cfn-guardian 0.6.4 → 0.6.9

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 9df1f4d7843a5283660b98138d46976465f2e64418c9a76b9a88cfb8ce8d2c59
-  data.tar.gz: f05a68bf8dc81f31f70185e79f9aedce3497d0087013d9ed1bc5738786b3b3ea
+  metadata.gz: f67555f251f3b3722588f632934e2b620bf766e039c18978b401d177e2c4d7df
+  data.tar.gz: f7e27d27ef3b7e5276bee5b76346a0be1194026316d20f12bfe5f924c87ef742
 SHA512:
-  metadata.gz: 1bafaf7b5dcbb19b3b3365cc514683426e1f26e98ad9c516606e20ca7463ab2de9fa102c0ac2a9e4bdbdf76b107c2c7f0c02e24f26894944d5d3429f055ad551
-  data.tar.gz: 833a797750326a35d09cd96b1fc1d9e0d895793962da45e75dcf01c0197a1ad9283222e7c0ccadcf319446684eb5b66f4ce4b544012f5a7f01bc68efc2f20d57
+  metadata.gz: fae3f10ea6abbc18e8907b67ea52191ca245d45bf7a5dc7eb22a7510d2cb15522079eda8248420dbcba1280bb0cdf6680d2670612927a68aeb8d6fe4f84c4783
+  data.tar.gz: 467a2121d1e783ca38d19f43d2fc3708af8317b3c4297d171fe3f91cc1b9d6d58d417478d9b0236c38b94a2cac999e835da660cb2d642f2f2a72f2563c11830d

data/Dockerfile

@@ -1,6 +1,6 @@
 FROM ruby:2.7-alpine
 
-ARG GUARDIAN_VERSION="0.2.2"
+ARG GUARDIAN_VERSION="0.6.9"
 
 COPY . /src
 
@@ -16,4 +16,4 @@ RUN addgroup -g 1000 guardian && \
 
 USER guardian
 
-RUN cfndsl -u 11.5.0
+RUN cfndsl -u 11.5.0

data/docs/custom_checks/ecs_container_instance_check.md

@@ -0,0 +1,18 @@
+# ECS Container Instance Check
+
+Source: https://github.com/base2Services/aws-lambda-ecs-container-instance-check
+
+Checks the agent status of a ECS container instance for a ECS cluster. 
+This check and alarms are created by default when a ECS cluster resource is specified in the config.
+
+```yaml
+Resources:
+  ECSCluster:
+  - Id: my-cluster
+
+Templates:
+  ECSCluster:
+    # override the alarm defaults
+    ECSContianerInstancesDisconnected:
+      ...
+```

data/docs/overview.md

@@ -14,6 +14,7 @@
     7. [SQL](custom_checks/sql.md)
     8. [TLS](custom_checks/tls.md)
     9. [Azure File Check](custom_checks/azure_file_check.md)
+    10. [ECS Container Instance Check](custom_checks/ecs_container_instance_check.md)
 5. [Event Subscriptions](event_subscriptions.md)
 6. [Notifiers](notifiers.md)
 7. [Maintenance Mode](maintenance_mode.md)

data/lib/cfnguardian.rb

@@ -299,14 +299,18 @@ module CfnGuardian
     LONG
     method_option :region, aliases: :r, type: :string, desc: "set the AWS region"
     method_option :repository, type: :string, default: 'guardian', desc: "codecommit repository name"
+    method_option :branch, type: :string, default: 'master', desc: "codecommit branch"
+    method_option :count, type: :numeric, default: 10, desc: "number of last commits to retrieve"
     
     def show_config_history
       set_region(options[:region],true)
     
-      history = CfnGuardian::CodeCommit.new(options[:repository]).get_commit_history()
-      puts Terminal::Table.new(
-        :headings => history.first.keys.map{|h| h.to_s.to_heading}, 
-        :rows => history.map(&:values))
+      history = CfnGuardian::CodeCommit.new(options[:repository]).get_commit_history(options[:branch], options[:count])
+      if history.any?
+        puts Terminal::Table.new(
+          :headings => history.first.keys.map{|h| h.to_s.to_heading}, 
+          :rows => history.map(&:values))
+      end
     end
     
     desc "show-pipeline", "Shows the current state of the AWS code pipeline"

data/lib/cfnguardian/codecommit.rb

@@ -19,9 +19,18 @@ module CfnGuardian
       return resp.branch.commit_id
     end
     
