cfn-guardian 0.3.3 → 0.6.4

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (56) hide show
  1. checksums.yaml +4 -4
  2. data/.github/workflows/build-gem.yml +25 -0
  3. data/.github/workflows/release-gem.yml +25 -0
  4. data/.github/workflows/release-image.yml +33 -0
  5. data/.rspec +1 -0
  6. data/Gemfile.lock +24 -24
  7. data/README.md +4 -772
  8. data/cfn-guardian.gemspec +1 -3
  9. data/docs/alarm_templates.md +130 -0
  10. data/docs/cli.md +182 -0
  11. data/docs/composite_alarms.md +24 -0
  12. data/docs/custom_checks/azure_file_check.md +28 -0
  13. data/docs/custom_checks/domain_expiry.md +10 -0
  14. data/docs/custom_checks/http.md +59 -0
  15. data/docs/custom_checks/log_group_metric_filters.md +27 -0
  16. data/docs/custom_checks/nrpe.md +29 -0
  17. data/docs/custom_checks/port.md +40 -0
  18. data/docs/custom_checks/sftp.md +73 -0
  19. data/docs/custom_checks/sql.md +44 -0
  20. data/docs/custom_checks/tls.md +25 -0
  21. data/docs/custom_metrics.md +71 -0
  22. data/docs/event_subscriptions.md +67 -0
  23. data/docs/maintenance_mode.md +85 -0
  24. data/docs/notifiers.md +33 -0
  25. data/docs/overview.md +22 -0
  26. data/docs/resources.md +93 -0
  27. data/docs/variables.md +58 -0
  28. data/lib/cfnguardian.rb +76 -62
  29. data/lib/cfnguardian/cloudwatch.rb +43 -32
  30. data/lib/cfnguardian/compile.rb +87 -4
  31. data/lib/cfnguardian/config/defaults.yaml +9 -0
  32. data/lib/cfnguardian/deploy.rb +2 -16
  33. data/lib/cfnguardian/display_formatter.rb +1 -2
  34. data/lib/cfnguardian/error.rb +4 -0
  35. data/lib/cfnguardian/models/alarm.rb +101 -29
  36. data/lib/cfnguardian/models/check.rb +30 -12
  37. data/lib/cfnguardian/models/event.rb +43 -15
  38. data/lib/cfnguardian/models/event_subscription.rb +96 -0
  39. data/lib/cfnguardian/resources/amazonmq_rabbitmq.rb +136 -0
  40. data/lib/cfnguardian/resources/azure_file.rb +20 -0
  41. data/lib/cfnguardian/resources/base.rb +126 -26
  42. data/lib/cfnguardian/resources/ec2_instance.rb +11 -0
  43. data/lib/cfnguardian/resources/http.rb +1 -0
  44. data/lib/cfnguardian/resources/internal_http.rb +8 -8
  45. data/lib/cfnguardian/resources/internal_port.rb +4 -4
  46. data/lib/cfnguardian/resources/internal_sftp.rb +8 -8
  47. data/lib/cfnguardian/resources/log_group.rb +2 -2
  48. data/lib/cfnguardian/resources/rds_cluster.rb +14 -0
  49. data/lib/cfnguardian/resources/rds_instance.rb +80 -0
  50. data/lib/cfnguardian/resources/redshift_cluster.rb +2 -2
  51. data/lib/cfnguardian/resources/sftp.rb +1 -1
  52. data/lib/cfnguardian/resources/sql.rb +2 -2
  53. data/lib/cfnguardian/stacks/main.rb +9 -8
  54. data/lib/cfnguardian/stacks/resources.rb +35 -6
  55. data/lib/cfnguardian/version.rb +1 -1
  56. metadata +33 -7
@@ -9,50 +9,61 @@ module CfnGuardian
9
9
  alarm_id = alarm.resource_name.nil? ? alarm.resource_id : alarm.resource_name
10
10
  return "guardian-#{alarm.group}-#{alarm_id}-#{alarm.name}"
11
11
  end
12
-
13
- def self.get_alarms(alarms)
14
- alarm_names = alarms.map {|alarm| self.get_alarm_name(alarm)}
15
-
12
+
13
+ def self.get_alarms_by_prefix(prefix:, state: nil, action_prefix: nil)
16
14
  client = Aws::CloudWatch::Client.new()
15
+ options = {max_records: 100}
16
+ options[:alarm_name_prefix] = prefix
17
+
18
+ unless state.nil?
19
+ options[:state_value] = state
20
+ end
21
+
22
+ unless action_prefix.nil?
23
+ options[:action_prefix] = action_prefix
24
+ end
25
+
26
+ resp = client.describe_alarms(options)
27
+ return resp.metric_alarms
28
+ end
29
+
30
+ def self.get_alarms_by_name(alarm_names:, state: nil, action_prefix: nil)
31
+ client = Aws::CloudWatch::Client.new()
32
+ options = {max_records: 100}
33
+
34
+ unless state.nil?
35
+ options[:state_value] = state
36
+ end
37
+
38
+ unless action_prefix.nil?
39
+ options[:action_prefix] = "arn:aws:sns:#{Aws.config[:region]}:#{aws_account_id()}:#{action_prefix}"
40
+ end
41
+
17
42
  metric_alarms = []
18
43
  alarm_names.each_slice(100) do |batch|
19
- resp = client.describe_alarms({alarm_names: batch, max_records: 100})
44
+ options[:alarm_names] = batch
45
+ resp = client.describe_alarms(options)
20
46
  metric_alarms.push(*resp.metric_alarms)
21
47
  end
22
-
48
+
23
49
  return metric_alarms
24
50
  end
25
-
26
- def self.get_alarm_state(config_alarms: [], alarm_names: [], alarm_prefix: nil, state: nil)
27
- rows = []
28
-
29
- if config_alarms.any?
30
- alarm_names = config_alarms.map {|alarm| self.get_alarm_name(alarm)}
31
- end
32
-
33
- client = Aws::CloudWatch::Client.new()
34
-
35
- options = {max_records: 100}
36
- options[:state_value] = state if !state.nil?
37
-
38
- cw_alarms = []
39
- if !alarm_prefix.nil?
40
- options[:alarm_name_prefix] = alarm_prefix
41
- resp = client.describe_alarms(options)
42
- cw_alarms = resp.metric_alarms
43
- else
44
- alarm_names.each_slice(100) do |batch|
45
- options[:alarm_names] = batch
46
- resp = client.describe_alarms(options)
47
- cw_alarms.push(*resp.metric_alarms)
51
+
52
+ def self.filter_alarms(filters:, alarms:)
53
+ return alarms unless filters.is_a?(Hash)
54
+ filters = filters.slice('group', 'resource', 'alarm', 'stack-id')
55
+
56
+ filtered_alarms = []
57
+ alarms.each do |alarm|
58
+ if filters.values.all? {|filter| alarm.alarm_name.include? (filter)}
59
+ filtered_alarms << alarm
48
60
  end
49
61
  end
50
-
51
- return cw_alarms
62
+
63
+ return filtered_alarms
52
64
  end
53
65
 
