cfn-guardian 0.3.3 → 0.6.4
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/build-gem.yml +25 -0
- data/.github/workflows/release-gem.yml +25 -0
- data/.github/workflows/release-image.yml +33 -0
- data/.rspec +1 -0
- data/Gemfile.lock +24 -24
- data/README.md +4 -772
- data/cfn-guardian.gemspec +1 -3
- data/docs/alarm_templates.md +130 -0
- data/docs/cli.md +182 -0
- data/docs/composite_alarms.md +24 -0
- data/docs/custom_checks/azure_file_check.md +28 -0
- data/docs/custom_checks/domain_expiry.md +10 -0
- data/docs/custom_checks/http.md +59 -0
- data/docs/custom_checks/log_group_metric_filters.md +27 -0
- data/docs/custom_checks/nrpe.md +29 -0
- data/docs/custom_checks/port.md +40 -0
- data/docs/custom_checks/sftp.md +73 -0
- data/docs/custom_checks/sql.md +44 -0
- data/docs/custom_checks/tls.md +25 -0
- data/docs/custom_metrics.md +71 -0
- data/docs/event_subscriptions.md +67 -0
- data/docs/maintenance_mode.md +85 -0
- data/docs/notifiers.md +33 -0
- data/docs/overview.md +22 -0
- data/docs/resources.md +93 -0
- data/docs/variables.md +58 -0
- data/lib/cfnguardian.rb +76 -62
- data/lib/cfnguardian/cloudwatch.rb +43 -32
- data/lib/cfnguardian/compile.rb +87 -4
- data/lib/cfnguardian/config/defaults.yaml +9 -0
- data/lib/cfnguardian/deploy.rb +2 -16
- data/lib/cfnguardian/display_formatter.rb +1 -2
- data/lib/cfnguardian/error.rb +4 -0
- data/lib/cfnguardian/models/alarm.rb +101 -29
- data/lib/cfnguardian/models/check.rb +30 -12
- data/lib/cfnguardian/models/event.rb +43 -15
- data/lib/cfnguardian/models/event_subscription.rb +96 -0
- data/lib/cfnguardian/resources/amazonmq_rabbitmq.rb +136 -0
- data/lib/cfnguardian/resources/azure_file.rb +20 -0
- data/lib/cfnguardian/resources/base.rb +126 -26
- data/lib/cfnguardian/resources/ec2_instance.rb +11 -0
- data/lib/cfnguardian/resources/http.rb +1 -0
- data/lib/cfnguardian/resources/internal_http.rb +8 -8
- data/lib/cfnguardian/resources/internal_port.rb +4 -4
- data/lib/cfnguardian/resources/internal_sftp.rb +8 -8
- data/lib/cfnguardian/resources/log_group.rb +2 -2
- data/lib/cfnguardian/resources/rds_cluster.rb +14 -0
- data/lib/cfnguardian/resources/rds_instance.rb +80 -0
- data/lib/cfnguardian/resources/redshift_cluster.rb +2 -2
- data/lib/cfnguardian/resources/sftp.rb +1 -1
- data/lib/cfnguardian/resources/sql.rb +2 -2
- data/lib/cfnguardian/stacks/main.rb +9 -8
- data/lib/cfnguardian/stacks/resources.rb +35 -6
- data/lib/cfnguardian/version.rb +1 -1
- metadata +33 -7
@@ -20,9 +20,9 @@ module CfnGuardian::Resource
|
|
20
20
|
alarm = CfnGuardian::Models::RedshiftClusterAlarm.new(@resource)
|
21
21
|
alarm.name = 'UnHealthyCluster'
|
22
22
|
alarm.metric_name = 'HealthStatus'
|
23
|
-
alarm.
