @@ module CfnGuardian
|
|
144
180
|
end
|
145
181
|
end
|
146
182
|
|
147
|
-
class ECSClusterAlarm <
|
183
|
+
class ECSClusterAlarm < BaseAlarm
|
148
184
|
def initialize(resource)
|
149
185
|
super(resource)
|
150
186
|
@group = 'ECSCluster'
|
@@ -156,7 +192,7 @@ module CfnGuardian
|
|
156
192
|
end
|
157
193
|
end
|
158
194
|
|
159
|
-
class ECSServiceAlarm <
|
195
|
+
class ECSServiceAlarm < BaseAlarm
|
160
196
|
def initialize(resource)
|
161
197
|
super(resource)
|
162
198
|
@group = 'ECSService'
|
@@ -168,7 +204,7 @@ module CfnGuardian
|
|
168
204
|
end
|
169
205
|
end
|
170
206
|
|
171
|
-
class ElastiCacheReplicationGroupAlarm <
|
207
|
+
class ElastiCacheReplicationGroupAlarm < BaseAlarm
|
172
208
|
def initialize(resource)
|
173
209
|
super(resource)
|
174
210
|
@group = 'ElastiCacheReplicationGroup'
|
@@ -177,7 +213,7 @@ module CfnGuardian
|
|
177
213
|
end
|
178
214
|
end
|
179
215
|
|
180
|
-
class ElasticLoadBalancerAlarm <
|
216
|
+
class ElasticLoadBalancerAlarm < BaseAlarm
|
181
217
|
def initialize(resource)
|
182
218
|
super(resource)
|
183
219
|
@group = 'ElasticLoadBalancer'
|
@@ -186,7 +222,7 @@ module CfnGuardian
|
|
186
222
|
end
|
187
223
|
end
|
188
224
|
|
189
|
-
class ElasticFileSystemAlarm <
|
225
|
+
class ElasticFileSystemAlarm < BaseAlarm
|
190
226
|
def initialize(resource)
|
191
227
|
super(resource)
|
192
228
|
@group = 'ElasticFileSystem'
|
@@ -195,7 +231,7 @@ module CfnGuardian
|
|
195
231
|
end
|
196
232
|
end
|
197
233
|
|
198
|
-
class HttpAlarm <
|
234
|
+
class HttpAlarm < BaseAlarm
|
199
235
|
def initialize(resource)
|
200
236
|
super(resource)
|
201
237
|
@group = 'Http'
|
@@ -207,7 +243,13 @@ module CfnGuardian
|
|
207
243
|
end
|
208
244
|
end
|
209
245
|
|
210
|
-
class
|
246
|
+
class InternalHttpAlarm < HttpAlarm
|
247
|
+
def initialize(resource)
|
248
|
+
super(resource)
|
249
|
+
end
|
250
|
+
end
|
251
|
+
|
252
|
+
class PortAlarm < BaseAlarm
|
211
253
|
def initialize(resource)
|
212
254
|
super(resource)
|
213
255
|
@group = 'Port'
|
@@ -218,8 +260,14 @@ module CfnGuardian
|
|
218
260
|
@evaluation_periods = 2
|
219
261
|
end
|
220
262
|
end
|
263
|
+
|
264
|
+
class InternalPortAlarm < PortAlarm
|
265
|
+
def initialize(resource)
|
266
|
+
super(resource)
|
267
|
+
end
|
268
|
+
end
|
221
269
|
|
222
|
-
class SslAlarm <
|
270
|
+
class SslAlarm < BaseAlarm
|
223
271
|
def initialize(resource)
|
224
272
|
super(resource)
|
225
273
|
@group = 'Ssl'
|
@@ -228,8 +276,14 @@ module CfnGuardian
|
|
228
276
|
@comparison_operator = 'LessThanThreshold'
|
229
277
|
end
|
230
278
|
end
|
279
|
+
|
280
|
+
class InternalSslAlarm < SslAlarm
|
281
|
+
def initialize(resource)
|
282
|
+
super(resource)
|
283
|
+
end
|
284
|
+
end
|
231
285
|
|
232
|
-
class NrpeAlarm <
|
286
|
+
class NrpeAlarm < BaseAlarm
|
233
287
|
def initialize(resource,environment)
|
234
288
|
super(resource)
|
235
289
|
@group = 'Nrpe'
|
@@ -240,7 +294,7 @@ module CfnGuardian
|
|
240
294
|
end
|
241
295
|
end
|
242
296
|
|
243
|
-
class LambdaAlarm <
|
297
|
+
class LambdaAlarm < BaseAlarm
|
244
298
|
def initialize(resource)
|
245
299
|
super(resource)
|
246
300
|
@group = 'Lambda'
|
