cfn-guardian 0.6.5 → 0.6.10

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: e13aeec66b2fd0beaaefac66257555ab629c777b3377e41829c16106a5fbde8a
-  data.tar.gz: 3e2a2f21d9bbc278f055a08256a4653e13649705f608f3f083d1e637bb4198d4
+  metadata.gz: 355680f054f4e9550f1709780e0b3a5d72c8773c0222bb2307621080a76728b2
+  data.tar.gz: 840685a1d7f15409e809e71944c90e433d428123d204e38c37113444c9508d44
 SHA512:
-  metadata.gz: 6d617f561808d69040b13835627e07b0a5993750dfed7b0d97086b567542647f0189934994e29d651a06106879ada46f185fa0cc7eafd17dc8486fbf121aa0cb
-  data.tar.gz: 01b5c57874c7df8bff6ea5b3853e43cbec02c140c8043c89fa110b73130a5a124da4f521cd1fbb0c1a4136c6aa0e7d9f1d6b163c9cf36f9c5347931e2d663f92
+  metadata.gz: 5c8bb52fbeed1bcad2b05776798e5bd21861e08631801e607b6219bb93c5c1e53993355826b9f561aa6099364af09e9e1defa0ddf93f829db325499cc359ba3d
+  data.tar.gz: eff695bda7e0e2e9325f0f7ef332f6e2c7f12a1a32ed8dabfca0a04d7c61a93c5616df8711a7daff6f64bcbbf8b3808b9d01b080334d80c163bcc2712f7431cb

data/Dockerfile

@@ -1,6 +1,6 @@
 FROM ruby:2.7-alpine
 
-ARG GUARDIAN_VERSION="0.2.2"
+ARG GUARDIAN_VERSION="0.6.9"
 
 COPY . /src
 
@@ -16,4 +16,4 @@ RUN addgroup -g 1000 guardian && \
 
 USER guardian
 
-RUN cfndsl -u 11.5.0
+RUN cfndsl -u 11.5.0

data/docs/custom_checks/ecs_container_instance_check.md

@@ -0,0 +1,18 @@
+# ECS Container Instance Check
+
+Source: https://github.com/base2Services/aws-lambda-ecs-container-instance-check
+
+Checks the agent status of a ECS container instance for a ECS cluster. 
+This check and alarms are created by default when a ECS cluster resource is specified in the config.
+
+```yaml
+Resources:
+  ECSCluster:
+  - Id: my-cluster
+
+Templates:
+  ECSCluster:
+    # override the alarm defaults
+    ECSContianerInstancesDisconnected:
+      ...
+```

data/docs/overview.md

@@ -14,6 +14,7 @@
     7. [SQL](custom_checks/sql.md)
     8. [TLS](custom_checks/tls.md)
     9. [Azure File Check](custom_checks/azure_file_check.md)
+    10. [ECS Container Instance Check](custom_checks/ecs_container_instance_check.md)
 5. [Event Subscriptions](event_subscriptions.md)
 6. [Notifiers](notifiers.md)
 7. [Maintenance Mode](maintenance_mode.md)

data/lib/cfnguardian.rb

@@ -299,14 +299,18 @@ module CfnGuardian
     LONG
     method_option :region, aliases: :r, type: :string, desc: "set the AWS region"
     method_option :repository, type: :string, default: 'guardian', desc: "codecommit repository name"
+    method_option :branch, type: :string, default: 'master', desc: "codecommit branch"
+    method_option :count, type: :numeric, default: 10, desc: "number of last commits to retrieve"
     
     def show_config_history
       set_region(options[:region],true)
     
-      history = CfnGuardian::CodeCommit.new(options[:repository]).get_commit_history()
-      puts Terminal::Table.new(
-        :headings => history.first.keys.map{|h| h.to_s.to_heading}, 
-        :rows => history.map(&:values))
+      history = CfnGuardian::CodeCommit.new(options[:repository]).get_commit_history(options[:branch], options[:count])
+      if history.any?
+        puts Terminal::Table.new(
+          :headings => history.first.keys.map{|h| h.to_s.to_heading}, 
+          :rows => history.map(&:values))
+      end
     end
     
     desc "show-pipeline", "Shows the current state of the AWS code pipeline"

data/lib/cfnguardian/codecommit.rb

@@ -19,9 +19,18 @@ module CfnGuardian
       return resp.branch.commit_id
     end
     