|
23
|
+
alarm.comparison_operator = 'LessThanThreshold'
|
24
|
+
alarm.threshold = 1
|
24
25
|
alarm.evaluation_periods = 10
|
25
|
-
alarm.treat_missing_data = 'notBreaching'
|
26
26
|
@alarms.push(alarm)
|
27
27
|
end
|
28
28
|
|
@@ -29,7 +29,7 @@ module CfnGuardian::Resource
|
|
29
29
|
alarm.threshold = 1000
|
30
30
|
@alarms.push(alarm)
|
31
31
|
|
32
|
-
if @resource.has_key?('
|
32
|
+
if @resource.has_key?('FileBodyMatch')
|
33
33
|
alarm = CfnGuardian::Models::SFTPAlarm.new(@resource)
|
34
34
|
alarm.name = 'FileBodyMatch'
|
35
35
|
alarm.metric_name = 'FileBodyMatch'
|
@@ -4,8 +4,8 @@ require 'cfnguardian/string'
|
|
4
4
|
module CfnGuardian::Resource
|
5
5
|
class Sql < Base
|
6
6
|
|
7
|
-
def initialize(resource)
|
8
|
-
super(resource)
|
7
|
+
def initialize(resource, override_group = nil)
|
8
|
+
super(resource, override_group)
|
9
9
|
@resource_list = resource['Hosts']
|
10
10
|
@environment = resource['Environment']
|
11
11
|
end
|
@@ -15,11 +15,11 @@ module CfnGuardian
|
|
15
15
|
def build_template(stacks,checks,topics,maintenance_groups,ssm_parameters)
|
16
16
|
parameters = {}
|
17
17
|
|
18
|
-
|
18
|
+
topics.each do |name, sns|
|
19
19
|
parameter = @template.Parameter(name)
|
20
20
|
parameter.Type 'String'
|
21
21
|
parameter.Description "SNS topic ARN for #{name} notifications"
|
22
|
-
parameter.Default
|
22
|
+
parameter.Default sns
|
23
23
|
parameters[name] = Ref(name)
|
24
24
|
end
|
25
25
|
|
@@ -31,9 +31,9 @@ module CfnGuardian
|
|
31
31
|
end
|
32
32
|
|
33
33
|
add_iam_role(ssm_parameters)
|
34
|
-
|
34
|
+
|
35
35
|
checks.each {|check| parameters["#{check.name}Function#{check.environment}"] = add_lambda(check)}
|
36
|
-
stacks.each {|stack| add_stack(stack['Name'],stack['TemplateURL'],parameters)}
|
36
|
+
stacks.each {|stack| add_stack(stack['Name'],stack['TemplateURL'],parameters,stack['Reference'])}
|
37
37
|
|
38
38
|
@parameters = parameters.keys
|
39
39
|
end
|
@@ -131,9 +131,9 @@ module CfnGuardian
|
|
131
131
|
S3Key: "#{check.package}/master/#{check.version}.zip"
|
132
132
|
})
|
133
133
|
Handler check.handler
|
134
|
-
MemorySize
|
134
|
+
MemorySize check.memory
|
135
135
|
Runtime check.runtime
|
136
|
-
Timeout
|
136
|
+
Timeout check.timeout
|
137
137
|
Role FnGetAtt(:LambdaExecutionRole, :Arn)
|
138
138
|
VpcConfig vpc_config unless vpc_config.empty?
|
139
139
|
Tags([
|
@@ -152,14 +152,15 @@ module CfnGuardian
|
|
152
152
|
return FnGetAtt("#{check.name}Function#{check.environment}", :Arn)
|
153
153
|
end
|
154
154
|
|
155
|
-
def add_stack(name,url,stack_parameters)
|
155
|
+
def add_stack(name,url,stack_parameters,stack_id)
|
156
156
|
@template.declare do
|
157
157
|
CloudFormation_Stack(name) do
|
158
158
|
Parameters stack_parameters
|
159
159
|
TemplateURL url
|
160
160
|
TimeoutInMinutes 15
|
161
161
|
Tags([
|
162
|
-
{ Key: 'Name', Value: "guardian-stack-#{name}" }
|
162
|
+
{ Key: 'Name', Value: "guardian-stack-#{name}" },
|
163
|
+
{ Key: 'guardian:stack-id', Value: "stk#{stack_id}"}
|
163
164
|
])
|
164
165
|
end
|
165
166
|
end
|
@@ -9,8 +9,10 @@ module CfnGuardian
|
|
9
9
|
|
10
10
|
attr_reader :template
|
11
11
|
|
12
|
-
def initialize(parameters)
|
13
|
-
@
|
12
|
+
def initialize(parameters,stack_id)
|
13
|
+
@stack_id = stack_id
|
14
|
+
|
15
|
+
@template = CloudFormation("Guardian nested - stack-id:stk#{@stack_id}")
|
14
16
|
parameters.each do |name|
|
15
17
|
parameter = @template.Parameter(name)
|
16
18
|
parameter.Type 'String'
|
@@ -28,6 +30,8 @@ module CfnGuardian
|
|
28
30
|
add_composite_alarm(resource)
|
29
31
|
when 'MetricFilter'
|
30
32
|
add_metric_filter(resource)
|
33
|
+
when 'EventSubscription'
|
34
|
+
add_event_subscription(resource)
|
31
35
|
else
|
32
36
|
puts "Warn: #{resource.type} is a unsuported resource type"
|
33
37
|
end
|
@@ -35,18 +39,19 @@ module CfnGuardian
|
|
35
39
|
end
|
36
40
|
|
37
41
|
def add_alarm(alarm)
|
38
|
-
actions = [Ref(alarm.alarm_action)]
|
42
|
+
actions = alarm.alarm_action.kind_of?(Array) ? alarm.alarm_action.map{|action| Ref(action)} : [Ref(alarm.alarm_action)]
|
39
43
|
actions.concat alarm.maintenance_groups.map {|mg| Ref(mg)} if alarm.maintenance_groups.any?