54
66
  def self.get_alarm_history(alarm_name,type)
55
- rows = []
56
67
  client = Aws::CloudWatch::Client.new()
57
68
 
58
69
  logger.debug "Searching #{type} history for #{alarm_name}"
@@ -35,6 +35,10 @@ require 'cfnguardian/resources/log_group'
35
35
  require 'cfnguardian/resources/sftp'
36
36
  require 'cfnguardian/resources/internal_sftp'
37
37
  require 'cfnguardian/resources/tls'
38
+ require 'cfnguardian/resources/azure_file'
39
+ require 'cfnguardian/resources/amazonmq_rabbitmq'
40
+ require 'cfnguardian/version'
41
+ require 'cfnguardian/error'
38
42
 
39
43
  module CfnGuardian
40
44
  class Compile
@@ -50,7 +54,13 @@ module CfnGuardian
50
54
  @templates = config.fetch('Templates',{})
51
55
  @topics = config.fetch('Topics',{})
52
56
  @maintenance_groups = config.fetch('MaintenaceGroups', {})
57
+ @event_subscriptions = config.fetch('EventSubscriptions', {})
53
58
 
59
+ # Make sure the default topics exist if they aren't supplied in the alarms.yaml
60
+ %w(Critical Warning Task Informational Events).each do |topic|
61
+ @topics[topic] = '' unless @topics.has_key?(topic)
62
+ end
63
+
54
64
  @maintenance_group_list = @maintenance_groups.keys.map {|group| "#{group}MaintenanceGroup"}
55
65
  @resources = []
56
66
  @stacks = []
@@ -81,10 +91,15 @@ module CfnGuardian
81
91
  end
82
92
  end
83
93
 