-    def get_commit_history(branch='master',count=10)
+    def get_commit_history(branch,count)
       history = []
-      commit = get_last_commit(branch)
+
+      begin
+        commit = get_last_commit(branch)
+      rescue Aws::CodeCommit::Errors::BranchDoesNotExistException => e
+        logger.error "Branch #{branch} does not exist in the #{@repo_name} repository"
+        return []
+      rescue Aws::CodeCommit::Errors::RepositoryDoesNotExistException => e
+        logger.error "Respository #{@repo_name} does not exist in this AWS account or region"
+        return []
+      end
       
       count.times do
         

data/lib/cfnguardian/compile.rb

@@ -40,6 +40,8 @@ require 'cfnguardian/resources/amazonmq_rabbitmq'
 require 'cfnguardian/resources/batch'
 require 'cfnguardian/resources/glue'
 require 'cfnguardian/resources/step_functions'
+require 'cfnguardian/resources/vpn_tunnel'
+require 'cfnguardian/resources/vpn_connection'
 require 'cfnguardian/version'
 require 'cfnguardian/error'
 

data/lib/cfnguardian/config/defaults.yaml

@@ -8,7 +8,7 @@ Resources:
     Node: Default
   AmazonMQRabbitMQQueue:
   - Id: Default
-    Queue: Default
+    Broker: Default
     Vhost: Default
   ApiGateway:
   - Id: Default
@@ -100,4 +100,8 @@ Resources:
         Query: Default
   SQSQueue:
   - Id: Default
+  VPNTunnel:
+  - Id: Default
+  VPNConnection:
+  - Id: Default
   

data/lib/cfnguardian/models/alarm.rb

@@ -122,8 +122,8 @@ module CfnGuardian
         @group = 'AmazonMQRabbitMQQueue'
         @namespace = 'AWS/AmazonMQ'
         @dimensions = { 
-          Broker: resource['Id'],
-          Queue: resource['Queue'],
+          Broker: resource['Broker'],
+          Queue: resource['Id'],
           VirtualHost: resource['Vhost']
         }
       end
@@ -445,6 +445,28 @@ module CfnGuardian
         @dimensions = { StorageAccount: resource['Id'], StorageContainer: resource['Container'] }
       end
     end
-    
+
+    class VPNTunnelAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'VPNTunnel'
+        @namespace = 'AWS/VPN'
+        @dimensions = {
+          TunnelIpAddress: resource['Id']
+        }
+      end
+    end
+
+    class VPNConnectionAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'VPNConnection'
+        @namespace = 'AWS/VPN'
+        @dimensions = {
+          VpnId: resource['Id']
+        }
+      end
+    end
+
   end
 end

data/lib/cfnguardian/models/event_subscription.rb

@@ -107,5 +107,7 @@ module CfnGuardian
     class NetworkTargetGroupEventSubscription < BaseEventSubscription; end
     class RedshiftClusterEventSubscription < BaseEventSubscription; end
     class StepFunctionsSubscription < BaseEventSubscription; end
+    class VPNTunnelEventSubscription < BaseEventSubscription; end
+    class VPNConnectionEventSubscription < BaseEventSubscription; end
   end
 end

data/lib/cfnguardian/resources/ec2_instance.rb

@@ -17,6 +17,17 @@ module CfnGuardian
         alarm.threshold = 90
         alarm.evaluation_periods = 10
         @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::Ec2InstanceAlarm.new(@resource)
+        alarm.name = 'CPUCreditBalanceLow'
+        alarm.metric_name = 'CPUCreditBalance'
+        alarm.comparison_operator = 'LessThanThreshold'
+        alarm.statistic = 'Minimum'
+        alarm.threshold = 100
+        alarm.evaluation_periods = 5
+        alarm.treat_missing_data = 'notBreaching'
+        alarm.datapoints_to_alarm = 5
+        @alarms.push(alarm)
       end
       
       def default_event_subscriptions()

data/lib/cfnguardian/resources/elastic_file_system.rb

@@ -11,6 +11,17 @@ module CfnGuardian
         alarm.evaluation_periods = 5
         alarm.statistic = 'Minimum'
         @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::ElasticFileSystemAlarm.new(@resource)
+        alarm.name = 'BurstCreditBalanceLow'
+        alarm.metric_name = 'BurstCreditBalance'
+        alarm.comparison_operator = 'LessThanThreshold'
+        alarm.statistic = 'Minimum'
+        alarm.threshold = 1000000000000
+        alarm.evaluation_periods = 5
+        alarm.treat_missing_data = 'notBreaching'
+        alarm.datapoints_to_alarm = 5
+        @alarms.push(alarm)
       end
     end
   end

