cfn-guardian 0.3.3 → 0.6.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/build-gem.yml +25 -0
- data/.github/workflows/release-gem.yml +25 -0
- data/.github/workflows/release-image.yml +33 -0
- data/.rspec +1 -0
- data/Gemfile.lock +24 -24
- data/README.md +4 -772
- data/cfn-guardian.gemspec +1 -3
- data/docs/alarm_templates.md +130 -0
- data/docs/cli.md +182 -0
- data/docs/composite_alarms.md +24 -0
- data/docs/custom_checks/azure_file_check.md +28 -0
- data/docs/custom_checks/domain_expiry.md +10 -0
- data/docs/custom_checks/http.md +59 -0
- data/docs/custom_checks/log_group_metric_filters.md +27 -0
- data/docs/custom_checks/nrpe.md +29 -0
- data/docs/custom_checks/port.md +40 -0
- data/docs/custom_checks/sftp.md +73 -0
- data/docs/custom_checks/sql.md +44 -0
- data/docs/custom_checks/tls.md +25 -0
- data/docs/custom_metrics.md +71 -0
- data/docs/event_subscriptions.md +67 -0
- data/docs/maintenance_mode.md +85 -0
- data/docs/notifiers.md +33 -0
- data/docs/overview.md +22 -0
- data/docs/resources.md +93 -0
- data/docs/variables.md +58 -0
- data/lib/cfnguardian.rb +76 -62
- data/lib/cfnguardian/cloudwatch.rb +43 -32
- data/lib/cfnguardian/compile.rb +87 -4
- data/lib/cfnguardian/config/defaults.yaml +9 -0
- data/lib/cfnguardian/deploy.rb +2 -16
- data/lib/cfnguardian/display_formatter.rb +1 -2
- data/lib/cfnguardian/error.rb +4 -0
- data/lib/cfnguardian/models/alarm.rb +101 -29
- data/lib/cfnguardian/models/check.rb +30 -12
- data/lib/cfnguardian/models/event.rb +43 -15
- data/lib/cfnguardian/models/event_subscription.rb +96 -0
- data/lib/cfnguardian/resources/amazonmq_rabbitmq.rb +136 -0
- data/lib/cfnguardian/resources/azure_file.rb +20 -0
- data/lib/cfnguardian/resources/base.rb +126 -26
- data/lib/cfnguardian/resources/ec2_instance.rb +11 -0
- data/lib/cfnguardian/resources/http.rb +1 -0
- data/lib/cfnguardian/resources/internal_http.rb +8 -8
- data/lib/cfnguardian/resources/internal_port.rb +4 -4
- data/lib/cfnguardian/resources/internal_sftp.rb +8 -8
- data/lib/cfnguardian/resources/log_group.rb +2 -2
- data/lib/cfnguardian/resources/rds_cluster.rb +14 -0
- data/lib/cfnguardian/resources/rds_instance.rb +80 -0
- data/lib/cfnguardian/resources/redshift_cluster.rb +2 -2
- data/lib/cfnguardian/resources/sftp.rb +1 -1
- data/lib/cfnguardian/resources/sql.rb +2 -2
- data/lib/cfnguardian/stacks/main.rb +9 -8
- data/lib/cfnguardian/stacks/resources.rb +35 -6
- data/lib/cfnguardian/version.rb +1 -1
- metadata +33 -7
|
@@ -9,50 +9,61 @@ module CfnGuardian
|
|
|
9
9
|
alarm_id = alarm.resource_name.nil? ? alarm.resource_id : alarm.resource_name
|
|
10
10
|
return "guardian-#{alarm.group}-#{alarm_id}-#{alarm.name}"
|
|
11
11
|
end
|
|
12
|
-
|
|
13
|
-
def self.
|
|
14
|
-
alarm_names = alarms.map {|alarm| self.get_alarm_name(alarm)}
|
|
15
|
-
|
|
12
|
+
|
|
13
|
+
def self.get_alarms_by_prefix(prefix:, state: nil, action_prefix: nil)
|
|
16
14
|
client = Aws::CloudWatch::Client.new()
|
|
15
|
+
options = {max_records: 100}
|
|
16
|
+
options[:alarm_name_prefix] = prefix
|
|
17
|
+
|
|
18
|
+
unless state.nil?
|
|
19
|
+
options[:state_value] = state
|
|
20
|
+
end
|
|
21
|
+
|
|
22
|
+
unless action_prefix.nil?
|
|
23
|
+
options[:action_prefix] = action_prefix
|
|
24
|
+
end
|
|
25
|
+
|
|
26
|
+
resp = client.describe_alarms(options)
|
|
27
|
+
return resp.metric_alarms
|
|
28
|
+
end
|
|
29
|
+
|
|
30
|
+
def self.get_alarms_by_name(alarm_names:, state: nil, action_prefix: nil)
|
|
31
|
+
client = Aws::CloudWatch::Client.new()
|
|
32
|
+
options = {max_records: 100}
|
|
33
|
+
|
|
34
|
+
unless state.nil?