-    def get_commit_history(branch='master',count=10)
+    def get_commit_history(branch,count)
       history = []
-      commit = get_last_commit(branch)
+
+      begin
+        commit = get_last_commit(branch)
+      rescue Aws::CodeCommit::Errors::BranchDoesNotExistException => e
+        logger.error "Branch #{branch} does not exist in the #{@repo_name} repository"
+        return []
+      rescue Aws::CodeCommit::Errors::RepositoryDoesNotExistException => e
+        logger.error "Respository #{@repo_name} does not exist in this AWS account or region"
+        return []
+      end
       
       count.times do
         

data/lib/cfnguardian/compile.rb

@@ -37,6 +37,11 @@ require 'cfnguardian/resources/internal_sftp'
 require 'cfnguardian/resources/tls'
 require 'cfnguardian/resources/azure_file'
 require 'cfnguardian/resources/amazonmq_rabbitmq'
+require 'cfnguardian/resources/batch'
+require 'cfnguardian/resources/glue'
+require 'cfnguardian/resources/step_functions'
+require 'cfnguardian/resources/vpn_tunnel'
+require 'cfnguardian/resources/vpn_connection'
 require 'cfnguardian/version'
 require 'cfnguardian/error'
 

data/lib/cfnguardian/config/defaults.yaml

@@ -100,4 +100,8 @@ Resources:
         Query: Default
   SQSQueue:
   - Id: Default
+  VPNTunnel:
+  - Id: Default
+  VPNConnection:
+  - Id: Default
   

data/lib/cfnguardian/models/alarm.rb

@@ -343,7 +343,31 @@ module CfnGuardian
         @dimensions = { DBInstanceIdentifier: resource['Id'] }
       end
     end
-    
+
+    class StepFunctionsAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'StepFunctions'
+        @namespace = 'AWS/States'
+        @dimensions = { StateMachineArn: { "Fn::Sub" => "arn:aws:states:${AWS::Region}:${AWS::AccountId}:stateMachine:#{resource['Id']}"} }
+      end
+    end
+
+    class BatchAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'Batch'
+      end
+    end
+
+    class GlueAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'Batch'
+        @namespace = 'Glue'
+      end
+    end
+
     class SqlAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
@@ -421,6 +445,28 @@ module CfnGuardian
         @dimensions = { StorageAccount: resource['Id'], StorageContainer: resource['Container'] }
       end
     end
-    
+
+    class VPNTunnelAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'VPNTunnel'
+        @namespace = 'AWS/VPN'
+        @dimensions = {
+          TunnelIpAddress: resource['Id']
+        }
+      end
+    end
+
+    class VPNConnectionAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'VPNConnection'
+        @namespace = 'AWS/VPN'
+        @dimensions = {
+          VpnId: resource['Id']
+        }
+      end
+    end
+
   end
 end

data/lib/cfnguardian/models/event_subscription.rb

@@ -1,96 +1,113 @@
 module CfnGuardian
-    module Models
-        class BaseEventSubscription
-            
-            attr_reader :type, :group
-            attr_writer :detail
-            attr_accessor :name,
-                :enabled,
-                :hash,
-                :topic,
-                :resource_id,
-                :resource_arn,
-                :source,
-                :detail_type,
-                :detail
+  module Models
+    class BaseEventSubscription
+        
+      attr_reader :type, :group
+      attr_writer :detail
+      attr_accessor :name,
+        :enabled,
+        :hash,
+        :topic,
+        :resource_id,
+        :resource_arn,
+        :source,
+        :detail_type,
+        :detail
 
-            def initialize(resource)
-                @type = 'EventSubscription'
-                @group = self.class.name.split('::').last
-                @name = ''
-                @hash = Digest::MD5.hexdigest resource['Id']
-                @enabled = true
-                @events = []
-                @topic = 'Events'
-                @resource_id = resource['Id']
-                @resource_arn = ''
-                @source = ''
-                @detail_type = ''
-                @detail = {}
-            end
+      def initialize(resource)
+        @type = 'EventSubscription'
+        @group = self.class.name.split('::').last
+        @name = ''
+        @hash = Digest::MD5.hexdigest resource['Id']
+        @enabled = true
+        @events = []
+        @topic = 'Events'
+        @resource_id = resource['Id']
+        @resource_arn = ''
+        @source = ''
+        @detail_type = ''
+        @detail = {}
+      end
 