data/lib/cfnguardian/resources/redshift_cluster.rb

@@ -1,14 +1,14 @@
 module CfnGuardian::Resource
   class RedshiftCluster < Base
-      
-    def default_alarms    
+
+    def default_alarms
       alarm = CfnGuardian::Models::RedshiftClusterAlarm.new(@resource)
       alarm.name = 'CPUUtilizationHighSpike'
       alarm.metric_name = 'CPUUtilization'
       alarm.threshold = 95
       alarm.evaluation_periods = 10
       @alarms.push(alarm)
-      
+
       alarm = CfnGuardian::Models::RedshiftClusterAlarm.new(@resource)
       alarm.name = 'CPUUtilizationHighBase'
       alarm.metric_name = 'CPUUtilization'
@@ -16,7 +16,7 @@ module CfnGuardian::Resource
       alarm.evaluation_periods = 60
       alarm.alarm_action = 'Warning'
       @alarms.push(alarm)
-      
+
       alarm = CfnGuardian::Models::RedshiftClusterAlarm.new(@resource)
       alarm.name = 'UnHealthyCluster'
       alarm.metric_name = 'HealthStatus'
@@ -24,7 +24,24 @@ module CfnGuardian::Resource
       alarm.threshold = 1
       alarm.evaluation_periods = 10
       @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::RedshiftClusterAlarm.new(@resource)
+      alarm.name = 'DiskSpaceUsedCrit'
+      alarm.metric_name = 'PercentageDiskSpaceUsed'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.threshold = 90
+      alarm.evaluation_periods = 10
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::RedshiftClusterAlarm.new(@resource)
+      alarm.name = 'DiskSpaceUsedWarm'
+      alarm.metric_name = 'PercentageDiskSpaceUsed'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.threshold = 80
+      alarm.evaluation_periods = 10
+      alarm.alarm_action = 'Warning'
+      @alarms.push(alarm)
     end
-    
+
   end
 end

data/lib/cfnguardian/resources/vpn_connection.rb

@@ -0,0 +1,18 @@
+module CfnGuardian::Resource
+    class VPNConnection < Base
+      
+      def default_alarms    
+        alarm = CfnGuardian::Models::VPNConnectionAlarm.new(@resource)
+        alarm.name = 'VPNConnectionState'
+        alarm.metric_name = 'TunnelState'
+        alarm.comparison_operator = 'LessThanThreshold'
+        alarm.statistic = 'Average'
+        alarm.threshold = 0.5
+        alarm.evaluation_periods = 3
+        alarm.treat_missing_data = 'breaching'
+        alarm.datapoints_to_alarm = 3
+        @alarms.push(alarm)
+      end
+      
+    end
+end

data/lib/cfnguardian/resources/vpn_tunnel.rb

@@ -0,0 +1,18 @@
+module CfnGuardian::Resource
+    class VPNTunnel < Base
+      
+      def default_alarms    
+        alarm = CfnGuardian::Models::VPNTunnelAlarm.new(@resource)
+        alarm.name = 'VPNTunnelState'
+        alarm.metric_name = 'TunnelState'
+        alarm.comparison_operator = 'LessThanThreshold'
+        alarm.statistic = 'Minimum'
+        alarm.threshold = 1
+        alarm.evaluation_periods = 5
+        alarm.treat_missing_data = 'breaching'
+        alarm.datapoints_to_alarm = 5
+        @alarms.push(alarm)
+      end
+      
+    end
+end

data/lib/cfnguardian/version.rb

@@ -1,4 +1,4 @@
 module CfnGuardian
-  VERSION = "0.6.5"
+  VERSION = "0.6.10"
   CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-guardian
 version: !ruby/object:Gem::Version
-  version: 0.6.5
+  version: 0.6.10
 platform: ruby
 authors:
 - Guslington
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-03-12 00:00:00.000000000 Z
+date: 2021-06-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -238,6 +238,7 @@ files:
 - docs/composite_alarms.md
 - docs/custom_checks/azure_file_check.md
 - docs/custom_checks/domain_expiry.md
+- docs/custom_checks/ecs_container_instance_check.md
 - docs/custom_checks/http.md
 - docs/custom_checks/log_group_metric_filters.md
 - docs/custom_checks/nrpe.md
@@ -306,6 +307,8 @@ files:
 - lib/cfnguardian/resources/sqs_queue.rb
 - lib/cfnguardian/resources/step_functions.rb
 - lib/cfnguardian/resources/tls.rb
+- lib/cfnguardian/resources/vpn_connection.rb
+- lib/cfnguardian/resources/vpn_tunnel.rb
 - lib/cfnguardian/s3.rb
 - lib/cfnguardian/stacks/main.rb
 - lib/cfnguardian/stacks/resources.rb
@@ -334,7 +337,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.1.4
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Manages AWS cloudwatch alarms with default templates using cloudformation