cfn-guardian 0.4.0 → 0.6.2
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/build-gem.yml +25 -0
- data/.github/workflows/release-gem.yml +25 -0
- data/.github/workflows/release-image.yml +33 -0
- data/.rspec +1 -0
- data/Gemfile.lock +13 -13
- data/README.md +3 -819
- data/cfn-guardian.gemspec +1 -3
- data/docs/alarm_templates.md +130 -0
- data/docs/cli.md +182 -0
- data/docs/composite_alarms.md +24 -0
- data/docs/custom_checks/azure_file_check.md +28 -0
- data/docs/custom_checks/domain_expiry.md +10 -0
- data/docs/custom_checks/http.md +59 -0
- data/docs/custom_checks/log_group_metric_filters.md +27 -0
- data/docs/custom_checks/nrpe.md +29 -0
- data/docs/custom_checks/port.md +40 -0
- data/docs/custom_checks/sftp.md +73 -0
- data/docs/custom_checks/sql.md +44 -0
- data/docs/custom_checks/tls.md +25 -0
- data/docs/custom_metrics.md +71 -0
- data/docs/event_subscriptions.md +67 -0
- data/docs/maintenance_mode.md +85 -0
- data/docs/notifiers.md +33 -0
- data/docs/overview.md +22 -0
- data/docs/resources.md +93 -0
- data/docs/variables.md +58 -0
- data/lib/cfnguardian.rb +72 -58
- data/lib/cfnguardian/cloudwatch.rb +43 -32
- data/lib/cfnguardian/compile.rb +82 -5
- data/lib/cfnguardian/deploy.rb +2 -16
- data/lib/cfnguardian/display_formatter.rb +1 -2
- data/lib/cfnguardian/error.rb +4 -0
- data/lib/cfnguardian/models/alarm.rb +40 -28
- data/lib/cfnguardian/models/check.rb +30 -12
- data/lib/cfnguardian/models/event.rb +43 -15
- data/lib/cfnguardian/models/event_subscription.rb +96 -0
- data/lib/cfnguardian/resources/azure_file.rb +20 -0
- data/lib/cfnguardian/resources/base.rb +111 -26
- data/lib/cfnguardian/resources/ec2_instance.rb +11 -0
- data/lib/cfnguardian/resources/http.rb +1 -0
- data/lib/cfnguardian/resources/rds_cluster.rb +14 -0
- data/lib/cfnguardian/resources/rds_instance.rb +71 -0
- data/lib/cfnguardian/stacks/main.rb +7 -6
- data/lib/cfnguardian/stacks/resources.rb +34 -5
- data/lib/cfnguardian/version.rb +1 -1
- metadata +35 -10
@@ -9,50 +9,61 @@ module CfnGuardian
|
|
9
9
|
alarm_id = alarm.resource_name.nil? ? alarm.resource_id : alarm.resource_name
|
10
10
|
return "guardian-#{alarm.group}-#{alarm_id}-#{alarm.name}"
|
11
11
|
end
|
12
|
-
|
13
|
-
def self.
|
14
|
-
alarm_names = alarms.map {|alarm| self.get_alarm_name(alarm)}
|
15
|
-
|
12
|
+
|
13
|
+
def self.get_alarms_by_prefix(prefix:, state: nil, action_prefix: nil)
|
16
14
|
client = Aws::CloudWatch::Client.new()
|
15
|
+
options = {max_records: 100}
|
16
|
+
options[:alarm_name_prefix] = prefix
|
17
|
+
|
18
|
+
unless state.nil?
|
19
|
+
options[:state_value] = state
|
20
|
+
end
|
21
|
+
|
22
|
+
unless action_prefix.nil?
|
23
|
+
options[:action_prefix] = action_prefix
|
24
|
+
end
|
25
|
+
|
26
|
+
resp = client.describe_alarms(options)
|
27
|
+
return resp.metric_alarms
|
28
|
+
end
|
29
|
+
|
30
|
+
def self.get_alarms_by_name(alarm_names:, state: nil, action_prefix: nil)
|
31
|
+
client = Aws::CloudWatch::Client.new()
|
32
|
+
options = {max_records: 100}
|
33
|
+
|
34
|
+
unless state.nil?
