cfn-guardian 0.4.0 → 0.6.2

data/lib/cfnguardian/resources/ec2_instance.rb

@@ -19,6 +19,17 @@ module CfnGuardian
         @alarms.push(alarm)
       end
       
+      def default_event_subscriptions()
+        event_subscription = CfnGuardian::Models::Ec2InstanceEventSubscription.new(@resource)
+        event_subscription.name = 'InstanceTerminated'
+        event_subscription.detail_type = 'EC2 Instance State-change Notification'
+        event_subscription.detail = {
+          'instance-id' => [@resource['Id']],
+          'state' => ['terminated']
+        }
+        @event_subscriptions.push(event_subscription)
+      end
+
     end
   end
 end

data/lib/cfnguardian/resources/http.rb

@@ -41,6 +41,7 @@ module CfnGuardian::Resource
         alarm = CfnGuardian::Models::SslAlarm.new(@resource)
         alarm.name = 'ExpiresInDaysTask'
         alarm.metric_name = 'ExpiresInDays'
+        alarm.alarm_action = 'Task'
         alarm.threshold = 30
         @alarms.push(alarm)
       end

data/lib/cfnguardian/resources/rds_cluster.rb

@@ -0,0 +1,14 @@
+module CfnGuardian::Resource
+    class RDSCluster < Base
+           
+      def default_event_subscriptions()
+        event_subscription = CfnGuardian::Models::RDSClusterEventSubscription.new(@resource)
+        event_subscription.name = 'FailoverFailed'
+        event_subscription.rds_event_category = 'failover'
+        event_subscription.message = 'A failover for the DB cluster has failed.'
+        @event_subscriptions.push(event_subscription)
+      end
+  
+    end
+  end
+  

data/lib/cfnguardian/resources/rds_instance.rb

@@ -43,5 +43,76 @@ module CfnGuardian::Resource
       @alarms.push(alarm)
     end
     
+    def default_event_subscriptions()
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'MasterPasswordReset'
+      event_subscription.rds_event_category = 'configuration change'
+      event_subscription.message = 'The master password for the DB instance has been reset.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'MasterPasswordResetFailure'
+      event_subscription.rds_event_category = 'configuration change'
+      event_subscription.message = 'An attempt to reset the master password for the DB instance has failed.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'Deletion'
+      event_subscription.rds_event_category = 'deletion'
+      event_subscription.message = 'The DB instance has been deleted.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'MultiAZFailoverStarted'
+      event_subscription.rds_event_category = 'failover'
+      event_subscription.message = 'A Multi-AZ failover that resulted in the promotion of a standby instance has started.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'MultiAZFailoverComplete'
+      event_subscription.rds_event_category = 'failover'
+      event_subscription.message = 'A Multi-AZ failover has completed.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'DBFailure'
+      event_subscription.rds_event_category = 'failure'
+      event_subscription.message = 'The DB instance has failed due to an incompatible configuration or an underlying storage issue. Begin a point-in-time-restore for the DB instance.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'TableCountExceedsRecommended'
+      event_subscription.rds_event_category = 'notification'
+      event_subscription.message = 'The number of tables you have for your DB instance exceeds the recommended best practices for Amazon RDS.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'DatabasesCountExceedsRecommended'
+      event_subscription.rds_event_category = 'notification'
+      event_subscription.message = 'The number of databases you have for your DB instance exceeds the recommended best practices for Amazon RDS.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'ReplicationFailure'
+      event_subscription.enabled = false
+      event_subscription.rds_event_category = 'read replica'
+      event_subscription.message = 'An error has occurred in the read replication process.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'ReplicationTerminated'
+      event_subscription.enabled = false
+      event_subscription.rds_event_category = 'read replica'
+      event_subscription.message = 'Replication on the read replica was terminated.'
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::RDSInstanceEventSubscription.new(@resource)
+      event_subscription.name = 'ReplicationStopped'
+      event_subscription.enabled = false
+      event_subscription.rds_event_category = 'read replica'
+      event_subscription.message = 'Replication on the read replica was manually stopped.'
+      @event_subscriptions.push(event_subscription)
+    end
+
   end
 end

data/lib/cfnguardian/stacks/main.rb

@@ -31,9 +31,9 @@ module CfnGuardian
         end
         
         add_iam_role(ssm_parameters)
-        
+                
         checks.each {|check| parameters["#{check.name}Function#{check.environment}"] = add_lambda(check)}
-        stacks.each {|stack| add_stack(stack['Name'],stack['TemplateURL'],parameters)}
+        stacks.each {|stack| add_stack(stack['Name'],stack['TemplateURL'],parameters,stack['Reference'])}
         