-            def detail
-                return @detail
-            end
-        end
+      def detail
+        return @detail
+      end
+    end
+
+    class RDSEventSubscription < BaseEventSubscription
+      attr_accessor :source_id, :rds_event_category, :message
 
-        class RDSEventSubscription < BaseEventSubscription
-            attr_accessor :source_id, :rds_event_category, :message
+      def initialize(resource)
+        super(resource)
+        @source = 'aws.rds'
+        @detail_type = 'RDS DB Instance Event'
+        @source_id = ''
+        @rds_event_category = ''
+        @message = ''
+      end
 
-            def initialize(resource)
-                super(resource)
-                @source = 'aws.rds'
-                @detail_type = 'RDS DB Instance Event'
-                @source_id = ''
-                @rds_event_category = ''
-                @message = ''
-            end
+      def detail
+        return {
+          EventCategories: [@rds_event_category],
+          SourceType: [@source_type],
+          SourceIdentifier: ["rds:#{@resource_id}"],
+          Message: [@message]
+        }
+      end
+    end
 
-            def detail
-                return {
-                    EventCategories: [@rds_event_category],
-                    SourceType: [@source_type],
-                    SourceIdentifier: ["rds:#{@resource_id}"],
-                    Message: [@message]
-                }
-            end
-        end
+    class RDSInstanceEventSubscription < RDSEventSubscription
+      def initialize(resource)
+        super(resource)
+        @source_type = 'DB_INSTANCE'
+      end
+    end
 
-        class RDSInstanceEventSubscription < RDSEventSubscription
-            def initialize(resource)
-                super(resource)
-                @source_type = 'DB_INSTANCE'
-            end
-        end
+    class RDSClusterEventSubscription < RDSEventSubscription
+      def initialize(resource)
+        super(resource)
+        @source_type = 'DB_CLUSTER'
+      end
+    end
 
-        class RDSClusterEventSubscription < RDSEventSubscription
-            def initialize(resource)
-                super(resource)
-                @source_type = 'DB_CLUSTER'
-            end
-        end
+    class Ec2InstanceEventSubscription < BaseEventSubscription
+      def initialize(resource)
+        super(resource)
+        @source = 'aws.ec2'
+      end
+    end
 
-        class Ec2InstanceEventSubscription < BaseEventSubscription
-            def initialize(resource)
-                super(resource)
-                @source = 'aws.ec2'
-            end
-        end
+    class BatchEventSubscription < BaseEventSubscription
+      def initialize(resource)
+        super(resource)
+        @source = 'aws.batch'
+      end
+    end
 
-        class ApiGatewayEventSubscription < BaseEventSubscription; end
-        class ApplicationTargetGroupEventSubscription < BaseEventSubscription; end
-        class AmazonMQBrokerEventSubscription < BaseEventSubscription; end
-        class CloudFrontDistributionEventSubscription < BaseEventSubscription; end
-        class AutoScalingGroupEventSubscription < BaseEventSubscription; end
-        class DynamoDBTableEventSubscription < BaseEventSubscription; end
-        class Ec2InstanceEventSubscription < BaseEventSubscription; end
-        class ECSClusterEventSubscription < BaseEventSubscription; end
-        class ECSServiceEventSubscription < BaseEventSubscription; end
-        class ElastiCacheReplicationGroupEventSubscription < BaseEventSubscription; end
-        class ElasticLoadBalancerEventSubscription < BaseEventSubscription; end
-        class ElasticFileSystemEventSubscription < BaseEventSubscription; end
-        class LambdaEventSubscription < BaseEventSubscription; end
-        class NetworkTargetGroupEventSubscription < BaseEventSubscription; end
-        class RedshiftClusterEventSubscription < BaseEventSubscription; end
+    class GlueEventSubscription < BaseEventSubscription
+      def initialize(resource)
+        super(resource)
+        @source = 'aws.glue'
+      end
     end
+
+    class ApiGatewayEventSubscription < BaseEventSubscription; end
+    class ApplicationTargetGroupEventSubscription < BaseEventSubscription; end
+    class AmazonMQBrokerEventSubscription < BaseEventSubscription; end
+    class CloudFrontDistributionEventSubscription < BaseEventSubscription; end
+    class AutoScalingGroupEventSubscription < BaseEventSubscription; end
+    class DynamoDBTableEventSubscription < BaseEventSubscription; end
+    class Ec2InstanceEventSubscription < BaseEventSubscription; end
+    class ECSClusterEventSubscription < BaseEventSubscription; end
+    class ECSServiceEventSubscription < BaseEventSubscription; end
+    class ElastiCacheReplicationGroupEventSubscription < BaseEventSubscription; end
+    class ElasticLoadBalancerEventSubscription < BaseEventSubscription; end
+    class ElasticFileSystemEventSubscription < BaseEventSubscription; end
+    class LambdaEventSubscription < BaseEventSubscription; end
+    class NetworkTargetGroupEventSubscription < BaseEventSubscription; end
+    class RedshiftClusterEventSubscription < BaseEventSubscription; end
+    class StepFunctionsSubscription < BaseEventSubscription; end
+    class VPNTunnelEventSubscription < BaseEventSubscription; end
+    class VPNConnectionEventSubscription < BaseEventSubscription; end
+  end
 end