|
44
|
+
stack_id = @stack_id
|
40
45
|
|
41
46
|
@template.declare do
|
42
47
|
CloudWatch_Alarm("#{alarm.resource_hash}#{alarm.group}#{alarm.name.gsub(/[^0-9a-zA-Z]/i, '')}#{alarm.type}"[0..255]) do
|
43
48
|
ActionsEnabled true
|
44
49
|
AlarmDescription "Guardian alarm #{alarm.name} for the resource #{alarm.resource_id} in alarm group #{alarm.group}"
|
45
|
-
AlarmName CfnGuardian::CloudWatch.get_alarm_name(alarm)
|
50
|
+
AlarmName CfnGuardian::CloudWatch.get_alarm_name(alarm) + "-stk#{stack_id}"
|
46
51
|
ComparisonOperator alarm.comparison_operator
|
47
52
|
Dimensions alarm.dimensions.map {|k,v| {Name: k, Value: v}} unless alarm.dimensions.nil?
|
48
53
|
EvaluationPeriods alarm.evaluation_periods
|
49
|
-
Statistic alarm.statistic
|
54
|
+
Statistic alarm.statistic if alarm.extended_statistic.nil?
|
50
55
|
Period alarm.period
|
51
56
|
Threshold alarm.threshold
|
52
57
|
MetricName alarm.metric_name
|
@@ -80,11 +85,13 @@ module CfnGuardian
|
|
80
85
|
end
|
81
86
|
|
82
87
|
def add_composite_alarm(alarm)
|
88
|
+
stack_id = @stack_id
|
89
|
+
|
83
90
|
@template.declare do
|
84
91
|
CloudWatch_CompositeAlarm(alarm.name.gsub(/[^0-9a-zA-Z]/i, '')) do
|
85
92
|
|
86
93
|
AlarmDescription alarm.description
|
87
|
-
AlarmName "guardian-#{alarm.name}"
|
94
|
+
AlarmName "guardian-#{alarm.name}-stk#{stack_id}"
|
88
95
|
AlarmRule alarm.rule
|
89
96
|
|
90
97
|
unless alarm.alarm_action.nil?
|
@@ -113,6 +120,28 @@ module CfnGuardian
|
|
113
120
|
end
|
114
121
|
end
|
115
122
|
end
|
123
|
+
|
124
|
+
def add_event_subscription(subscription)
|
125
|
+
event_pattern = {}
|
126
|
+
event_pattern['detail-type'] = [subscription.detail_type]
|
127
|
+
event_pattern['source'] = [subscription.source]
|
128
|
+
event_pattern['resources'] = [subscription.resource_arn] unless subscription.resource_arn.empty?
|
129
|
+
event_pattern['detail'] = subscription.detail unless subscription.detail.empty?
|
130
|
+
|
131
|
+
@template.declare do
|
132
|
+
Events_Rule("#{subscription.group}#{subscription.name}#{subscription.hash}"[0..255]) do
|
133
|
+
State subscription.enabled ? 'ENABLED' : 'DISABLED'
|
134
|
+
Description "Guardian event subscription #{subscription.group} #{subscription.name} for resource #{subscription.resource_id}"
|
135
|
+
EventPattern event_pattern
|
136
|
+
Targets [
|
137
|
+
{
|
138
|
+
Arn: Ref(subscription.topic),
|
139
|
+
Id: "#{subscription.topic}Notifier"
|
140
|
+
}
|
141
|
+
]
|
142
|
+
end
|
143
|
+
end
|
144
|
+
end
|
116
145
|
|
117
146
|
end
|
118
147
|
end
|
data/lib/cfnguardian/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-guardian
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 0.6.4
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Guslington
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2021-03-03 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -204,14 +204,14 @@ dependencies:
|
|
204
204
|
requirements:
|
205
205
|
- - "~>"
|
206
206
|
- !ruby/object:Gem::Version
|
207
|
-
version: '
|
207
|
+
version: '13.0'
|
208
208
|
type: :development
|
209
209
|
prerelease: false
|
210
210
|
version_requirements: !ruby/object:Gem::Requirement
|
211
211
|
requirements:
|
212
212
|
- - "~>"
|
213
213
|
- !ruby/object:Gem::Version
|
214
|
-
version: '
|
214
|
+
version: '13.0'
|
215
215
|
description: Manages AWS cloudwatch alarms with default templates using cloudformation
|
216
216
|
email:
|
217
217
|
- itsupport@base2services.com
|
@@ -221,7 +221,11 @@ extensions: []
|
|
221
221
|
extra_rdoc_files: []
|
222
222
|
files:
|
223
223
|
- ".dockerignore"
|
224
|
+
- ".github/workflows/build-gem.yml"
|
225
|
+
- ".github/workflows/release-gem.yml"
|
226
|
+
- ".github/workflows/release-image.yml"
|
224
227
|
- ".gitignore"
|
228
|
+
- ".rspec"
|
225
229
|
- Dockerfile
|
226
230
|
- Gemfile
|
227
231
|
- Gemfile.lock
|
@@ -229,6 +233,25 @@ files:
|
|
229
233
|
- README.md
|
230
234
|
- Rakefile
|
231
235
|
- cfn-guardian.gemspec
|
236
|
+
- docs/alarm_templates.md
|
237
|
+
- docs/cli.md
|
238
|
+
- docs/composite_alarms.md
|
239
|
+
- docs/custom_checks/azure_file_check.md
|
240
|
+
- docs/custom_checks/domain_expiry.md
|
241
|
+
- docs/custom_checks/http.md
|
242
|
+
- docs/custom_checks/log_group_metric_filters.md
|
243
|
+
- docs/custom_checks/nrpe.md
|
244
|
+
- docs/custom_checks/port.md
|
245
|
+
- docs/custom_checks/sftp.md
|
246
|
+
- docs/custom_checks/sql.md
|
247
|
+
- docs/custom_checks/tls.md
|
248
|
+
- docs/custom_metrics.md
|
249
|
+
- docs/event_subscriptions.md
|
250
|
+
- docs/maintenance_mode.md
|
251
|
+
- docs/notifiers.md
|
252
|
+
- docs/overview.md
|
253
|
+
- docs/resources.md
|
254
|
+
- docs/variables.md
|
232
255
|
- exe/cfn-guardian
|
233
256
|
- lib/cfnguardian.rb
|
234
257
|
- lib/cfnguardian/cloudwatch.rb
|
@@ -239,16 +262,20 @@ files:
|
|
239
262
|
- lib/cfnguardian/deploy.rb
|
240
263
|
- lib/cfnguardian/display_formatter.rb
|
241
264
|
- lib/cfnguardian/drift.rb
|
265
|
+
- lib/cfnguardian/error.rb
|
242
266
|
- lib/cfnguardian/log.rb
|
243
267
|
- lib/cfnguardian/models/alarm.rb
|
244
268
|
- lib/cfnguardian/models/check.rb
|
245
269
|
- lib/cfnguardian/models/composite.rb
|
246
270
|
- lib/cfnguardian/models/event.rb
|
271
|
+
- lib/cfnguardian/models/event_subscription.rb
|
247
272
|
- lib/cfnguardian/models/metric_filter.rb
|
248
273
|
- lib/cfnguardian/resources/amazonmq_broker.rb
|
274
|
+
- lib/cfnguardian/resources/amazonmq_rabbitmq.rb
|
249
275
|
- lib/cfnguardian/resources/apigateway.rb
|
250
276
|
- lib/cfnguardian/resources/application_targetgroup.rb
|
251
277
|
- lib/cfnguardian/resources/autoscaling_group.rb
|
278
|
+
- lib/cfnguardian/resources/azure_file.rb
|
252
279
|
- lib/cfnguardian/resources/base.rb
|
253
280
|
- lib/cfnguardian/resources/cloudfront_distribution.rb
|
254
281
|
- lib/cfnguardian/resources/domain_expiry.rb
|
@@ -268,6 +295,7 @@ files:
|
|
268
295
|
- lib/cfnguardian/resources/network_targetgroup.rb
|
269
296
|
- lib/cfnguardian/resources/nrpe.rb
|
270
297
|
- lib/cfnguardian/resources/port.rb
|
298
|
+
- lib/cfnguardian/resources/rds_cluster.rb
|
271
299
|
- lib/cfnguardian/resources/rds_cluster_instance.rb
|
272
300
|
- lib/cfnguardian/resources/rds_instance.rb
|
273
301
|
- lib/cfnguardian/resources/redshift_cluster.rb
|
@@ -285,7 +313,6 @@ homepage: https://github.com/base2Services/cfn-guardian
|
|
285
313
|
licenses:
|
286
314
|
- MIT
|
287
315
|
metadata:
|
288
|
-
allowed_push_host: https://rubygems.org
|
289
316
|
homepage_uri: https://github.com/base2Services/cfn-guardian
|
290
317
|
source_code_uri: https://github.com/base2Services/cfn-guardian
|
291
318
|
changelog_uri: https://github.com/base2Services/cfn-guardian
|
@@ -304,8 +331,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
304
331
|
- !ruby/object:Gem::Version
|
305
332
|
version: '0'
|
306
333
|
requirements: []
|
307
|
-
|
308
|
-
rubygems_version: 2.7.6
|
334
|
+
rubygems_version: 3.1.4
|
309
335
|
signing_key:
|
310
336
|
specification_version: 4
|
311
337
|
summary: Manages AWS cloudwatch alarms with default templates using cloudformation
|