         @parameters = parameters.keys
       end
@@ -131,9 +131,9 @@ module CfnGuardian
               S3Key: "#{check.package}/master/#{check.version}.zip"
             })
             Handler check.handler
-            MemorySize 128
+            MemorySize check.memory
             Runtime check.runtime
-            Timeout 120
+            Timeout check.timeout
             Role FnGetAtt(:LambdaExecutionRole, :Arn)
             VpcConfig vpc_config unless vpc_config.empty?
             Tags([
@@ -152,14 +152,15 @@ module CfnGuardian
         return FnGetAtt("#{check.name}Function#{check.environment}", :Arn)
       end
       
-      def add_stack(name,url,stack_parameters)
+      def add_stack(name,url,stack_parameters,stack_id)
         @template.declare do
           CloudFormation_Stack(name) do
             Parameters stack_parameters
             TemplateURL url
             TimeoutInMinutes 15
             Tags([
-              { Key: 'Name', Value: "guardian-stack-#{name}" }
+              { Key: 'Name', Value: "guardian-stack-#{name}" },
+              { Key: 'guardian:stack-id', Value: "stk#{stack_id}"}
             ])
           end
         end

data/lib/cfnguardian/stacks/resources.rb

@@ -9,8 +9,10 @@ module CfnGuardian
       
       attr_reader :template
       
-      def initialize(parameters)
-        @template = CloudFormation("Guardian nested stack")
+      def initialize(parameters,stack_id)
+        @stack_id = stack_id
+
+        @template = CloudFormation("Guardian nested - stack-id:stk#{@stack_id}")
         parameters.each do |name|
           parameter = @template.Parameter(name)
           parameter.Type 'String'
@@ -28,6 +30,8 @@ module CfnGuardian
             add_composite_alarm(resource)
           when 'MetricFilter'
             add_metric_filter(resource)
+          when 'EventSubscription'
+            add_event_subscription(resource)
           else
             puts "Warn: #{resource.type} is a unsuported resource type"
           end
@@ -37,16 +41,17 @@ module CfnGuardian
       def add_alarm(alarm)
         actions = alarm.alarm_action.kind_of?(Array) ? alarm.alarm_action.map{|action| Ref(action)} : [Ref(alarm.alarm_action)]
         actions.concat alarm.maintenance_groups.map {|mg| Ref(mg)} if alarm.maintenance_groups.any?
+        stack_id = @stack_id
 
         @template.declare do
           CloudWatch_Alarm("#{alarm.resource_hash}#{alarm.group}#{alarm.name.gsub(/[^0-9a-zA-Z]/i, '')}#{alarm.type}"[0..255]) do
             ActionsEnabled true
             AlarmDescription "Guardian alarm #{alarm.name} for the resource #{alarm.resource_id} in alarm group #{alarm.group}"
-            AlarmName CfnGuardian::CloudWatch.get_alarm_name(alarm)
+            AlarmName CfnGuardian::CloudWatch.get_alarm_name(alarm) + "-stk#{stack_id}"
             ComparisonOperator alarm.comparison_operator
             Dimensions alarm.dimensions.map {|k,v| {Name: k, Value: v}} unless alarm.dimensions.nil?
             EvaluationPeriods alarm.evaluation_periods
-            Statistic alarm.statistic
+            Statistic alarm.statistic if alarm.extended_statistic.nil?
             Period alarm.period
             Threshold alarm.threshold
             MetricName alarm.metric_name
@@ -80,11 +85,13 @@ module CfnGuardian
       end
       
       def add_composite_alarm(alarm)
+        stack_id = @stack_id
+
         @template.declare do
           CloudWatch_CompositeAlarm(alarm.name.gsub(/[^0-9a-zA-Z]/i, '')) do
             
             AlarmDescription alarm.description
-            AlarmName "guardian-#{alarm.name}"
+            AlarmName "guardian-#{alarm.name}-stk#{stack_id}"
             AlarmRule alarm.rule
             
             unless alarm.alarm_action.nil?
@@ -113,6 +120,28 @@ module CfnGuardian
           end
         end
       end
+
+      def add_event_subscription(subscription)
+        event_pattern = {}
+        event_pattern['detail-type'] = [subscription.detail_type]
+        event_pattern['source'] = [subscription.source]
+        event_pattern['resources'] = [subscription.resource_arn] unless subscription.resource_arn.empty?
+        event_pattern['detail'] = subscription.detail unless subscription.detail.empty?
+
+        @template.declare do
+          Events_Rule("#{subscription.group}#{subscription.name}#{subscription.hash}"[0..255]) do
+            State subscription.enabled ? 'ENABLED' : 'DISABLED'
+            Description "Guardian event subscription #{subscription.group} #{subscription.name} for resource #{subscription.resource_id}"
+            EventPattern event_pattern
+            Targets [
+              {
+                Arn: Ref(subscription.topic),
+                Id: "#{subscription.topic}Notifier"
+              }
+            ]
+          end
+        end
+      end
       