|
35
|
+
options[:state_value] = state
|
36
|
+
end
|
37
|
+
|
38
|
+
unless action_prefix.nil?
|
39
|
+
options[:action_prefix] = "arn:aws:sns:#{Aws.config[:region]}:#{aws_account_id()}:#{action_prefix}"
|
40
|
+
end
|
41
|
+
|
17
42
|
metric_alarms = []
|
18
43
|
alarm_names.each_slice(100) do |batch|
|
19
|
-
|
44
|
+
options[:alarm_names] = batch
|
45
|
+
resp = client.describe_alarms(options)
|
20
46
|
metric_alarms.push(*resp.metric_alarms)
|
21
47
|
end
|
22
|
-
|
48
|
+
|
23
49
|
return metric_alarms
|
24
50
|
end
|
25
|
-
|
26
|
-
def self.
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
31
|
-
|
32
|
-
|
33
|
-
|
34
|
-
|
35
|
-
options = {max_records: 100}
|
36
|
-
options[:state_value] = state if !state.nil?
|
37
|
-
|
38
|
-
cw_alarms = []
|
39
|
-
if !alarm_prefix.nil?
|
40
|
-
options[:alarm_name_prefix] = alarm_prefix
|
41
|
-
resp = client.describe_alarms(options)
|
42
|
-
cw_alarms = resp.metric_alarms
|
43
|
-
else
|
44
|
-
alarm_names.each_slice(100) do |batch|
|
45
|
-
options[:alarm_names] = batch
|
46
|
-
resp = client.describe_alarms(options)
|
47
|
-
cw_alarms.push(*resp.metric_alarms)
|
51
|
+
|
52
|
+
def self.filter_alarms(filters:, alarms:)
|
53
|
+
return alarms unless filters.is_a?(Hash)
|
54
|
+
filters = filters.slice('group', 'resource', 'alarm', 'stack-id')
|
55
|
+
|
56
|
+
filtered_alarms = []
|
57
|
+
alarms.each do |alarm|
|
58
|
+
if filters.values.all? {|filter| alarm.alarm_name.include? (filter)}
|
59
|
+
filtered_alarms << alarm
|
48
60
|
end
|
49
61
|
end
|
50
|
-
|
51
|
-
return
|
62
|
+
|
63
|
+
return filtered_alarms
|
52
64
|
end
|
53
65
|
|
54
66
|
def self.get_alarm_history(alarm_name,type)
|
55
|
-
rows = []
|
56
67
|
client = Aws::CloudWatch::Client.new()
|
57
68
|
|
58
69
|
logger.debug "Searching #{type} history for #{alarm_name}"
|
data/lib/cfnguardian/compile.rb
CHANGED
@@ -35,6 +35,9 @@ require 'cfnguardian/resources/log_group'
|
|
35
35
|
require 'cfnguardian/resources/sftp'
|
36
36
|
require 'cfnguardian/resources/internal_sftp'
|
37
37
|
require 'cfnguardian/resources/tls'
|
38
|
+
require 'cfnguardian/resources/azure_file'
|
39
|
+
require 'cfnguardian/version'
|
40
|
+
require 'cfnguardian/error'
|
38
41
|
|
39
42
|
module CfnGuardian
|
40
43
|
class Compile
|
@@ -50,9 +53,10 @@ module CfnGuardian
|
|
50
53
|
@templates = config.fetch('Templates',{})
|
51
54
|
@topics = config.fetch('Topics',{})
|
52
55
|
@maintenance_groups = config.fetch('MaintenaceGroups', {})
|
56
|
+
@event_subscriptions = config.fetch('EventSubscriptions', {})
|
53
57
|
|
54
58
|
# Make sure the default topics exist if they aren't supplied in the alarms.yaml
|
55
|
-
%w(Critical Warning Task Informational).each do |topic|
|
59
|
+
%w(Critical Warning Task Informational Events).each do |topic|
|
56
60
|
@topics[topic] = '' unless @topics.has_key?(topic)
|
57
61
|
end
|
58
62
|
|
@@ -86,10 +90,15 @@ module CfnGuardian
|
|
86
90
|
end
|
87
91
|
end
|
88
92
|
|
89
|
-
|
90
|
-
@resources.concat resource_class.get_alarms(
|
93
|
+
template_overides = @templates.has_key?(group) ? @templates[group] : {}
|
94
|
+
@resources.concat resource_class.get_alarms(group,template_overides)
|
95
|
+
|
91
96
|
@resources.concat resource_class.get_metric_filters()
|
92
97
|
@resources.concat resource_class.get_events()
|
98
|
+
|
99
|
+
event_subscriptions = @event_subscriptions.has_key?(group) ? @event_subscriptions[group] : {}
|
100
|
+
@resources.concat resource_class.get_event_subscriptions(group,event_subscriptions)
|
101
|
+
|
93
102
|
@checks.concat resource_class.get_checks()
|
94
103
|
|
95
104
|
@cost += resource_class.get_cost
|
@@ -100,13 +109,16 @@ module CfnGuardian
|
|
100
109
|
resource_groups.each do |group, alarms|
|
101
110
|
alarms.each do |alarm, resources|
|
102
111
|
resources.each do |resource|
|
112
|
+
|
103
113
|
res = @resources.find {|r|
|
104
114
|
(r.type == 'Alarm') &&
|
105
|
-
(r.