|
|
35
|
+
options[:state_value] = state
|
|
36
|
+
end
|
|
37
|
+
|
|
38
|
+
unless action_prefix.nil?
|
|
39
|
+
options[:action_prefix] = "arn:aws:sns:#{Aws.config[:region]}:#{aws_account_id()}:#{action_prefix}"
|
|
40
|
+
end
|
|
41
|
+
|
|
17
42
|
metric_alarms = []
|
|
18
43
|
alarm_names.each_slice(100) do |batch|
|
|
19
|
-
|
|
44
|
+
options[:alarm_names] = batch
|
|
45
|
+
resp = client.describe_alarms(options)
|
|
20
46
|
metric_alarms.push(*resp.metric_alarms)
|
|
21
47
|
end
|
|
22
|
-
|
|
48
|
+
|
|
23
49
|
return metric_alarms
|
|
24
50
|
end
|
|
25
|
-
|
|
26
|
-
def self.
|
|
27
|
-
|
|
28
|
-
|
|
29
|
-
|
|
30
|
-
|
|
31
|
-
|
|
32
|
-
|
|
33
|
-
|
|
34
|
-
|
|
35
|
-
options = {max_records: 100}
|
|
36
|
-
options[:state_value] = state if !state.nil?
|
|
37
|
-
|
|
38
|
-
cw_alarms = []
|
|
39
|
-
if !alarm_prefix.nil?
|
|
40
|
-
options[:alarm_name_prefix] = alarm_prefix
|
|
41
|
-
resp = client.describe_alarms(options)
|
|
42
|
-
cw_alarms = resp.metric_alarms
|
|
43
|
-
else
|
|
44
|
-
alarm_names.each_slice(100) do |batch|
|
|
45
|
-
options[:alarm_names] = batch
|
|
46
|
-
resp = client.describe_alarms(options)
|
|
47
|
-
cw_alarms.push(*resp.metric_alarms)
|
|
51
|
+
|
|
52
|
+
def self.filter_alarms(filters:, alarms:)
|
|
53
|
+
return alarms unless filters.is_a?(Hash)
|
|
54
|
+
filters = filters.slice('group', 'resource', 'alarm', 'stack-id')
|
|
55
|
+
|
|
56
|
+
filtered_alarms = []
|
|
57
|
+
alarms.each do |alarm|
|
|
58
|
+
if filters.values.all? {|filter| alarm.alarm_name.include? (filter)}
|
|
59
|
+
filtered_alarms << alarm
|
|
48
60
|
end
|
|
49
61
|
end
|
|
50
|
-
|
|
51
|
-
return
|
|
62
|
+
|
|
63
|
+
return filtered_alarms
|
|
52
64
|
end
|
|
53
65
|
|
|
54
66
|
def self.get_alarm_history(alarm_name,type)
|
|
55
|
-
rows = []
|
|
56
67
|
client = Aws::CloudWatch::Client.new()
|
|
57
68
|
|
|
58
69
|
logger.debug "Searching #{type} history for #{alarm_name}"
|
data/lib/cfnguardian/compile.rb
CHANGED
|
@@ -35,6 +35,10 @@ require 'cfnguardian/resources/log_group'
|
|
|
35
35
|
require 'cfnguardian/resources/sftp'
|
|
36
36
|
require 'cfnguardian/resources/internal_sftp'
|
|
37
37
|
require 'cfnguardian/resources/tls'
|
|
38
|
+
require 'cfnguardian/resources/azure_file'
|
|
39
|
+
require 'cfnguardian/resources/amazonmq_rabbitmq'
|
|
40
|
+
require 'cfnguardian/version'
|
|
41
|
+
require 'cfnguardian/error'
|
|
38
42
|
|
|
39
43
|
module CfnGuardian
|
|
40
44
|
class Compile
|
|
@@ -50,7 +54,13 @@ module CfnGuardian
|
|
|
50
54
|
@templates = config.fetch('Templates',{})
|
|
51
55
|
@topics = config.fetch('Topics',{})
|
|
52
56
|
@maintenance_groups = config.fetch('MaintenaceGroups', {})
|
|
57
|
+
@event_subscriptions = config.fetch('EventSubscriptions', {})
|
|
53
58
|
|
|
59
|
+
# Make sure the default topics exist if they aren't supplied in the alarms.yaml
|
|
60
|
+
%w(Critical Warning Task Informational Events).each do |topic|
|
|
61
|
+
@topics[topic] = '' unless @topics.has_key?(topic)