@@ -251,7 +305,7 @@ module CfnGuardian
|
|
251
305
|
end
|
252
306
|
end
|
253
307
|
|
254
|
-
class NetworkTargetGroupAlarm <
|
308
|
+
class NetworkTargetGroupAlarm < BaseAlarm
|
255
309
|
def initialize(resource)
|
256
310
|
super(resource)
|
257
311
|
@group = 'NetworkTargetGroup'
|
@@ -263,7 +317,7 @@ module CfnGuardian
|
|
263
317
|
end
|
264
318
|
end
|
265
319
|
|
266
|
-
class RedshiftClusterAlarm <
|
320
|
+
class RedshiftClusterAlarm < BaseAlarm
|
267
321
|
def initialize(resource)
|
268
322
|
super(resource)
|
269
323
|
@group = 'RedshiftCluster'
|
@@ -272,7 +326,7 @@ module CfnGuardian
|
|
272
326
|
end
|
273
327
|
end
|
274
328
|
|
275
|
-
class RDSClusterInstanceAlarm <
|
329
|
+
class RDSClusterInstanceAlarm < BaseAlarm
|
276
330
|
def initialize(resource)
|
277
331
|
super(resource)
|
278
332
|
@group = 'RDSClusterInstance'
|
@@ -281,7 +335,7 @@ module CfnGuardian
|
|
281
335
|
end
|
282
336
|
end
|
283
337
|
|
284
|
-
class RDSInstanceAlarm <
|
338
|
+
class RDSInstanceAlarm < BaseAlarm
|
285
339
|
def initialize(resource)
|
286
340
|
super(resource)
|
287
341
|
@group = 'RDSInstance'
|
@@ -290,7 +344,7 @@ module CfnGuardian
|
|
290
344
|
end
|
291
345
|
end
|
292
346
|
|
293
|
-
class SqlAlarm <
|
347
|
+
class SqlAlarm < BaseAlarm
|
294
348
|
def initialize(resource)
|
295
349
|
super(resource)
|
296
350
|
@group = 'Sql'
|
@@ -301,7 +355,7 @@ module CfnGuardian
|
|
301
355
|
end
|
302
356
|
end
|
303
357
|
|
304
|
-
class SQSQueueAlarm <
|
358
|
+
class SQSQueueAlarm < BaseAlarm
|
305
359
|
def initialize(resource)
|
306
360
|
super(resource)
|
307
361
|
@group = 'SQSQueue'
|
@@ -312,7 +366,7 @@ module CfnGuardian
|
|
312
366
|
end
|
313
367
|
end
|
314
368
|
|
315
|
-
class LogGroupAlarm <
|
369
|
+
class LogGroupAlarm < BaseAlarm
|
316
370
|
def initialize(resource)
|
317
371
|
super(resource)
|
318
372
|
@group = 'LogGroup'
|
@@ -324,7 +378,7 @@ module CfnGuardian
|
|
324
378
|
end
|
325
379
|
end
|
326
380
|
|
327
|
-
class SFTPAlarm <
|
381
|
+
class SFTPAlarm < BaseAlarm
|
328
382
|
def initialize(resource)
|
329
383
|
super(resource)
|
330
384
|
@group = 'SFTP'
|
@@ -335,8 +389,14 @@ module CfnGuardian
|
|
335
389
|
@dimensions = { Host: resource['Id'], User: resource['User'] }
|
336
390
|
end
|
337
391
|
end
|
392
|
+
|
393
|
+
class InternalSFTPAlarm < SFTPAlarm
|
394
|
+
def initialize(resource)
|
395
|
+
super(resource)
|
396
|
+
end
|
397
|
+
end
|
338
398
|
|
339
|
-
class TLSAlarm <
|
399
|
+
class TLSAlarm < BaseAlarm
|
340
400
|
def initialize(resource)
|
341
401
|
super(resource)
|
342
402
|
@group = 'TLS'
|
@@ -349,6 +409,18 @@ module CfnGuardian
|
|
349
409
|
@evaluation_periods = 1
|
350
410
|
end
|
351
411
|
end
|
412
|
+
|
413
|
+
class AzureFileAlarm < BaseAlarm
|
414
|
+
def initialize(resource)
|
415
|
+
super(resource)
|
416
|
+
@group = 'AzureFile'
|
417
|
+
@namespace = 'FileAgeCheck'
|
418
|
+
@period = 300
|
419
|
+
@comparison_operator = 'GreaterThanThreshold'
|
420
|
+
@threshold = 0
|
421
|
+
@dimensions = { StorageAccount: resource['Id'], StorageContainer: resource['Container'] }
|
422
|
+
end
|
423
|
+
end
|
352
424
|
|
353
425
|
end
|
354
426
|
end
|