|
115
|
+
(r.group == group && r.name == alarm) &&
|
106
116
|
(r.resource_id == resource['Id'] || r.resource_name == resource['Name'])}
|
117
|
+
|
107
118
|
unless res.nil?
|
108
119
|
res.maintenance_groups.append("#{maintenance_group}MaintenanceGroup")
|
109
120
|
end
|
121
|
+
|
110
122
|
end
|
111
123
|
end
|
112
124
|
end
|
@@ -118,11 +130,39 @@ module CfnGuardian
|
|
118
130
|
end
|
119
131
|
|
120
132
|
@ssm_parameters = @resources.select {|resource| resource.type == 'Event'}.map {|event| event.ssm_parameters}.flatten.uniq
|
133
|
+
|
134
|
+
validate_resources()
|
121
135
|
end
|
122
136
|
|
123
137
|
def alarms
|
124
138
|
@resources.select {|resource| resource.type == 'Alarm'}
|
125
139
|
end
|
140
|
+
|
141
|
+
def validate_resources()
|
142
|
+
errors = []
|
143
|
+
@resources.each do |resource|
|
144
|
+
case resource.type
|
145
|
+
when 'Alarm'
|
146
|
+
%w(metric_name namespace).each do |property|
|
147
|
+
if resource.send(property).nil?
|
148
|
+
errors << "Alarm #{resource.name} for resource #{resource.resource_id} has nil value for property #{property.to_camelcase}"
|
149
|
+
end
|
150
|
+
end
|
151
|
+
when 'Check'
|
152
|
+
# no validation check yet
|
153
|
+
when 'Event'
|
154
|
+
# no validation check yet
|
155
|
+
when 'Composite'
|
156
|
+
# no validation check yet
|
157
|
+
when 'EventSubscription'
|
158
|
+
# no validation check yet
|
159
|
+
when 'MetricFilter'
|
160
|
+
# no validation check yet
|
161
|
+
end
|
162
|
+
end
|
163
|
+
|
164
|
+
raise CfnGuardian::ValidationError, "#{errors.size} errors found\n[*] #{errors.join("\n[*] ")}" if errors.any?
|
165
|
+
end
|
126
166
|
|
127
167
|
def split_resources(bucket,path)
|
128
168
|
split = @resources.each_slice(200).to_a
|
@@ -147,7 +187,7 @@ module CfnGuardian
|
|
147
187
|
File.write("out/guardian.compiled.yaml", JSON.parse(valid.to_json).to_yaml)
|
148
188
|
|
149
189
|
resources.each_with_index do |resources,index|
|
150
|
-
stack = CfnGuardian::Stacks::Resources.new(main_stack.parameters)
|
190
|
+
stack = CfnGuardian::Stacks::Resources.new(main_stack.parameters,index)
|
151
191
|
stack.build_template(resources)
|
152
192
|
valid = stack.template.validate
|
153
193
|
File.write("out/guardian-stack-#{index}.compiled.yaml", JSON.parse(valid.to_json).to_yaml)
|
@@ -157,6 +197,43 @@ module CfnGuardian
|
|
157
197
|
def clean_out_directory
|
158
198
|
Dir["out/*.yaml"].each {|file| File.delete(file)}
|
159
199
|
end
|
200
|
+
|
201
|
+
def load_parameters(options)
|
202
|
+
parameters = {}
|
203
|
+
# Load sns topic parameters in order of preference
|
204
|
+
@topics.each do |key, value|
|
205
|
+
# if parameter is passed in as a command line option
|
206
|
+
if options.has_key?("sns_#{key.downcase}")
|
207
|
+
parameters[key.to_sym] = options["sns_#{key.downcase}"]
|
208
|
+
# if parameter is in config
|
209
|
+
elsif !value.empty?