|
|
62
|
+
end
|
|
63
|
+
|
|
54
64
|
@maintenance_group_list = @maintenance_groups.keys.map {|group| "#{group}MaintenanceGroup"}
|
|
55
65
|
@resources = []
|
|
56
66
|
@stacks = []
|
|
@@ -81,10 +91,15 @@ module CfnGuardian
|
|
|
81
91
|
end
|
|
82
92
|
end
|
|
83
93
|
|
|
84
|
-
|
|
85
|
-
@resources.concat resource_class.get_alarms(
|
|
94
|
+
template_overides = @templates.has_key?(group) ? @templates[group] : {}
|
|
95
|
+
@resources.concat resource_class.get_alarms(group,template_overides)
|
|
96
|
+
|
|
86
97
|
@resources.concat resource_class.get_metric_filters()
|
|
87
98
|
@resources.concat resource_class.get_events()
|
|
99
|
+
|
|
100
|
+
event_subscriptions = @event_subscriptions.has_key?(group) ? @event_subscriptions[group] : {}
|
|
101
|
+
@resources.concat resource_class.get_event_subscriptions(group,event_subscriptions)
|
|
102
|
+
|
|
88
103
|
@checks.concat resource_class.get_checks()
|
|
89
104
|
|
|
90
105
|
@cost += resource_class.get_cost
|
|
@@ -95,13 +110,16 @@ module CfnGuardian
|
|
|
95
110
|
resource_groups.each do |group, alarms|
|
|
96
111
|
alarms.each do |alarm, resources|
|
|
97
112
|
resources.each do |resource|
|
|
113
|
+
|
|
98
114
|
res = @resources.find {|r|
|
|
99
115
|
(r.type == 'Alarm') &&
|
|
100
|
-
(r.
|
|
116
|
+
(r.group == group && r.name == alarm) &&
|
|
101
117
|
(r.resource_id == resource['Id'] || r.resource_name == resource['Name'])}
|
|
118
|
+
|
|
102
119
|
unless res.nil?
|
|
103
120
|
res.maintenance_groups.append("#{maintenance_group}MaintenanceGroup")
|
|
104
121
|
end
|
|
122
|
+
|
|
105
123
|
end
|
|
106
124
|
end
|
|
107
125
|
end
|
|
@@ -113,11 +131,39 @@ module CfnGuardian
|
|
|
113
131
|
end
|
|
114
132
|
|
|
115
133
|
@ssm_parameters = @resources.select {|resource| resource.type == 'Event'}.map {|event| event.ssm_parameters}.flatten.uniq
|
|
134
|
+
|
|
135
|
+
validate_resources()
|
|
116
136
|
end
|
|
117
137
|
|
|
118
138
|
def alarms
|
|
119
139
|
@resources.select {|resource| resource.type == 'Alarm'}
|
|
120
140
|
end
|
|
141
|
+
|
|
142
|
+
def validate_resources()
|
|
143
|
+
errors = []
|
|
144
|
+
@resources.each do |resource|
|
|
145
|
+
case resource.type
|
|
146
|
+
when 'Alarm'
|
|
147
|
+
%w(metric_name namespace).each do |property|
|
|
148
|
+
if resource.send(property).nil?
|
|
149
|
+
errors << "Alarm #{resource.name} for resource #{resource.resource_id} has nil value for property #{property.to_camelcase}"
|
|
150
|
+
end
|
|
151
|
+
end
|
|
152
|
+
when 'Check'
|
|
153
|
+
# no validation check yet
|
|
154
|
+
when 'Event'
|
|
155
|
+
# no validation check yet
|
|
156
|
+
when 'Composite'
|
|
157
|
+
# no validation check yet
|
|
158
|
+
when 'EventSubscription'
|
|
159
|
+
# no validation check yet
|
|
160
|
+
when 'MetricFilter'
|
|
161
|
+
# no validation check yet
|
|
162
|
+
end
|
|
163
|
+
end
|
|
164
|
+
|
|
165
|
+
raise CfnGuardian::ValidationError, "#{errors.size} errors found\n[*] #{errors.join("\n[*] ")}" if errors.any?