data/lib/cfnguardian/resources/base.rb

@@ -108,7 +108,7 @@ module CfnGuardian::Resource
       @alarms.each do |alarm|
         next if alarm.dimensions.nil?
         alarm.dimensions.each do |k,v|
-          if v.match?(/^\${Resource::.*[A-Za-z]}$/)
+          if v.is_a?(String) && v.match?(/^\${Resource::.*[A-Za-z]}$/)
             resource_key = v.tr('${}', '').split('Resource::').last
             if @resource.has_key?(resource_key)
               logger.debug "overriding alarm #{alarm.name} dimension key '#{k}' with value '#{@resource[resource_key]}'" 

data/lib/cfnguardian/resources/batch.rb

@@ -0,0 +1,14 @@
+module CfnGuardian::Resource
+  class Batch < Base
+    def default_event_subscriptions()
+      event_subscription = CfnGuardian::Models::BatchEventSubscription.new(@resource)
+      event_subscription.name = 'FailedBatch'
+      event_subscription.detail_type = 'Batch Job State Change'
+      event_subscription.detail = {
+        'status': ['FAILED'],
+        'jobQueue': ["arn:aws:batch:${AWS::Region}:${AWS::AccountId}:job-queue/#{@resource['Id']}"]
+      }
+      @event_subscriptions.push(event_subscription)
+    end
+  end
+end

data/lib/cfnguardian/resources/ec2_instance.rb

@@ -17,6 +17,17 @@ module CfnGuardian
         alarm.threshold = 90
         alarm.evaluation_periods = 10
         @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::Ec2InstanceAlarm.new(@resource)
+        alarm.name = 'CPUCreditBalanceLow'
+        alarm.metric_name = 'CPUCreditBalance'
+        alarm.comparison_operator = 'LessThanThreshold'
+        alarm.statistic = 'Minimum'
+        alarm.threshold = 100
+        alarm.evaluation_periods = 5
+        alarm.treat_missing_data = 'notBreaching'
+        alarm.datapoints_to_alarm = 5
+        @alarms.push(alarm)
       end
       
       def default_event_subscriptions()

data/lib/cfnguardian/resources/elastic_file_system.rb

@@ -11,6 +11,17 @@ module CfnGuardian
         alarm.evaluation_periods = 5
         alarm.statistic = 'Minimum'
         @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::ElasticFileSystemAlarm.new(@resource)
+        alarm.name = 'BurstCreditBalanceLow'
+        alarm.metric_name = 'BurstCreditBalance'
+        alarm.comparison_operator = 'LessThanThreshold'
+        alarm.statistic = 'Minimum'
+        alarm.threshold = 1000000000000
+        alarm.evaluation_periods = 5
+        alarm.treat_missing_data = 'notBreaching'
+        alarm.datapoints_to_alarm = 5
+        @alarms.push(alarm)
       end
     end
   end