|
210
|
+
parameters[key.to_sym] = value
|
211
|
+
# if parameter is set as environment variable
|
212
|
+
elsif ENV.has_key?("GUARDIAN_TOPIC_#{key.upcase}")
|
213
|
+
parameters[key.to_sym] = ENV["GUARDIAN_TOPIC_#{key.upcase}"]
|
214
|
+
end
|
215
|
+
end
|
216
|
+
|
217
|
+
return parameters
|
218
|
+
end
|
219
|
+
|
220
|
+
def genrate_template_config(parameters)
|
221
|
+
template = {
|
222
|
+
Tags: {
|
223
|
+
'guardian:version': CfnGuardian::VERSION
|
224
|
+
}
|
225
|
+
}
|
226
|
+
|
227
|
+
if ENV.has_key?('CODEBUILD_RESOLVED_SOURCE_VERSION')
|
228
|
+
template[:Tags][:'guardian:config:commit'] = ENV['CODEBUILD_RESOLVED_SOURCE_VERSION']
|
229
|
+
end
|
230
|
+
|
231
|
+
unless parameters.empty?
|
232
|
+
template[:Parameters] = parameters
|
233
|
+
end
|
234
|
+
|
235
|
+
File.write("out/template-config.guardian.json", template.to_json)
|
236
|
+
end
|
160
237
|
|
161
238
|
end
|
162
239
|
end
|
data/lib/cfnguardian/deploy.rb
CHANGED
@@ -7,27 +7,13 @@ module CfnGuardian
|
|
7
7
|
class Deploy
|
8
8
|
include Logging
|
9
9
|
|
10
|
-
def initialize(opts,bucket)
|
10
|
+
def initialize(opts,bucket,parameters)
|
11
11
|
@stack_name = opts.fetch(:stack_name,'guardian')
|
12
12
|
@bucket = bucket
|
13
13
|
@prefix = @stack_name
|
14
14
|
@template_path = "out/guardian.compiled.yaml"
|
15
15
|
@template_url = "https://#{@bucket}.s3.amazonaws.com/#{@prefix}/guardian.compiled.yaml"
|
16
|
-
@parameters =
|
17
|
-
|
18
|
-
config = YAML.load_file(opts[:config])
|
19
|
-
if config.has_key?('Topics')
|
20
|
-
@parameters['Critical'] = config['Topics'].fetch('Critical','')
|
21
|
-
@parameters['Warning'] = config['Topics'].fetch('Warning','')
|
22
|
-
@parameters['Task'] = config['Topics'].fetch('Task','')
|
23
|
-
@parameters['Informational'] = config['Topics'].fetch('Informational','')
|
24
|
-
end
|
25
|
-
|
26
|
-
@parameters['Critical'] = opts.fetch(:sns_critical,@parameters['Critical'])
|
27
|
-
@parameters['Warning'] = opts.fetch(:sns_warning,@parameters['Warning'])
|
28
|
-
@parameters['Task'] = opts.fetch(:sns_task,@parameters['Task'])
|
29
|
-
@parameters['Informational'] = opts.fetch(:sns_informational,@parameters['Informational'])
|
30
|
-
|
16
|
+
@parameters = parameters
|
31
17
|
@client = Aws::CloudFormation::Client.new()
|
32
18
|
end
|
33
19
|
|
@@ -14,7 +14,6 @@ module CfnGuardian
|
|
14
14
|
|
15
15
|
@alarms.each do |alarm|
|
16
16
|
alarm_name = CfnGuardian::CloudWatch.get_alarm_name(alarm)
|
17
|
-
puts alarm_name
|
18
17
|
rows = [
|
19
18
|
['ResourceId', alarm.resource_id],
|
20
19
|
['ResourceHash', alarm.resource_hash],
|
@@ -52,7 +51,7 @@ module CfnGuardian
|
|
52
51
|
|
53
52
|
@alarms.each do |alarm|
|
54
53
|
alarm_name = CfnGuardian::CloudWatch.get_alarm_name(alarm)
|
55