84
- overides = @templates.has_key?(group) ? @templates[group] : {}
85
- @resources.concat resource_class.get_alarms(overides,resource)
94
+ template_overides = @templates.has_key?(group) ? @templates[group] : {}
95
+ @resources.concat resource_class.get_alarms(group,template_overides)
96
+
86
97
  @resources.concat resource_class.get_metric_filters()
87
98
  @resources.concat resource_class.get_events()
99
+
100
+ event_subscriptions = @event_subscriptions.has_key?(group) ? @event_subscriptions[group] : {}
101
+ @resources.concat resource_class.get_event_subscriptions(group,event_subscriptions)
102
+
88
103
  @checks.concat resource_class.get_checks()
89
104
 
90
105
  @cost += resource_class.get_cost
@@ -95,13 +110,16 @@ module CfnGuardian
95
110
  resource_groups.each do |group, alarms|
96
111
  alarms.each do |alarm, resources|
97
112
  resources.each do |resource|
113
+
98
114
  res = @resources.find {|r|
99
115
  (r.type == 'Alarm') &&
100
- (r.class == group && r.name == alarm) &&
116
+ (r.group == group && r.name == alarm) &&
101
117
  (r.resource_id == resource['Id'] || r.resource_name == resource['Name'])}
118
+
102
119
  unless res.nil?
103
120
  res.maintenance_groups.append("#{maintenance_group}MaintenanceGroup")
104
121
  end
122
+
105
123
  end
106
124
  end
107
125
  end
@@ -113,11 +131,39 @@ module CfnGuardian
113
131
  end
114
132
 
115
133
  @ssm_parameters = @resources.select {|resource| resource.type == 'Event'}.map {|event| event.ssm_parameters}.flatten.uniq
134
+
135
+ validate_resources()
116
136
  end
117
137
 
118
138
  def alarms
119
139
  @resources.select {|resource| resource.type == 'Alarm'}
120
140
  end
141
+
142
+ def validate_resources()
143
+ errors = []
144
+ @resources.each do |resource|
145
+ case resource.type
146
+ when 'Alarm'
147
+ %w(metric_name namespace).each do |property|
148
+ if resource.send(property).nil?
149
+ errors << "Alarm #{resource.name} for resource #{resource.resource_id} has nil value for property #{property.to_camelcase}"
150
+ end
151
+ end
152
+ when 'Check'
153
+ # no validation check yet
154
+ when 'Event'
155
+ # no validation check yet
156
+ when 'Composite'
157
+ # no validation check yet
158
+ when 'EventSubscription'
159
+ # no validation check yet
160
+ when 'MetricFilter'
161
+ # no validation check yet
162
+ end
163
+ end
164
+
165
+ raise CfnGuardian::ValidationError, "#{errors.size} errors found\n[*] #{errors.join("\n[*] ")}" if errors.any?
166
+ end
121
167
 
122
168
  def split_resources(bucket,path)
123
169
  split = @resources.each_slice(200).to_a
@@ -142,7 +188,7 @@ module CfnGuardian
142
188
  File.write("out/guardian.compiled.yaml", JSON.parse(valid.to_json).to_yaml)
143
189
 