|
|
166
|
+
end
|
|
121
167
|
|
|
122
168
|
def split_resources(bucket,path)
|
|
123
169
|
split = @resources.each_slice(200).to_a
|
|
@@ -142,7 +188,7 @@ module CfnGuardian
|
|
|
142
188
|
File.write("out/guardian.compiled.yaml", JSON.parse(valid.to_json).to_yaml)
|
|
143
189
|
|
|
144
190
|
resources.each_with_index do |resources,index|
|
|
145
|
-
stack = CfnGuardian::Stacks::Resources.new(main_stack.parameters)
|
|
191
|
+
stack = CfnGuardian::Stacks::Resources.new(main_stack.parameters,index)
|
|
146
192
|
stack.build_template(resources)
|
|
147
193
|
valid = stack.template.validate
|
|
148
194
|
File.write("out/guardian-stack-#{index}.compiled.yaml", JSON.parse(valid.to_json).to_yaml)
|
|
@@ -152,6 +198,43 @@ module CfnGuardian
|
|
|
152
198
|
def clean_out_directory
|
|
153
199
|
Dir["out/*.yaml"].each {|file| File.delete(file)}
|
|
154
200
|
end
|
|
201
|
+
|
|
202
|
+
def load_parameters(options)
|
|
203
|
+
parameters = {}
|
|
204
|
+
# Load sns topic parameters in order of preference
|
|
205
|
+
@topics.each do |key, value|
|
|
206
|
+
# if parameter is passed in as a command line option
|
|
207
|
+
if options.has_key?("sns_#{key.downcase}")
|
|
208
|
+
parameters[key.to_sym] = options["sns_#{key.downcase}"]
|
|
209
|
+
# if parameter is in config
|
|
210
|
+
elsif !value.empty?
|
|
211
|
+
parameters[key.to_sym] = value
|
|
212
|
+
# if parameter is set as environment variable
|
|
213
|
+
elsif ENV.has_key?("GUARDIAN_TOPIC_#{key.upcase}")
|
|
214
|
+
parameters[key.to_sym] = ENV["GUARDIAN_TOPIC_#{key.upcase}"]
|
|
215
|
+
end
|
|
216
|
+
end
|
|
217
|
+
|
|
218
|
+
return parameters
|
|
219
|
+
end
|
|
220
|
+
|
|
221
|
+
def genrate_template_config(parameters)
|
|
222
|
+
template = {
|
|
223
|
+
Tags: {
|
|
224
|
+
'guardian:version': CfnGuardian::VERSION
|
|
225
|
+
}
|
|
226
|
+
}
|
|
227
|
+
|
|
228
|
+
if ENV.has_key?('CODEBUILD_RESOLVED_SOURCE_VERSION')
|
|
229
|
+
template[:Tags][:'guardian:config:commit'] = ENV['CODEBUILD_RESOLVED_SOURCE_VERSION']
|
|
230
|
+
end
|
|
231
|
+
|
|
232
|
+
unless parameters.empty?
|
|
233
|
+
template[:Parameters] = parameters
|
|
234
|
+
end
|
|
235
|
+
|
|
236
|
+
File.write("out/template-config.guardian.json", template.to_json)
|
|
237
|
+
end
|
|
155
238
|
|
|
156
239
|
end
|
|
157
240
|
end
|
|
@@ -1,6 +1,15 @@
|
|
|
1
1
|
Resources:
|
|
2
2
|
AmazonMQBroker:
|
|
3
3
|
- Id: Default
|
|
4
|
+
AmazonMQRabbitMQBroker:
|
|
5
|
+
- Id: Default
|
|
6
|
+
AmazonMQRabbitMQNode:
|
|
7
|
+
- Id: Default
|
|
8
|
+
Node: Default
|
|
9
|
+
AmazonMQRabbitMQQueue:
|
|
10
|
+
- Id: Default
|
|
11
|
+
Queue: Default
|
|
12
|
+
Vhost: Default
|
|
4
13
|
ApiGateway:
|
|
5
14
|
- Id: Default
|
|
6
15
|
ApplicationTargetGroup:
|
data/lib/cfnguardian/deploy.rb
CHANGED
|
@@ -7,27 +7,13 @@ module CfnGuardian
|
|
|
7
7
|
class Deploy
|
|
8
8
|
include Logging
|
|
9
9
|
|
|
10
|
-
def initialize(opts,bucket)
|
|
10
|
+
def initialize(opts,bucket,parameters)
|
|
11
11
|
@stack_name = opts.fetch(:stack_name,'guardian')
|
|
12
12
|
@bucket = bucket
|
|
13
13
|
@prefix = @stack_name
|
|
14
14
|
@template_path = "out/guardian.compiled.yaml"
|
|
15
15
|
@template_url = "https://#{@bucket}.s3.amazonaws.com/#{@prefix}/guardian.compiled.yaml"