|
-
metric_alarm = metric_alarms.find {|ma| ma.alarm_name
|
54
|
+
metric_alarm = metric_alarms.find {|ma| ma.alarm_name.include? alarm_name}
|
56
55
|
dimensions = metric_alarm.dimensions.map {|dim| {dim.name.to_sym => dim.value}}.inject(:merge)
|
57
56
|
|
58
57
|
rows = [
|
@@ -3,7 +3,7 @@ require 'digest/md5'
|
|
3
3
|
|
4
4
|
module CfnGuardian
|
5
5
|
module Models
|
6
|
-
class
|
6
|
+
class BaseAlarm
|
7
7
|
|
8
8
|
attr_reader :type,
|
9
9
|
:resource_hash
|
@@ -65,7 +65,7 @@ module CfnGuardian
|
|
65
65
|
end
|
66
66
|
|
67
67
|
|
68
|
-
class ApiGatewayAlarm <
|
68
|
+
class ApiGatewayAlarm < BaseAlarm
|
69
69
|
def initialize(resource)
|
70
70
|
super(resource)
|
71
71
|
@group = 'ApiGateway'
|
@@ -74,7 +74,7 @@ module CfnGuardian
|
|
74
74
|
end
|
75
75
|
end
|
76
76
|
|
77
|
-
class ApplicationTargetGroupAlarm <
|
77
|
+
class ApplicationTargetGroupAlarm < BaseAlarm
|
78
78
|
def initialize(resource)
|
79
79
|
super(resource)
|
80
80
|
@group = 'ApplicationTargetGroup'
|
@@ -86,7 +86,7 @@ module CfnGuardian
|
|
86
86
|
end
|
87
87
|
end
|
88
88
|
|
89
|
-
class AmazonMQBrokerAlarm <
|
89
|
+
class AmazonMQBrokerAlarm < BaseAlarm
|
90
90
|
def initialize(resource)
|
91
91
|
super(resource)
|
92
92
|
@group = 'AmazonMQBroker'
|
@@ -95,7 +95,7 @@ module CfnGuardian
|
|
95
95
|
end
|
96
96
|
end
|
97
97
|
|
98
|
-
class CloudFrontDistributionAlarm <
|
98
|
+
class CloudFrontDistributionAlarm < BaseAlarm
|
99
99
|
def initialize(resource)
|
100
100
|
super(resource)
|
101
101
|
@group = 'CloudFrontDistribution'
|
@@ -109,7 +109,7 @@ module CfnGuardian
|
|
109
109
|
end
|
110
110
|
end
|
111
111
|
|
112
|
-
class AutoScalingGroupAlarm <
|
112
|
+
class AutoScalingGroupAlarm < BaseAlarm
|
113
113
|
def initialize(resource)
|
114
114
|
super(resource)
|
115
115
|
@group = 'AutoScalingGroup'
|
@@ -118,7 +118,7 @@ module CfnGuardian
|
|
118
118
|
end
|
119
119
|
end
|
120
120
|
|
121
|
-
class DomainExpiryAlarm <
|
121
|
+
class DomainExpiryAlarm < BaseAlarm
|
122
122
|
def initialize(resource)
|
123
123
|
super(resource)
|
124
124
|
@group = 'DomainExpiry'
|
@@ -128,7 +128,7 @@ module CfnGuardian
|
|
128
128
|
end
|
129
129
|
end
|
130
130
|
|
131
|
-
class DynamoDBTableAlarm <
|
131
|
+
class DynamoDBTableAlarm < BaseAlarm
|
132
132
|
def initialize(resource)
|
133
133
|
super(resource)
|
134
134
|
@group = 'DynamoDBTable'
|
@@ -137,7 +137,7 @@ module CfnGuardian
|
|
137
137
|
end
|
138
138
|
end
|
139
139
|
|
140
|
-
class Ec2InstanceAlarm <
|
140
|
+
class Ec2InstanceAlarm < BaseAlarm
|
141
141
|
def initialize(resource)
|
142
142
|
super(resource)
|
143
143
|
@group = 'Ec2Instance'
|
@@ -146,7 +146,7 @@ module CfnGuardian
|
|
146
146
|
end
|
147
147
|
end
|
148
148
|
|
149
|
-
class ECSClusterAlarm <