144
190
  resources.each_with_index do |resources,index|
145
- stack = CfnGuardian::Stacks::Resources.new(main_stack.parameters)
191
+ stack = CfnGuardian::Stacks::Resources.new(main_stack.parameters,index)
146
192
  stack.build_template(resources)
147
193
  valid = stack.template.validate
148
194
  File.write("out/guardian-stack-#{index}.compiled.yaml", JSON.parse(valid.to_json).to_yaml)
@@ -152,6 +198,43 @@ module CfnGuardian
152
198
  def clean_out_directory
153
199
  Dir["out/*.yaml"].each {|file| File.delete(file)}
154
200
  end
201
+
202
+ def load_parameters(options)
203
+ parameters = {}
204
+ # Load sns topic parameters in order of preference
205
+ @topics.each do |key, value|
206
+ # if parameter is passed in as a command line option
207
+ if options.has_key?("sns_#{key.downcase}")
208
+ parameters[key.to_sym] = options["sns_#{key.downcase}"]
209
+ # if parameter is in config
210
+ elsif !value.empty?
211
+ parameters[key.to_sym] = value
212
+ # if parameter is set as environment variable
213
+ elsif ENV.has_key?("GUARDIAN_TOPIC_#{key.upcase}")
214
+ parameters[key.to_sym] = ENV["GUARDIAN_TOPIC_#{key.upcase}"]
215
+ end
216
+ end
217
+
218
+ return parameters
219
+ end
220
+
221
+ def genrate_template_config(parameters)
222
+ template = {
223
+ Tags: {
224
+ 'guardian:version': CfnGuardian::VERSION
225
+ }
226
+ }
227
+
228
+ if ENV.has_key?('CODEBUILD_RESOLVED_SOURCE_VERSION')
229
+ template[:Tags][:'guardian:config:commit'] = ENV['CODEBUILD_RESOLVED_SOURCE_VERSION']
230
+ end
231
+
232
+ unless parameters.empty?
233
+ template[:Parameters] = parameters
234
+ end
235
+
236
+ File.write("out/template-config.guardian.json", template.to_json)
237
+ end
155
238
 
156
239
  end
157
240
  end
@@ -1,6 +1,15 @@
1
1
  Resources:
2
2
  AmazonMQBroker:
3
3
  - Id: Default
4
+ AmazonMQRabbitMQBroker:
5
+ - Id: Default
6
+ AmazonMQRabbitMQNode:
7
+ - Id: Default
8
+ Node: Default
9
+ AmazonMQRabbitMQQueue:
10
+ - Id: Default
11
+ Queue: Default
12
+ Vhost: Default
4
13
  ApiGateway:
5
14
  - Id: Default
6
15
  ApplicationTargetGroup:
@@ -7,27 +7,13 @@ module CfnGuardian
7
7
  class Deploy
8
8
  include Logging
9
9
 
10
- def initialize(opts,bucket)
10
+ def initialize(opts,bucket,parameters)
11
11
  @stack_name = opts.fetch(:stack_name,'guardian')
12
12
  @bucket = bucket
13
13
  @prefix = @stack_name
14
14
  @template_path = "out/guardian.compiled.yaml"
15
15
  @template_url = "https://#{@bucket}.s3.amazonaws.com/#{@prefix}/guardian.compiled.yaml"
16
- @parameters = {}
17
-
18
- config = YAML.load_file(opts[:config])
19
- if config.has_key?('Topics')
20
- @parameters['Critical'] = config['Topics'].fetch('Critical','')
21
- @parameters['Warning'] = config['Topics'].fetch('Warning','')
22
- @parameters['Task'] = config['Topics'].fetch('Task','')
23
- @parameters['Informational'] = config['Topics'].fetch('Informational','')
24
- end
25
-
26
- @parameters['Critical'] = opts.fetch(:sns_critical,@parameters['Critical'])
27
- @parameters['Warning'] = opts.fetch(:sns_warning,@parameters['Warning'])
28
- @parameters['Task'] = opts.fetch(:sns_task,@parameters['Task'])
29
- @parameters['Informational'] = opts.fetch(:sns_informational,@parameters['Informational'])
30
-
16
+ @parameters = parameters
31
17
  @client = Aws::CloudFormation::Client.new()
32
18
  end
33
19
 
@@ -14,7 +14,6 @@ module CfnGuardian
14
14
 
15
15
  @alarms.each do |alarm|
16
16
  alarm_name = CfnGuardian::CloudWatch.get_alarm_name(alarm)
17
- puts alarm_name
18
17
  rows = [
19
18
  ['ResourceId', alarm.resource_id],
20
19
  ['ResourceHash', alarm.resource_hash],
@@ -52,7 +51,7 @@ module CfnGuardian
52
51
 
53
52
  @alarms.each do |alarm|
54
53
  alarm_name = CfnGuardian::CloudWatch.get_alarm_name(alarm)
55
- metric_alarm = metric_alarms.find {|ma| ma.alarm_name == alarm_name}
54
+ metric_alarm = metric_alarms.find {|ma| ma.alarm_name.include? alarm_name}
56
55
  dimensions = metric_alarm.dimensions.map {|dim| {dim.name.to_sym => dim.value}}.inject(:merge)
57
56
 