|
|
16
|
-
@parameters =
|
|
17
|
-
|
|
18
|
-
config = YAML.load_file(opts[:config])
|
|
19
|
-
if config.has_key?('Topics')
|
|
20
|
-
@parameters['Critical'] = config['Topics'].fetch('Critical','')
|
|
21
|
-
@parameters['Warning'] = config['Topics'].fetch('Warning','')
|
|
22
|
-
@parameters['Task'] = config['Topics'].fetch('Task','')
|
|
23
|
-
@parameters['Informational'] = config['Topics'].fetch('Informational','')
|
|
24
|
-
end
|
|
25
|
-
|
|
26
|
-
@parameters['Critical'] = opts.fetch(:sns_critical,@parameters['Critical'])
|
|
27
|
-
@parameters['Warning'] = opts.fetch(:sns_warning,@parameters['Warning'])
|
|
28
|
-
@parameters['Task'] = opts.fetch(:sns_task,@parameters['Task'])
|
|
29
|
-
@parameters['Informational'] = opts.fetch(:sns_informational,@parameters['Informational'])
|
|
30
|
-
|
|
16
|
+
@parameters = parameters
|
|
31
17
|
@client = Aws::CloudFormation::Client.new()
|
|
32
18
|
end
|
|
33
19
|
|
|
@@ -14,7 +14,6 @@ module CfnGuardian
|
|
|
14
14
|
|
|
15
15
|
@alarms.each do |alarm|
|
|
16
16
|
alarm_name = CfnGuardian::CloudWatch.get_alarm_name(alarm)
|
|
17
|
-
puts alarm_name
|
|
18
17
|
rows = [
|
|
19
18
|
['ResourceId', alarm.resource_id],
|
|
20
19
|
['ResourceHash', alarm.resource_hash],
|
|
@@ -52,7 +51,7 @@ module CfnGuardian
|
|
|
52
51
|
|
|
53
52
|
@alarms.each do |alarm|
|
|
54
53
|
alarm_name = CfnGuardian::CloudWatch.get_alarm_name(alarm)
|
|
55
|
-
metric_alarm = metric_alarms.find {|ma| ma.alarm_name
|
|
54
|
+
metric_alarm = metric_alarms.find {|ma| ma.alarm_name.include? alarm_name}
|
|
56
55
|
dimensions = metric_alarm.dimensions.map {|dim| {dim.name.to_sym => dim.value}}.inject(:merge)
|
|
57
56
|
|
|
58
57
|
rows = [
|
|
@@ -3,7 +3,7 @@ require 'digest/md5'
|
|
|
3
3
|
|
|
4
4
|
module CfnGuardian
|
|
5
5
|
module Models
|
|
6
|
-
class
|
|
6
|
+
class BaseAlarm
|
|
7
7
|
|
|
8
8
|
attr_reader :type,
|
|
9
9
|
:resource_hash
|
|
@@ -28,7 +28,8 @@ module CfnGuardian
|
|
|
28
28
|
:extended_statistic,
|
|
29
29
|
:evaluate_low_sample_count_percentile,
|
|
30
30
|
:unit,
|
|
31
|
-
:maintenance_groups
|
|
31
|
+
:maintenance_groups,
|
|
32
|
+
:additional_notifiers
|
|
32
33
|
|
|
33
34
|
def initialize(resource)
|
|
34
35
|
@type = 'Alarm'
|
|
@@ -54,6 +55,7 @@ module CfnGuardian
|
|
|
54
55
|
@alarm_action = 'Critical'
|
|
55
56
|
@treat_missing_data = nil
|
|
56
57
|
@maintenance_groups = []
|
|
58
|
+
@additional_notifiers = []
|
|
57
59
|
end
|
|
58
60
|
|
|
59
61
|
def metric_name=(metric_name)
|
|
@@ -63,7 +65,7 @@ module CfnGuardian
|
|
|
63
65
|
end
|
|
64
66
|
|
|
65
67
|
|
|
66
|
-
class ApiGatewayAlarm <
|
|
68
|
+
class ApiGatewayAlarm < BaseAlarm
|
|
67
69
|
def initialize(resource)
|
|
68
70
|
super(resource)
|
|
69
71
|
@group = 'ApiGateway'
|
|
@@ -72,7 +74,7 @@ module CfnGuardian
|
|
|
72
74
|
end
|
|
73
75
|
end
|
|
74
76
|
|
|
75
|
-
class ApplicationTargetGroupAlarm <
|
|
77
|
+
class ApplicationTargetGroupAlarm < BaseAlarm
|
|
76
78
|
def initialize(resource)
|
|
77
79
|
super(resource)
|
|
78
80
|
@group = 'ApplicationTargetGroup'
|
|
@@ -84,7 +86,7 @@ module CfnGuardian
|
|
|
84
86
|
end
|
|
85
87
|
end
|
|
86
88
|
|
|
87
|