|
149
|
+
class ECSClusterAlarm < BaseAlarm
|
150
150
|
def initialize(resource)
|
151
151
|
super(resource)
|
152
152
|
@group = 'ECSCluster'
|
@@ -158,7 +158,7 @@ module CfnGuardian
|
|
158
158
|
end
|
159
159
|
end
|
160
160
|
|
161
|
-
class ECSServiceAlarm <
|
161
|
+
class ECSServiceAlarm < BaseAlarm
|
162
162
|
def initialize(resource)
|
163
163
|
super(resource)
|
164
164
|
@group = 'ECSService'
|
@@ -170,7 +170,7 @@ module CfnGuardian
|
|
170
170
|
end
|
171
171
|
end
|
172
172
|
|
173
|
-
class ElastiCacheReplicationGroupAlarm <
|
173
|
+
class ElastiCacheReplicationGroupAlarm < BaseAlarm
|
174
174
|
def initialize(resource)
|
175
175
|
super(resource)
|
176
176
|
@group = 'ElastiCacheReplicationGroup'
|
@@ -179,7 +179,7 @@ module CfnGuardian
|
|
179
179
|
end
|
180
180
|
end
|
181
181
|
|
182
|
-
class ElasticLoadBalancerAlarm <
|
182
|
+
class ElasticLoadBalancerAlarm < BaseAlarm
|
183
183
|
def initialize(resource)
|
184
184
|
super(resource)
|
185
185
|
@group = 'ElasticLoadBalancer'
|
@@ -188,7 +188,7 @@ module CfnGuardian
|
|
188
188
|
end
|
189
189
|
end
|
190
190
|
|
191
|
-
class ElasticFileSystemAlarm <
|
191
|
+
class ElasticFileSystemAlarm < BaseAlarm
|
192
192
|
def initialize(resource)
|
193
193
|
super(resource)
|
194
194
|
@group = 'ElasticFileSystem'
|
@@ -197,7 +197,7 @@ module CfnGuardian
|
|
197
197
|
end
|
198
198
|
end
|
199
199
|
|
200
|
-
class HttpAlarm <
|
200
|
+
class HttpAlarm < BaseAlarm
|
201
201
|
def initialize(resource)
|
202
202
|
super(resource)
|
203
203
|
@group = 'Http'
|
@@ -215,7 +215,7 @@ module CfnGuardian
|
|
215
215
|
end
|
216
216
|
end
|
217
217
|
|
218
|
-
class PortAlarm <
|
218
|
+
class PortAlarm < BaseAlarm
|
219
219
|
def initialize(resource)
|
220
220
|
super(resource)
|
221
221
|
@group = 'Port'
|
@@ -233,7 +233,7 @@ module CfnGuardian
|
|
233
233
|
end
|
234
234
|
end
|
235
235
|
|
236
|
-
class SslAlarm <
|
236
|
+
class SslAlarm < BaseAlarm
|
237
237
|
def initialize(resource)
|
238
238
|
super(resource)
|
239
239
|
@group = 'Ssl'
|
@@ -249,7 +249,7 @@ module CfnGuardian
|
|
249
249
|
end
|
250
250
|
end
|
251
251
|
|
252
|
-
class NrpeAlarm <
|
252
|
+
class NrpeAlarm < BaseAlarm
|
253
253
|
def initialize(resource,environment)
|
254
254
|
super(resource)
|
255
255
|
@group = 'Nrpe'
|
@@ -260,7 +260,7 @@ module CfnGuardian
|
|
260
260
|
end
|
261
261
|
end
|
262
262
|
|
263
|
-
class LambdaAlarm <
|
263
|
+
class LambdaAlarm < BaseAlarm
|
264
264
|
def initialize(resource)
|
265
265
|
super(resource)
|
266
266
|
@group = 'Lambda'
|
@@ -271,7 +271,7 @@ module CfnGuardian
|
|
271
271
|
end
|
272
272
|
end
|
273
273
|
|
274
|
-
class NetworkTargetGroupAlarm <
|
274
|
+
class NetworkTargetGroupAlarm < BaseAlarm
|
275
275
|