data/lib/cfnguardian/resources/glue.rb

@@ -0,0 +1,23 @@
+module CfnGuardian::Resource
+  class Glue < Base
+    def default_event_subscriptions()
+      event_subscription = CfnGuardian::Models::BatchEventSubscription.new(@resource)
+      event_subscription.name = 'FailedGlueJob'
+      event_subscription.detail_type = 'Glue Job State Change'
+      event_subscription.detail = {
+        'state': ['FAILED'],
+        'jobName': [{'prefix': @resource['Id']}]
+      }
+      @event_subscriptions.push(event_subscription)
+
+      event_subscription = CfnGuardian::Models::BatchEventSubscription.new(@resource)
+      event_subscription.name = 'TimeoutGlueJob'
+      event_subscription.detail_type = 'Glue Job State Change'
+      event_subscription.detail = {
+        'state': ['TIMEOUT'],
+        'jobName': [{'prefix': @resource['Id']}]
+      }
+      @event_subscriptions.push(event_subscription)
+    end
+  end
+end

data/lib/cfnguardian/resources/redshift_cluster.rb

@@ -1,14 +1,14 @@
 module CfnGuardian::Resource
   class RedshiftCluster < Base
-      
-    def default_alarms    
+
+    def default_alarms
       alarm = CfnGuardian::Models::RedshiftClusterAlarm.new(@resource)
       alarm.name = 'CPUUtilizationHighSpike'
       alarm.metric_name = 'CPUUtilization'
       alarm.threshold = 95
       alarm.evaluation_periods = 10
       @alarms.push(alarm)
-      
+
       alarm = CfnGuardian::Models::RedshiftClusterAlarm.new(@resource)
       alarm.name = 'CPUUtilizationHighBase'
       alarm.metric_name = 'CPUUtilization'
@@ -16,7 +16,7 @@ module CfnGuardian::Resource
       alarm.evaluation_periods = 60
       alarm.alarm_action = 'Warning'
       @alarms.push(alarm)
-      
+
       alarm = CfnGuardian::Models::RedshiftClusterAlarm.new(@resource)
       alarm.name = 'UnHealthyCluster'
       alarm.metric_name = 'HealthStatus'
@@ -24,7 +24,24 @@ module CfnGuardian::Resource
       alarm.threshold = 1
       alarm.evaluation_periods = 10
       @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::RedshiftClusterAlarm.new(@resource)
+      alarm.name = 'DiskSpaceUsedCrit'
+      alarm.metric_name = 'PercentageDiskSpaceUsed'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.threshold = 90
+      alarm.evaluation_periods = 10
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::RedshiftClusterAlarm.new(@resource)
+      alarm.name = 'DiskSpaceUsedWarm'
+      alarm.metric_name = 'PercentageDiskSpaceUsed'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.threshold = 80
+      alarm.evaluation_periods = 10
+      alarm.alarm_action = 'Warning'
+      @alarms.push(alarm)
     end
-    
+
   end
 end

data/lib/cfnguardian/resources/step_functions.rb

@@ -0,0 +1,41 @@
+module CfnGuardian::Resource
+  class StepFunctions < Base
+      
+    def default_alarms    
+      alarm = CfnGuardian::Models::StepFunctionsAlarm.new(@resource)
+      alarm.name = 'ExecutionsFailed'
+      alarm.metric_name = 'ExecutionsFailed'
+      alarm.threshold = 1
+      alarm.evaluation_periods = 5
+      alarm.treat_missing_data = 'notBreaching'
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::StepFunctionsAlarm.new(@resource)
+      alarm.name = 'ExecutionsTimedOut'
+      alarm.metric_name = 'ExecutionsTimedOut'
+      alarm.threshold = 1
+      alarm.evaluation_periods = 5
+      alarm.treat_missing_data = 'notBreaching'
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::StepFunctionsAlarm.new(@resource)
+      alarm.name = 'ExecutionThrottled'
+      alarm.metric_name = 'ExecutionThrottled'
+      alarm.threshold = 1
+      alarm.evaluation_periods = 5
+      alarm.alarm_action = 'Warning'
+      alarm.treat_missing_data = 'notBreaching'
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::StepFunctionsAlarm.new(@resource)
+      alarm.name = 'ExecutionTime'
+      alarm.metric_name = 'ExecutionTime'
+      alarm.threshold = 60
+      alarm.evaluation_periods = 5
+      alarm.alarm_action = 'Warning'
+      alarm.treat_missing_data = 'notBreaching'
+      @alarms.push(alarm)
+    end
+      
+  end
+end