-
class AmazonMQBrokerAlarm <
|
|
89
|
+
class AmazonMQBrokerAlarm < BaseAlarm
|
|
88
90
|
def initialize(resource)
|
|
89
91
|
super(resource)
|
|
90
92
|
@group = 'AmazonMQBroker'
|
|
@@ -92,8 +94,42 @@ module CfnGuardian
|
|
|
92
94
|
@dimensions = { Broker: resource['Id'] }
|
|
93
95
|
end
|
|
94
96
|
end
|
|
97
|
+
|
|
98
|
+
class AmazonMQRabbitMQBrokerAlarm < BaseAlarm
|
|
99
|
+
def initialize(resource)
|
|
100
|
+
super(resource)
|
|
101
|
+
@group = 'AmazonMQRabbitMQBroker'
|
|
102
|
+
@namespace = 'AWS/AmazonMQ'
|
|
103
|
+
@dimensions = { Broker: resource['Id'] }
|
|
104
|
+
end
|
|
105
|
+
end
|
|
106
|
+
|
|
107
|
+
class AmazonMQRabbitMQNodeAlarm < BaseAlarm
|
|
108
|
+
def initialize(resource)
|
|
109
|
+
super(resource)
|
|
110
|
+
@group = 'AmazonMQRabbitMQNode'
|
|
111
|
+
@namespace = 'AWS/AmazonMQ'
|
|
112
|
+
@dimensions = {
|
|
113
|
+
Broker: resource['Id'],
|
|
114
|
+
Node: resource['Node']
|
|
115
|
+
}
|
|
116
|
+
end
|
|
117
|
+
end
|
|
118
|
+
|
|
119
|
+
class AmazonMQRabbitMQQueueAlarm < BaseAlarm
|
|
120
|
+
def initialize(resource)
|
|
121
|
+
super(resource)
|
|
122
|
+
@group = 'AmazonMQRabbitMQQueue'
|
|
123
|
+
@namespace = 'AWS/AmazonMQ'
|
|
124
|
+
@dimensions = {
|
|
125
|
+
Broker: resource['Id'],
|
|
126
|
+
Queue: resource['Queue'],
|
|
127
|
+
VirtualHost: resource['Vhost']
|
|
128
|
+
}
|
|
129
|
+
end
|
|
130
|
+
end
|
|
95
131
|
|
|
96
|
-
class CloudFrontDistributionAlarm <
|
|
132
|
+
class CloudFrontDistributionAlarm < BaseAlarm
|
|
97
133
|
def initialize(resource)
|
|
98
134
|
super(resource)
|
|
99
135
|
@group = 'CloudFrontDistribution'
|
|
@@ -107,7 +143,7 @@ module CfnGuardian
|
|
|
107
143
|
end
|
|
108
144
|
end
|
|
109
145
|
|
|
110
|
-
class AutoScalingGroupAlarm <
|
|
146
|
+
class AutoScalingGroupAlarm < BaseAlarm
|
|
111
147
|
def initialize(resource)
|
|
112
148
|
super(resource)
|
|
113
149
|
@group = 'AutoScalingGroup'
|
|
@@ -116,7 +152,7 @@ module CfnGuardian
|
|
|
116
152
|
end
|
|
117
153
|
end
|
|
118
154
|
|
|
119
|
-
class DomainExpiryAlarm <
|
|
155
|
+
class DomainExpiryAlarm < BaseAlarm
|
|
120
156
|
def initialize(resource)
|
|
121
157
|
super(resource)
|
|
122
158
|
@group = 'DomainExpiry'
|
|
@@ -126,7 +162,7 @@ module CfnGuardian
|
|
|
126
162
|
end
|
|
127
163
|
end
|
|
128
164
|
|
|
129
|
-
class DynamoDBTableAlarm <
|
|
165
|
+
class DynamoDBTableAlarm < BaseAlarm
|
|
130
166
|
def initialize(resource)
|
|
131
167
|
super(resource)
|
|
132
168
|
@group = 'DynamoDBTable'
|
|
@@ -135,7 +171,7 @@ module CfnGuardian
|
|
|
135
171
|
end
|
|
136
172
|
end
|
|
137
173
|
|
|
138
|
-
class Ec2InstanceAlarm <
|
|
174
|
+
class Ec2InstanceAlarm < BaseAlarm
|
|
139
175
|
def initialize(resource)
|
|
140
176
|
super(resource)
|
|
141
177
|
@group = 'Ec2Instance'
|
|
@@ -144,7 +180,7 @@ module CfnGuardian
|
|
|
144
180
|
end
|
|
145
181
|
end
|
|
146
182
|
|
|
147
|
-
class ECSClusterAlarm <
|
|
183
|
+
class ECSClusterAlarm < BaseAlarm
|
|
148
184
|
def initialize(resource)
|
|
149
185
|
super(resource)
|
|
150
186
|
@group = 'ECSCluster'
|
|
@@ -156,7 +192,7 @@ module CfnGuardian
|
|
|
156
192
|
end
|
|
157
193
|
end
|
|
158
194
|
|
|
159
|
-
class ECSServiceAlarm <