def initialize(resource)
|
276
276
|
super(resource)
|
277
277
|
@group = 'NetworkTargetGroup'
|
@@ -283,7 +283,7 @@ module CfnGuardian
|
|
283
283
|
end
|
284
284
|
end
|
285
285
|
|
286
|
-
class RedshiftClusterAlarm <
|
286
|
+
class RedshiftClusterAlarm < BaseAlarm
|
287
287
|
def initialize(resource)
|
288
288
|
super(resource)
|
289
289
|
@group = 'RedshiftCluster'
|
@@ -292,7 +292,7 @@ module CfnGuardian
|
|
292
292
|
end
|
293
293
|
end
|
294
294
|
|
295
|
-
class RDSClusterInstanceAlarm <
|
295
|
+
class RDSClusterInstanceAlarm < BaseAlarm
|
296
296
|
def initialize(resource)
|
297
297
|
super(resource)
|
298
298
|
@group = 'RDSClusterInstance'
|
@@ -301,7 +301,7 @@ module CfnGuardian
|
|
301
301
|
end
|
302
302
|
end
|
303
303
|
|
304
|
-
class RDSInstanceAlarm <
|
304
|
+
class RDSInstanceAlarm < BaseAlarm
|
305
305
|
def initialize(resource)
|
306
306
|
super(resource)
|
307
307
|
@group = 'RDSInstance'
|
@@ -310,7 +310,7 @@ module CfnGuardian
|
|
310
310
|
end
|
311
311
|
end
|
312
312
|
|
313
|
-
class SqlAlarm <
|
313
|
+
class SqlAlarm < BaseAlarm
|
314
314
|
def initialize(resource)
|
315
315
|
super(resource)
|
316
316
|
@group = 'Sql'
|
@@ -321,7 +321,7 @@ module CfnGuardian
|
|
321
321
|
end
|
322
322
|
end
|
323
323
|
|
324
|
-
class SQSQueueAlarm <
|
324
|
+
class SQSQueueAlarm < BaseAlarm
|
325
325
|
def initialize(resource)
|
326
326
|
super(resource)
|
327
327
|
@group = 'SQSQueue'
|
@@ -332,7 +332,7 @@ module CfnGuardian
|
|
332
332
|
end
|
333
333
|
end
|
334
334
|
|
335
|
-
class LogGroupAlarm <
|
335
|
+
class LogGroupAlarm < BaseAlarm
|
336
336
|
def initialize(resource)
|
337
337
|
super(resource)
|
338
338
|
@group = 'LogGroup'
|
@@ -344,7 +344,7 @@ module CfnGuardian
|
|
344
344
|
end
|
345
345
|
end
|
346
346
|
|
347
|
-
class SFTPAlarm <
|
347
|
+
class SFTPAlarm < BaseAlarm
|
348
348
|
def initialize(resource)
|
349
349
|
super(resource)
|
350
350
|
@group = 'SFTP'
|
@@ -362,7 +362,7 @@ module CfnGuardian
|
|
362
362
|
end
|
363
363
|
end
|
364
364
|
|
365
|
-
class TLSAlarm <
|
365
|
+
class TLSAlarm < BaseAlarm
|
366
366
|
def initialize(resource)
|
367
367
|
super(resource)
|
368
368
|
@group = 'TLS'
|
@@ -375,6 +375,18 @@ module CfnGuardian
|
|
375
375
|
@evaluation_periods = 1
|
376
376
|
end
|
377
377
|
end
|
378
|
+
|
379
|
+
class AzureFileAlarm < BaseAlarm
|
380
|
+
def initialize(resource)
|
381
|
+
super(resource)
|
382
|
+
@group = 'AzureFile'
|
383
|
+
@namespace = 'FileAgeCheck'
|
384
|
+
@period = 300
|
385
|
+
@comparison_operator = 'GreaterThanThreshold'
|
386
|
+
@threshold = 0
|
387
|
+
@dimensions = { StorageAccount: resource['Id'], StorageContainer: resource['Container'] }
|
388
|
+
end
|
389
|
+
end
|
378
390
|
|
379
391
|
end
|
380
392
|
end
|