cfn-guardian 0.3.3 → 0.6.4

data/lib/cfnguardian/resources/redshift_cluster.rb

@@ -20,9 +20,9 @@ module CfnGuardian::Resource
       alarm = CfnGuardian::Models::RedshiftClusterAlarm.new(@resource)
       alarm.name = 'UnHealthyCluster'
       alarm.metric_name = 'HealthStatus'
-      alarm.threshold = 0
+      alarm.comparison_operator = 'LessThanThreshold'
+      alarm.threshold = 1
       alarm.evaluation_periods = 10
-      alarm.treat_missing_data = 'notBreaching'
       @alarms.push(alarm)
     end
     

data/lib/cfnguardian/resources/sftp.rb

@@ -29,7 +29,7 @@ module CfnGuardian::Resource
         alarm.threshold = 1000
         @alarms.push(alarm)
         
-        if @resource.has_key?('FileRegexMatch')
+        if @resource.has_key?('FileBodyMatch')
           alarm = CfnGuardian::Models::SFTPAlarm.new(@resource)
           alarm.name = 'FileBodyMatch'
           alarm.metric_name = 'FileBodyMatch'

data/lib/cfnguardian/resources/sql.rb

@@ -4,8 +4,8 @@ require 'cfnguardian/string'
 module CfnGuardian::Resource
   class Sql < Base
     
-    def initialize(resource)
-      super(resource)
+    def initialize(resource, override_group = nil)
+      super(resource, override_group)
       @resource_list = resource['Hosts']
       @environment = resource['Environment']
     end

data/lib/cfnguardian/stacks/main.rb

@@ -15,11 +15,11 @@ module CfnGuardian
       def build_template(stacks,checks,topics,maintenance_groups,ssm_parameters)     
         parameters = {}
            
-        %w(Critical Warning Task Informational).each do |name|
+        topics.each do |name, sns|
           parameter = @template.Parameter(name)
           parameter.Type 'String'
           parameter.Description "SNS topic ARN for #{name} notifications"
-          parameter.Default topics[name] if topics.has_key?(name)
+          parameter.Default sns
           parameters[name] = Ref(name)
         end
         
@@ -31,9 +31,9 @@ module CfnGuardian
         end
         
         add_iam_role(ssm_parameters)
-        
+                
         checks.each {|check| parameters["#{check.name}Function#{check.environment}"] = add_lambda(check)}
-        stacks.each {|stack| add_stack(stack['Name'],stack['TemplateURL'],parameters)}
+        stacks.each {|stack| add_stack(stack['Name'],stack['TemplateURL'],parameters,stack['Reference'])}
         
         @parameters = parameters.keys
       end
@@ -131,9 +131,9 @@ module CfnGuardian
               S3Key: "#{check.package}/master/#{check.version}.zip"
             })
             Handler check.handler
-            MemorySize 128
+            MemorySize check.memory
             Runtime check.runtime
-            Timeout 120
+            Timeout check.timeout
             Role FnGetAtt(:LambdaExecutionRole, :Arn)
             VpcConfig vpc_config unless vpc_config.empty?
             Tags([
@@ -152,14 +152,15 @@ module CfnGuardian
         return FnGetAtt("#{check.name}Function#{check.environment}", :Arn)
       end
       
-      def add_stack(name,url,stack_parameters)
+      def add_stack(name,url,stack_parameters,stack_id)
         @template.declare do
           CloudFormation_Stack(name) do
             Parameters stack_parameters
             TemplateURL url
             TimeoutInMinutes 15
             Tags([
-              { Key: 'Name', Value: "guardian-stack-#{name}" }
+              { Key: 'Name', Value: "guardian-stack-#{name}" },
+              { Key: 'guardian:stack-id', Value: "stk#{stack_id}"}
             ])
           end
         end