58
57
  rows = [
@@ -0,0 +1,4 @@
1
+ module CfnGuardian
2
+ class ValidationError < StandardError
3
+ end
4
+ end
@@ -3,7 +3,7 @@ require 'digest/md5'
3
3
 
4
4
  module CfnGuardian
5
5
  module Models
6
- class Alarm
6
+ class BaseAlarm
7
7
 
8
8
  attr_reader :type,
9
9
  :resource_hash
@@ -28,7 +28,8 @@ module CfnGuardian
28
28
  :extended_statistic,
29
29
  :evaluate_low_sample_count_percentile,
30
30
  :unit,
31
- :maintenance_groups
31
+ :maintenance_groups,
32
+ :additional_notifiers
32
33
 
33
34
  def initialize(resource)
34
35
  @type = 'Alarm'
@@ -54,6 +55,7 @@ module CfnGuardian
54
55
  @alarm_action = 'Critical'
55
56
  @treat_missing_data = nil
56
57
  @maintenance_groups = []
58
+ @additional_notifiers = []
57
59
  end
58
60
 
59
61
  def metric_name=(metric_name)
@@ -63,7 +65,7 @@ module CfnGuardian
63
65
  end
64
66
 
65
67
 
66
- class ApiGatewayAlarm < Alarm
68
+ class ApiGatewayAlarm < BaseAlarm
67
69
  def initialize(resource)
68
70
  super(resource)
69
71
  @group = 'ApiGateway'
@@ -72,7 +74,7 @@ module CfnGuardian
72
74
  end
73
75
  end
74
76
 
75
- class ApplicationTargetGroupAlarm < Alarm
77
+ class ApplicationTargetGroupAlarm < BaseAlarm
76
78
  def initialize(resource)
77
79
  super(resource)
78
80
  @group = 'ApplicationTargetGroup'
@@ -84,7 +86,7 @@ module CfnGuardian
84
86
  end
85
87
  end
86
88
 
87
- class AmazonMQBrokerAlarm < Alarm
89
+ class AmazonMQBrokerAlarm < BaseAlarm
88
90
  def initialize(resource)
89
91
  super(resource)
90
92
  @group = 'AmazonMQBroker'
@@ -92,8 +94,42 @@ module CfnGuardian
92
94
  @dimensions = { Broker: resource['Id'] }
93
95
  end
94
96
  end
97
+
98
+ class AmazonMQRabbitMQBrokerAlarm < BaseAlarm
99
+ def initialize(resource)
100
+ super(resource)
101
+ @group = 'AmazonMQRabbitMQBroker'
102
+ @namespace = 'AWS/AmazonMQ'
103
+ @dimensions = { Broker: resource['Id'] }
104
+ end
105
+ end
106
+
107
+ class AmazonMQRabbitMQNodeAlarm < BaseAlarm
108
+ def initialize(resource)
109
+ super(resource)
110
+ @group = 'AmazonMQRabbitMQNode'
111
+ @namespace = 'AWS/AmazonMQ'
112
+ @dimensions = {
113
+ Broker: resource['Id'],
114
+ Node: resource['Node']
115
+ }
116
+ end
117
+ end
118
+
119
+ class AmazonMQRabbitMQQueueAlarm < BaseAlarm
120
+ def initialize(resource)
121
+ super(resource)
122
+ @group = 'AmazonMQRabbitMQQueue'
123
+ @namespace = 'AWS/AmazonMQ'
124
+ @dimensions = {
125
+ Broker: resource['Id'],
126
+ Queue: resource['Queue'],
127
+ VirtualHost: resource['Vhost']
128
+ }
129
+ end
130
+ end
95
131
 
96
- class CloudFrontDistributionAlarm < Alarm
132
+ class CloudFrontDistributionAlarm < BaseAlarm
97
133
  def initialize(resource)
98
134
  super(resource)
99
135
  @group = 'CloudFrontDistribution'
@@ -107,7 +143,7 @@ module CfnGuardian
107
143
  end
108
144
  end
109
145
 
110
- class AutoScalingGroupAlarm < Alarm
146
+ class AutoScalingGroupAlarm < BaseAlarm
111
147
  def initialize(resource)
112
148
  super(resource)
113
149
  @group = 'AutoScalingGroup'
@@ -116,7 +152,7 @@ module CfnGuardian
116
152
  end
117
153
  end
118
154
 