|
|
195
|
+
class ECSServiceAlarm < BaseAlarm
|
|
160
196
|
def initialize(resource)
|
|
161
197
|
super(resource)
|
|
162
198
|
@group = 'ECSService'
|
|
@@ -168,7 +204,7 @@ module CfnGuardian
|
|
|
168
204
|
end
|
|
169
205
|
end
|
|
170
206
|
|
|
171
|
-
class ElastiCacheReplicationGroupAlarm <
|
|
207
|
+
class ElastiCacheReplicationGroupAlarm < BaseAlarm
|
|
172
208
|
def initialize(resource)
|
|
173
209
|
super(resource)
|
|
174
210
|
@group = 'ElastiCacheReplicationGroup'
|
|
@@ -177,7 +213,7 @@ module CfnGuardian
|
|
|
177
213
|
end
|
|
178
214
|
end
|
|
179
215
|
|
|
180
|
-
class ElasticLoadBalancerAlarm <
|
|
216
|
+
class ElasticLoadBalancerAlarm < BaseAlarm
|
|
181
217
|
def initialize(resource)
|
|
182
218
|
super(resource)
|
|
183
219
|
@group = 'ElasticLoadBalancer'
|
|
@@ -186,7 +222,7 @@ module CfnGuardian
|
|
|
186
222
|
end
|
|
187
223
|
end
|
|
188
224
|
|
|
189
|
-
class ElasticFileSystemAlarm <
|
|
225
|
+
class ElasticFileSystemAlarm < BaseAlarm
|
|
190
226
|
def initialize(resource)
|
|
191
227
|
super(resource)
|
|
192
228
|
@group = 'ElasticFileSystem'
|
|
@@ -195,7 +231,7 @@ module CfnGuardian
|
|
|
195
231
|
end
|
|
196
232
|
end
|
|
197
233
|
|
|
198
|
-
class HttpAlarm <
|
|
234
|
+
class HttpAlarm < BaseAlarm
|
|
199
235
|
def initialize(resource)
|
|
200
236
|
super(resource)
|
|
201
237
|
@group = 'Http'
|
|
@@ -207,7 +243,13 @@ module CfnGuardian
|
|
|
207
243
|
end
|
|
208
244
|
end
|
|
209
245
|
|
|
210
|
-
class
|
|
246
|
+
class InternalHttpAlarm < HttpAlarm
|
|
247
|
+
def initialize(resource)
|
|
248
|
+
super(resource)
|
|
249
|
+
end
|
|
250
|
+
end
|
|
251
|
+
|
|
252
|
+
class PortAlarm < BaseAlarm
|
|
211
253
|
def initialize(resource)
|
|
212
254
|
super(resource)
|
|
213
255
|
@group = 'Port'
|
|
@@ -218,8 +260,14 @@ module CfnGuardian
|
|
|
218
260
|
@evaluation_periods = 2
|
|
219
261
|
end
|
|
220
262
|
end
|
|
263
|
+
|
|
264
|
+
class InternalPortAlarm < PortAlarm
|
|
265
|
+
def initialize(resource)
|
|
266
|
+
super(resource)
|
|
267
|
+
end
|
|
268
|
+
end
|
|
221
269
|
|
|
222
|
-
class SslAlarm <
|
|
270
|
+
class SslAlarm < BaseAlarm
|
|
223
271
|
def initialize(resource)
|
|
224
272
|
super(resource)
|
|
225
273
|
@group = 'Ssl'
|
|
@@ -228,8 +276,14 @@ module CfnGuardian
|
|
|
228
276
|
@comparison_operator = 'LessThanThreshold'
|
|
229
277
|
end
|
|
230
278
|
end
|
|
279
|
+
|
|
280
|
+
class InternalSslAlarm < SslAlarm
|
|
281
|
+
def initialize(resource)
|
|
282
|
+
super(resource)
|
|
283
|
+
end
|
|
284
|
+
end
|
|
231
285
|
|
|
232
|
-
class NrpeAlarm <
|
|
286
|
+
class NrpeAlarm < BaseAlarm
|
|
233
287
|
def initialize(resource,environment)
|
|
234
288
|
super(resource)
|
|
235
289
|
@group = 'Nrpe'
|
|
@@ -240,7 +294,7 @@ module CfnGuardian
|
|
|
240
294
|
end
|
|
241
295
|
end
|
|
242
296
|
|
|
243
|
-
class LambdaAlarm <
|
|
297
|
+
class LambdaAlarm < BaseAlarm
|
|
244
298
|
def initialize(resource)
|
|
245
299
|
super(resource)
|
|
246
300
|
@group = 'Lambda'
|
|
@@ -251,7 +305,7 @@ module CfnGuardian
|
|
|
251
305
|
end
|
|
252
306
|
end
|
|
253
307
|
|
|
254
|
-
class NetworkTargetGroupAlarm <
|
|
308
|
+
class NetworkTargetGroupAlarm < BaseAlarm