data/lib/cfnguardian/stacks/resources.rb

@@ -9,8 +9,10 @@ module CfnGuardian
       
       attr_reader :template
       
-      def initialize(parameters)
-        @template = CloudFormation("Guardian nested stack")
+      def initialize(parameters,stack_id)
+        @stack_id = stack_id
+
+        @template = CloudFormation("Guardian nested - stack-id:stk#{@stack_id}")
         parameters.each do |name|
           parameter = @template.Parameter(name)
           parameter.Type 'String'
@@ -28,6 +30,8 @@ module CfnGuardian
             add_composite_alarm(resource)
           when 'MetricFilter'
             add_metric_filter(resource)
+          when 'EventSubscription'
+            add_event_subscription(resource)
           else
             puts "Warn: #{resource.type} is a unsuported resource type"
           end
@@ -35,18 +39,19 @@ module CfnGuardian
       end
 
       def add_alarm(alarm)
-        actions = [Ref(alarm.alarm_action)]
+        actions = alarm.alarm_action.kind_of?(Array) ? alarm.alarm_action.map{|action| Ref(action)} : [Ref(alarm.alarm_action)]
         actions.concat alarm.maintenance_groups.map {|mg| Ref(mg)} if alarm.maintenance_groups.any?
+        stack_id = @stack_id
 
         @template.declare do
           CloudWatch_Alarm("#{alarm.resource_hash}#{alarm.group}#{alarm.name.gsub(/[^0-9a-zA-Z]/i, '')}#{alarm.type}"[0..255]) do
             ActionsEnabled true
             AlarmDescription "Guardian alarm #{alarm.name} for the resource #{alarm.resource_id} in alarm group #{alarm.group}"
-            AlarmName CfnGuardian::CloudWatch.get_alarm_name(alarm)
+            AlarmName CfnGuardian::CloudWatch.get_alarm_name(alarm) + "-stk#{stack_id}"
             ComparisonOperator alarm.comparison_operator
             Dimensions alarm.dimensions.map {|k,v| {Name: k, Value: v}} unless alarm.dimensions.nil?
             EvaluationPeriods alarm.evaluation_periods
-            Statistic alarm.statistic
+            Statistic alarm.statistic if alarm.extended_statistic.nil?
             Period alarm.period
             Threshold alarm.threshold
             MetricName alarm.metric_name
@@ -80,11 +85,13 @@ module CfnGuardian
       end
       
       def add_composite_alarm(alarm)
+        stack_id = @stack_id
+
         @template.declare do
           CloudWatch_CompositeAlarm(alarm.name.gsub(/[^0-9a-zA-Z]/i, '')) do
             
             AlarmDescription alarm.description
-            AlarmName "guardian-#{alarm.name}"
+            AlarmName "guardian-#{alarm.name}-stk#{stack_id}"
             AlarmRule alarm.rule
             
             unless alarm.alarm_action.nil?
@@ -113,6 +120,28 @@ module CfnGuardian
           end
         end
       end
+
+      def add_event_subscription(subscription)
+        event_pattern = {}
+        event_pattern['detail-type'] = [subscription.detail_type]
+        event_pattern['source'] = [subscription.source]
+        event_pattern['resources'] = [subscription.resource_arn] unless subscription.resource_arn.empty?
+        event_pattern['detail'] = subscription.detail unless subscription.detail.empty?
+
+        @template.declare do
+          Events_Rule("#{subscription.group}#{subscription.name}#{subscription.hash}"[0..255]) do
+            State subscription.enabled ? 'ENABLED' : 'DISABLED'
+            Description "Guardian event subscription #{subscription.group} #{subscription.name} for resource #{subscription.resource_id}"
+            EventPattern event_pattern
+            Targets [
+              {
+                Arn: Ref(subscription.topic),
+                Id: "#{subscription.topic}Notifier"
+              }
+            ]
+          end
+        end
+      end
       