data/lib/cfnguardian/resources/vpn_connection.rb

@@ -0,0 +1,18 @@
+module CfnGuardian::Resource
+    class VPNConnection < Base
+      
+      def default_alarms    
+        alarm = CfnGuardian::Models::VPNConnectionAlarm.new(@resource)
+        alarm.name = 'VPNConnectionState'
+        alarm.metric_name = 'TunnelState'
+        alarm.comparison_operator = 'LessThanThreshold'
+        alarm.statistic = 'Average'
+        alarm.threshold = 0.5
+        alarm.evaluation_periods = 3
+        alarm.treat_missing_data = 'breaching'
+        alarm.datapoints_to_alarm = 3
+        @alarms.push(alarm)
+      end
+      
+    end
+end

data/lib/cfnguardian/resources/vpn_tunnel.rb

@@ -0,0 +1,18 @@
+module CfnGuardian::Resource
+    class VPNTunnel < Base
+      
+      def default_alarms    
+        alarm = CfnGuardian::Models::VPNTunnelAlarm.new(@resource)
+        alarm.name = 'VPNTunnelState'
+        alarm.metric_name = 'TunnelState'
+        alarm.comparison_operator = 'LessThanThreshold'
+        alarm.statistic = 'Minimum'
+        alarm.threshold = 1
+        alarm.evaluation_periods = 5
+        alarm.treat_missing_data = 'breaching'
+        alarm.datapoints_to_alarm = 5
+        @alarms.push(alarm)
+      end
+      
+    end
+end

data/lib/cfnguardian/stacks/resources.rb

@@ -132,7 +132,7 @@ module CfnGuardian
           Events_Rule("#{subscription.group}#{subscription.name}#{subscription.hash}"[0..255]) do
             State subscription.enabled ? 'ENABLED' : 'DISABLED'
             Description "Guardian event subscription #{subscription.group} #{subscription.name} for resource #{subscription.resource_id}"
-            EventPattern event_pattern
+            EventPattern FnSub(event_pattern.to_json)
             Targets [
               {
                 Arn: Ref(subscription.topic),

data/lib/cfnguardian/version.rb

@@ -1,4 +1,4 @@
 module CfnGuardian
-  VERSION = "0.6.4"
+  VERSION = "0.6.9"
   CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-guardian
 version: !ruby/object:Gem::Version
-  version: 0.6.4
+  version: 0.6.9
 platform: ruby
 authors:
 - Guslington
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-03-03 00:00:00.000000000 Z
+date: 2021-06-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -238,6 +238,7 @@ files:
 - docs/composite_alarms.md
 - docs/custom_checks/azure_file_check.md
 - docs/custom_checks/domain_expiry.md
+- docs/custom_checks/ecs_container_instance_check.md
 - docs/custom_checks/http.md
 - docs/custom_checks/log_group_metric_filters.md
 - docs/custom_checks/nrpe.md
@@ -277,6 +278,7 @@ files:
 - lib/cfnguardian/resources/autoscaling_group.rb
 - lib/cfnguardian/resources/azure_file.rb
 - lib/cfnguardian/resources/base.rb
+- lib/cfnguardian/resources/batch.rb
 - lib/cfnguardian/resources/cloudfront_distribution.rb
 - lib/cfnguardian/resources/domain_expiry.rb
 - lib/cfnguardian/resources/dynamodb_table.rb
@@ -286,6 +288,7 @@ files:
 - lib/cfnguardian/resources/elastic_file_system.rb
 - lib/cfnguardian/resources/elastic_loadbalancer.rb
 - lib/cfnguardian/resources/elasticache_replication_group.rb
+- lib/cfnguardian/resources/glue.rb
 - lib/cfnguardian/resources/http.rb
 - lib/cfnguardian/resources/internal_http.rb
 - lib/cfnguardian/resources/internal_port.rb
@@ -302,7 +305,10 @@ files:
 - lib/cfnguardian/resources/sftp.rb
 - lib/cfnguardian/resources/sql.rb
 - lib/cfnguardian/resources/sqs_queue.rb
+- lib/cfnguardian/resources/step_functions.rb
 - lib/cfnguardian/resources/tls.rb
+- lib/cfnguardian/resources/vpn_connection.rb
+- lib/cfnguardian/resources/vpn_tunnel.rb
 - lib/cfnguardian/s3.rb
 - lib/cfnguardian/stacks/main.rb
 - lib/cfnguardian/stacks/resources.rb
@@ -331,7 +337,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Manages AWS cloudwatch alarms with default templates using cloudformation