|
|
255
309
|
def initialize(resource)
|
|
256
310
|
super(resource)
|
|
257
311
|
@group = 'NetworkTargetGroup'
|
|
@@ -263,7 +317,7 @@ module CfnGuardian
|
|
|
263
317
|
end
|
|
264
318
|
end
|
|
265
319
|
|
|
266
|
-
class RedshiftClusterAlarm <
|
|
320
|
+
class RedshiftClusterAlarm < BaseAlarm
|
|
267
321
|
def initialize(resource)
|
|
268
322
|
super(resource)
|
|
269
323
|
@group = 'RedshiftCluster'
|
|
@@ -272,7 +326,7 @@ module CfnGuardian
|
|
|
272
326
|
end
|
|
273
327
|
end
|
|
274
328
|
|
|
275
|
-
class RDSClusterInstanceAlarm <
|
|
329
|
+
class RDSClusterInstanceAlarm < BaseAlarm
|
|
276
330
|
def initialize(resource)
|
|
277
331
|
super(resource)
|
|
278
332
|
@group = 'RDSClusterInstance'
|
|
@@ -281,7 +335,7 @@ module CfnGuardian
|
|
|
281
335
|
end
|
|
282
336
|
end
|
|
283
337
|
|
|
284
|
-
class RDSInstanceAlarm <
|
|
338
|
+
class RDSInstanceAlarm < BaseAlarm
|
|
285
339
|
def initialize(resource)
|
|
286
340
|
super(resource)
|
|
287
341
|
@group = 'RDSInstance'
|
|
@@ -290,7 +344,7 @@ module CfnGuardian
|
|
|
290
344
|
end
|
|
291
345
|
end
|
|
292
346
|
|
|
293
|
-
class SqlAlarm <
|
|
347
|
+
class SqlAlarm < BaseAlarm
|
|
294
348
|
def initialize(resource)
|
|
295
349
|
super(resource)
|
|
296
350
|
@group = 'Sql'
|
|
@@ -301,7 +355,7 @@ module CfnGuardian
|
|
|
301
355
|
end
|
|
302
356
|
end
|
|
303
357
|
|
|
304
|
-
class SQSQueueAlarm <
|
|
358
|
+
class SQSQueueAlarm < BaseAlarm
|
|
305
359
|
def initialize(resource)
|
|
306
360
|
super(resource)
|
|
307
361
|
@group = 'SQSQueue'
|
|
@@ -312,7 +366,7 @@ module CfnGuardian
|
|
|
312
366
|
end
|
|
313
367
|
end
|
|
314
368
|
|
|
315
|
-
class LogGroupAlarm <
|
|
369
|
+
class LogGroupAlarm < BaseAlarm
|
|
316
370
|
def initialize(resource)
|
|
317
371
|
super(resource)
|
|
318
372
|
@group = 'LogGroup'
|
|
@@ -324,7 +378,7 @@ module CfnGuardian
|
|
|
324
378
|
end
|
|
325
379
|
end
|
|
326
380
|
|
|
327
|
-
class SFTPAlarm <
|
|
381
|
+
class SFTPAlarm < BaseAlarm
|
|
328
382
|
def initialize(resource)
|
|
329
383
|
super(resource)
|
|
330
384
|
@group = 'SFTP'
|
|
@@ -335,8 +389,14 @@ module CfnGuardian
|
|
|
335
389
|
@dimensions = { Host: resource['Id'], User: resource['User'] }
|
|
336
390
|
end
|
|
337
391
|
end
|
|
392
|
+
|
|
393
|
+
class InternalSFTPAlarm < SFTPAlarm
|
|
394
|
+
def initialize(resource)
|
|
395
|
+
super(resource)
|
|
396
|
+
end
|
|
397
|
+
end
|
|
338
398
|
|
|
339
|
-
class TLSAlarm <
|
|
399
|
+
class TLSAlarm < BaseAlarm
|
|
340
400
|
def initialize(resource)
|
|
341
401
|
super(resource)
|
|
342
402
|
@group = 'TLS'
|
|
@@ -349,6 +409,18 @@ module CfnGuardian
|
|
|
349
409
|
@evaluation_periods = 1
|
|
350
410
|
end
|
|
351
411
|
end
|
|
412
|
+
|
|
413
|
+
class AzureFileAlarm < BaseAlarm
|
|
414
|
+
def initialize(resource)
|
|
415
|
+
super(resource)
|
|
416
|
+
@group = 'AzureFile'
|
|
417
|
+
@namespace = 'FileAgeCheck'
|
|
418
|
+
@period = 300
|
|
419
|
+
@comparison_operator = 'GreaterThanThreshold'
|
|
420
|
+
@threshold = 0
|
|
421
|
+
@dimensions = { StorageAccount: resource['Id'], StorageContainer: resource['Container'] }
|
|
422
|
+
end
|
|
423
|
+
end
|
|
352
424
|
|
|
353
425
|
end
|
|
354
426
|
end
|