119
- class DomainExpiryAlarm < Alarm
155
+ class DomainExpiryAlarm < BaseAlarm
120
156
  def initialize(resource)
121
157
  super(resource)
122
158
  @group = 'DomainExpiry'
@@ -126,7 +162,7 @@ module CfnGuardian
126
162
  end
127
163
  end
128
164
 
129
- class DynamoDBTableAlarm < Alarm
165
+ class DynamoDBTableAlarm < BaseAlarm
130
166
  def initialize(resource)
131
167
  super(resource)
132
168
  @group = 'DynamoDBTable'
@@ -135,7 +171,7 @@ module CfnGuardian
135
171
  end
136
172
  end
137
173
 
138
- class Ec2InstanceAlarm < Alarm
174
+ class Ec2InstanceAlarm < BaseAlarm
139
175
  def initialize(resource)
140
176
  super(resource)
141
177
  @group = 'Ec2Instance'
@@ -144,7 +180,7 @@ module CfnGuardian
144
180
  end
145
181
  end
146
182
 
147
- class ECSClusterAlarm < Alarm
183
+ class ECSClusterAlarm < BaseAlarm
148
184
  def initialize(resource)
149
185
  super(resource)
150
186
  @group = 'ECSCluster'
@@ -156,7 +192,7 @@ module CfnGuardian
156
192
  end
157
193
  end
158
194
 
159
- class ECSServiceAlarm < Alarm
195
+ class ECSServiceAlarm < BaseAlarm
160
196
  def initialize(resource)
161
197
  super(resource)
162
198
  @group = 'ECSService'
@@ -168,7 +204,7 @@ module CfnGuardian
168
204
  end
169
205
  end
170
206
 
171
- class ElastiCacheReplicationGroupAlarm < Alarm
207
+ class ElastiCacheReplicationGroupAlarm < BaseAlarm
172
208
  def initialize(resource)
173
209
  super(resource)
174
210
  @group = 'ElastiCacheReplicationGroup'
@@ -177,7 +213,7 @@ module CfnGuardian
177
213
  end
178
214
  end
179
215
 
180
- class ElasticLoadBalancerAlarm < Alarm
216
+ class ElasticLoadBalancerAlarm < BaseAlarm
181
217
  def initialize(resource)
182
218
  super(resource)
183
219
  @group = 'ElasticLoadBalancer'
@@ -186,7 +222,7 @@ module CfnGuardian
186
222
  end
187
223
  end
188
224
 
189
- class ElasticFileSystemAlarm < Alarm
225
+ class ElasticFileSystemAlarm < BaseAlarm
190
226
  def initialize(resource)
191
227
  super(resource)
192
228
  @group = 'ElasticFileSystem'
@@ -195,7 +231,7 @@ module CfnGuardian
195
231
  end
196
232
  end
197
233
 
198
- class HttpAlarm < Alarm
234
+ class HttpAlarm < BaseAlarm
199
235
  def initialize(resource)
200
236
  super(resource)
201
237
  @group = 'Http'
@@ -207,7 +243,13 @@ module CfnGuardian
207
243
  end
208
244
  end
209
245
 
210
- class PortAlarm < Alarm
246
+ class InternalHttpAlarm < HttpAlarm
247
+ def initialize(resource)
248
+ super(resource)
249
+ end
250
+ end
251
+
252
+ class PortAlarm < BaseAlarm
211
253
  def initialize(resource)
212
254
  super(resource)
213
255
  @group = 'Port'
@@ -218,8 +260,14 @@ module CfnGuardian
218
260
  @evaluation_periods = 2
219
261
  end
220
262
  end
263
+
264
+ class InternalPortAlarm < PortAlarm
265
+ def initialize(resource)
266
+ super(resource)
267
+ end
268
+ end
221
269
 
222
- class SslAlarm < Alarm
270
+ class SslAlarm < BaseAlarm
223
271
  def initialize(resource)
224
272
  super(resource)
225
273
  @group = 'Ssl'
@@ -228,8 +276,14 @@ module CfnGuardian
228
276
  @comparison_operator = 'LessThanThreshold'
229
277
  end
230
278
  end
279
+
280
+ class InternalSslAlarm < SslAlarm
281
+ def initialize(resource)
282
+ super(resource)
283
+ end
284
+ end
231
285
 