     end
   end

data/lib/cfnguardian/version.rb

@@ -1,4 +1,4 @@
 module CfnGuardian
-  VERSION = "0.4.0"
+  VERSION = "0.6.2"
   CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-guardian
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.6.2
 platform: ruby
 authors:
 - Guslington
-autorequire:
+autorequire: 
 bindir: exe
 cert_chain: []
-date: 2020-08-06 00:00:00.000000000 Z
+date: 2021-02-04 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -204,14 +204,14 @@ dependencies:
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - "~>"
       - !ruby/object:Gem::Version
-        version: '10.0'
+        version: '13.0'
 description: Manages AWS cloudwatch alarms with default templates using cloudformation
 email:
 - itsupport@base2services.com
@@ -221,7 +221,11 @@ extensions: []
 extra_rdoc_files: []
 files:
 - ".dockerignore"
+- ".github/workflows/build-gem.yml"
+- ".github/workflows/release-gem.yml"
+- ".github/workflows/release-image.yml"
 - ".gitignore"
+- ".rspec"
 - Dockerfile
 - Gemfile
 - Gemfile.lock
@@ -229,6 +233,25 @@ files:
 - README.md
 - Rakefile
 - cfn-guardian.gemspec
+- docs/alarm_templates.md
+- docs/cli.md
+- docs/composite_alarms.md
+- docs/custom_checks/azure_file_check.md
+- docs/custom_checks/domain_expiry.md
+- docs/custom_checks/http.md
+- docs/custom_checks/log_group_metric_filters.md
+- docs/custom_checks/nrpe.md
+- docs/custom_checks/port.md
+- docs/custom_checks/sftp.md
+- docs/custom_checks/sql.md
+- docs/custom_checks/tls.md
+- docs/custom_metrics.md
+- docs/event_subscriptions.md
+- docs/maintenance_mode.md
+- docs/notifiers.md
+- docs/overview.md
+- docs/resources.md
+- docs/variables.md
 - exe/cfn-guardian
 - lib/cfnguardian.rb
 - lib/cfnguardian/cloudwatch.rb
@@ -239,16 +262,19 @@ files:
 - lib/cfnguardian/deploy.rb
 - lib/cfnguardian/display_formatter.rb
 - lib/cfnguardian/drift.rb
+- lib/cfnguardian/error.rb
 - lib/cfnguardian/log.rb
 - lib/cfnguardian/models/alarm.rb
 - lib/cfnguardian/models/check.rb
 - lib/cfnguardian/models/composite.rb
 - lib/cfnguardian/models/event.rb
+- lib/cfnguardian/models/event_subscription.rb
 - lib/cfnguardian/models/metric_filter.rb
 - lib/cfnguardian/resources/amazonmq_broker.rb
 - lib/cfnguardian/resources/apigateway.rb
 - lib/cfnguardian/resources/application_targetgroup.rb
 - lib/cfnguardian/resources/autoscaling_group.rb
+- lib/cfnguardian/resources/azure_file.rb
 - lib/cfnguardian/resources/base.rb
 - lib/cfnguardian/resources/cloudfront_distribution.rb
 - lib/cfnguardian/resources/domain_expiry.rb
@@ -268,6 +294,7 @@ files:
 - lib/cfnguardian/resources/network_targetgroup.rb
 - lib/cfnguardian/resources/nrpe.rb
 - lib/cfnguardian/resources/port.rb
+- lib/cfnguardian/resources/rds_cluster.rb
 - lib/cfnguardian/resources/rds_cluster_instance.rb
 - lib/cfnguardian/resources/rds_instance.rb
 - lib/cfnguardian/resources/redshift_cluster.rb
@@ -285,11 +312,10 @@ homepage: https://github.com/base2Services/cfn-guardian
 licenses:
 - MIT
 metadata:
-  allowed_push_host: https://rubygems.org
   homepage_uri: https://github.com/base2Services/cfn-guardian
   source_code_uri: https://github.com/base2Services/cfn-guardian
   changelog_uri: https://github.com/base2Services/cfn-guardian
-post_install_message:
+post_install_message: 
 rdoc_options: []
 require_paths:
 - lib
@@ -304,9 +330,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project:
-rubygems_version: 2.7.6
-signing_key:
+rubygems_version: 3.1.4
+signing_key: 
 specification_version: 4
 summary: Manages AWS cloudwatch alarms with default templates using cloudformation
 test_files: []