     end
   end

data/lib/cfnguardian/version.rb

@@ -1,4 +1,4 @@
 module CfnGuardian
-  VERSION = "0.3.3"
+  VERSION = "0.6.4"
   CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-guardian
 version: !ruby/object:Gem::Version
-  version: 0.3.3
+  version: 0.6.4
 platform: ruby
 authors:
 - Guslington
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-07-02 00:00:00.000000000 Z
+date: 2021-03-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -204,14 +204,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 description: Manages AWS cloudwatch alarms with default templates using cloudformation
 email:
 - itsupport@base2services.com
@@ -221,7 +221,11 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".dockerignore"
+- ".github/workflows/build-gem.yml"
+- ".github/workflows/release-gem.yml"
+- ".github/workflows/release-image.yml"
 - ".gitignore"
+- ".rspec"
 - Dockerfile
 - Gemfile
 - Gemfile.lock
@@ -229,6 +233,25 @@ files:
 - README.md
 - Rakefile
 - cfn-guardian.gemspec
+- docs/alarm_templates.md
+- docs/cli.md
+- docs/composite_alarms.md
+- docs/custom_checks/azure_file_check.md
+- docs/custom_checks/domain_expiry.md
+- docs/custom_checks/http.md
+- docs/custom_checks/log_group_metric_filters.md
+- docs/custom_checks/nrpe.md
+- docs/custom_checks/port.md
+- docs/custom_checks/sftp.md
+- docs/custom_checks/sql.md
+- docs/custom_checks/tls.md
+- docs/custom_metrics.md
+- docs/event_subscriptions.md
+- docs/maintenance_mode.md
+- docs/notifiers.md
+- docs/overview.md
+- docs/resources.md
+- docs/variables.md
 - exe/cfn-guardian
 - lib/cfnguardian.rb
 - lib/cfnguardian/cloudwatch.rb
@@ -239,16 +262,20 @@ files:
 - lib/cfnguardian/deploy.rb
 - lib/cfnguardian/display_formatter.rb
 - lib/cfnguardian/drift.rb
+- lib/cfnguardian/error.rb
 - lib/cfnguardian/log.rb
 - lib/cfnguardian/models/alarm.rb
 - lib/cfnguardian/models/check.rb
 - lib/cfnguardian/models/composite.rb
 - lib/cfnguardian/models/event.rb
+- lib/cfnguardian/models/event_subscription.rb
 - lib/cfnguardian/models/metric_filter.rb
 - lib/cfnguardian/resources/amazonmq_broker.rb
+- lib/cfnguardian/resources/amazonmq_rabbitmq.rb
 - lib/cfnguardian/resources/apigateway.rb
 - lib/cfnguardian/resources/application_targetgroup.rb
 - lib/cfnguardian/resources/autoscaling_group.rb
+- lib/cfnguardian/resources/azure_file.rb
 - lib/cfnguardian/resources/base.rb
 - lib/cfnguardian/resources/cloudfront_distribution.rb
 - lib/cfnguardian/resources/domain_expiry.rb
@@ -268,6 +295,7 @@ files:
 - lib/cfnguardian/resources/network_targetgroup.rb
 - lib/cfnguardian/resources/nrpe.rb
 - lib/cfnguardian/resources/port.rb
+- lib/cfnguardian/resources/rds_cluster.rb
 - lib/cfnguardian/resources/rds_cluster_instance.rb
 - lib/cfnguardian/resources/rds_instance.rb
 - lib/cfnguardian/resources/redshift_cluster.rb
@@ -285,7 +313,6 @@ homepage: https://github.com/base2Services/cfn-guardian
 licenses:
 - MIT
 metadata:
-  allowed_push_host: https://rubygems.org
   homepage_uri: https://github.com/base2Services/cfn-guardian
   source_code_uri: https://github.com/base2Services/cfn-guardian
   changelog_uri: https://github.com/base2Services/cfn-guardian
@@ -304,8 +331,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.1.4
 signing_key: 
 specification_version: 4
 summary: Manages AWS cloudwatch alarms with default templates using cloudformation