232
- class NrpeAlarm < Alarm
286
+ class NrpeAlarm < BaseAlarm
233
287
  def initialize(resource,environment)
234
288
  super(resource)
235
289
  @group = 'Nrpe'
@@ -240,7 +294,7 @@ module CfnGuardian
240
294
  end
241
295
  end
242
296
 
243
- class LambdaAlarm < Alarm
297
+ class LambdaAlarm < BaseAlarm
244
298
  def initialize(resource)
245
299
  super(resource)
246
300
  @group = 'Lambda'
@@ -251,7 +305,7 @@ module CfnGuardian
251
305
  end
252
306
  end
253
307
 
254
- class NetworkTargetGroupAlarm < Alarm
308
+ class NetworkTargetGroupAlarm < BaseAlarm
255
309
  def initialize(resource)
256
310
  super(resource)
257
311
  @group = 'NetworkTargetGroup'
@@ -263,7 +317,7 @@ module CfnGuardian
263
317
  end
264
318
  end
265
319
 
266
- class RedshiftClusterAlarm < Alarm
320
+ class RedshiftClusterAlarm < BaseAlarm
267
321
  def initialize(resource)
268
322
  super(resource)
269
323
  @group = 'RedshiftCluster'
@@ -272,7 +326,7 @@ module CfnGuardian
272
326
  end
273
327
  end
274
328
 
275
- class RDSClusterInstanceAlarm < Alarm
329
+ class RDSClusterInstanceAlarm < BaseAlarm
276
330
  def initialize(resource)
277
331
  super(resource)
278
332
  @group = 'RDSClusterInstance'
@@ -281,7 +335,7 @@ module CfnGuardian
281
335
  end
282
336
  end
283
337
 
284
- class RDSInstanceAlarm < Alarm
338
+ class RDSInstanceAlarm < BaseAlarm
285
339
  def initialize(resource)
286
340
  super(resource)
287
341
  @group = 'RDSInstance'
@@ -290,7 +344,7 @@ module CfnGuardian
290
344
  end
291
345
  end
292
346
 
293
- class SqlAlarm < Alarm
347
+ class SqlAlarm < BaseAlarm
294
348
  def initialize(resource)
295
349
  super(resource)
296
350
  @group = 'Sql'
@@ -301,7 +355,7 @@ module CfnGuardian
301
355
  end
302
356
  end
303
357
 
304
- class SQSQueueAlarm < Alarm
358
+ class SQSQueueAlarm < BaseAlarm
305
359
  def initialize(resource)
306
360
  super(resource)
307
361
  @group = 'SQSQueue'
@@ -312,7 +366,7 @@ module CfnGuardian
312
366
  end
313
367
  end
314
368
 
315
- class LogGroupAlarm < Alarm
369
+ class LogGroupAlarm < BaseAlarm
316
370
  def initialize(resource)
317
371
  super(resource)
318
372
  @group = 'LogGroup'
@@ -324,7 +378,7 @@ module CfnGuardian
324
378
  end
325
379
  end
326
380
 
327
- class SFTPAlarm < Alarm
381
+ class SFTPAlarm < BaseAlarm
328
382
  def initialize(resource)
329
383
  super(resource)
330
384
  @group = 'SFTP'
@@ -335,8 +389,14 @@ module CfnGuardian
335
389
  @dimensions = { Host: resource['Id'], User: resource['User'] }
336
390
  end
337
391
  end
392
+
393
+ class InternalSFTPAlarm < SFTPAlarm
394
+ def initialize(resource)
395
+ super(resource)
396
+ end
397
+ end
338
398
 
339
- class TLSAlarm < Alarm
399
+ class TLSAlarm < BaseAlarm
340
400
  def initialize(resource)
341
401
  super(resource)
342
402
  @group = 'TLS'
@@ -349,6 +409,18 @@ module CfnGuardian
349
409
  @evaluation_periods = 1
350
410
  end
351
411
  end
412
+
413
+ class AzureFileAlarm < BaseAlarm
414
+ def initialize(resource)
415
+ super(resource)
416
+ @group = 'AzureFile'
417
+ @namespace = 'FileAgeCheck'
418
+ @period = 300
419
+ @comparison_operator = 'GreaterThanThreshold'
420
+ @threshold = 0
421
+ @dimensions = { StorageAccount: resource['Id'], StorageContainer: resource['Container'] }
422
+ end
423
+ end
352
424
 
353
425
  end
354
426
  end