cfn-guardian 0.6.8 → 0.6.13

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: fbdee8de2045f846a77f73303f61d13fbf8f9110d54d053ff78ad157f0ba96b7
4
- data.tar.gz: 1aa05cff0d3bfa15d296adc0d508161ca80360f0cb1bcee454c9668ca65bd8b5
3
+ metadata.gz: ed07cb07793213554d2611f693312d285d672d54146a8188c6b178f56d946aa7
4
+ data.tar.gz: 2322c8908d7239288fb689e0a102ccd9ab5af32a702a6aa6af3df76c90f6c740
5
5
  SHA512:
6
- metadata.gz: db29791aaf3771a0013d77dfef99683be75cf3093ccc121531e92adf37316d0d4a2e22ddb65652297a86674f07784383a01510f23d3c79534a431a97eccc5906
7
- data.tar.gz: 4d568808e86bf1e4e3effb6ee3b4e6270093ac3a8ea4ac809bac3126e343271989e0932afdb811eebfaa7d2b8381c7a89084f5b3c7937b81701bc96ab1e40424
6
+ metadata.gz: 35f90c8f88dafa4092f3b44adb604f794ced719fc8d1b72252b8013d9c7420df66981d40435c96c7176a46623b98f701e0d725ed866adcb93bcfdb2d4b31843b
7
+ data.tar.gz: 887fac6d120e13890639341295a97f54955e7de67875e554c2806177daacf3abe2542a0ec5ab45d73166eed71e63327d31e2e123329e93910324e43cc0eff58e
data/Dockerfile CHANGED
@@ -1,6 +1,6 @@
1
1
  FROM ruby:2.7-alpine
2
2
 
3
- ARG GUARDIAN_VERSION="0.6.7"
3
+ ARG GUARDIAN_VERSION="0.6.9"
4
4
 
5
5
  COPY . /src
6
6
 
data/README.md CHANGED
@@ -41,3 +41,4 @@ CfnGuardian is a AWS monitoring tool with a few capabilities:
41
41
  - Redshift Cluster
42
42
  - SQS Queues
43
43
  - LogGroup Metric Filters
44
+ - ElasticSearch
data/docs/resources.md CHANGED
@@ -54,6 +54,7 @@ Resources:
54
54
  | Lambda | Id |
55
55
  | CloudFrontDistribution | Id |
56
56
  | SQSQueue | Id |
57
+ | ElasticSearch | Id, Domain |
57
58
 
58
59
 
59
60
  ## Custom Resource Groups
@@ -16,6 +16,7 @@ require 'cfnguardian/resources/dynamodb_table'
16
16
  require 'cfnguardian/resources/ec2_instance'
17
17
  require 'cfnguardian/resources/ecs_cluster'
18
18
  require 'cfnguardian/resources/ecs_service'
19
+ require 'cfnguardian/resources/eks_container_insights'
19
20
  require 'cfnguardian/resources/elastic_file_system'
20
21
  require 'cfnguardian/resources/elasticache_replication_group'
21
22
  require 'cfnguardian/resources/elastic_loadbalancer'
@@ -41,9 +42,12 @@ require 'cfnguardian/resources/batch'
41
42
  require 'cfnguardian/resources/glue'
42
43
  require 'cfnguardian/resources/step_functions'
43
44
  require 'cfnguardian/resources/vpn_tunnel'
45
+ require 'cfnguardian/resources/vpn_connection'
46
+ require 'cfnguardian/resources/elastic_search'
44
47
  require 'cfnguardian/version'
45
48
  require 'cfnguardian/error'
46
49
 
50
+
47
51
  module CfnGuardian
48
52
  class Compile
49
53
  include Logging
@@ -8,7 +8,7 @@ Resources:
8
8
  Node: Default
9
9
  AmazonMQRabbitMQQueue:
10
10
  - Id: Default
11
- Queue: Default
11
+ Broker: Default
12
12
  Vhost: Default
13
13
  ApiGateway:
14
14
  - Id: Default
@@ -28,12 +28,20 @@ Resources:
28
28
  ECSCluster:
29
29
  - Id: Default
30
30
  ECSService:
31
+ - Id: Default
32
+ Cluster: Default
33
+ EKSContainerInsightsCluster:
34
+ - Id: Default
35
+ EKSContainerInsightsNamespace:
31
36
  - Id: Default
32
37
  Cluster: Default
33
38
  ElasticFileSystem:
34
39
  - Id: Default
35
40
  ElasticLoadBalancer:
36
41
  - Id: Default
42
+ ElasticSearch:
43
+ - Id: Default
44
+ Domain: Default
37
45
  ElastiCacheReplicationGroup:
38
46
  - Id: Default
39
47
  Http:
@@ -102,4 +110,6 @@ Resources:
102
110
  - Id: Default
103
111
  VPNTunnel:
104
112
  - Id: Default
113
+ VPNConnection:
114
+ - Id: Default
105
115
 
@@ -122,8 +122,8 @@ module CfnGuardian
122
122
  @group = 'AmazonMQRabbitMQQueue'
123
123
  @namespace = 'AWS/AmazonMQ'
124
124
  @dimensions = {
125
- Broker: resource['Id'],
126
- Queue: resource['Queue'],
125
+ Broker: resource['Broker'],
126
+ Queue: resource['Id'],
127
127
  VirtualHost: resource['Vhost']
128
128
  }
129
129
  end
@@ -203,7 +203,28 @@ module CfnGuardian
203
203
  }
204
204
  end
205
205
  end
206
+
207
+ class EKSContainerInsightsClusterAlarm < BaseAlarm
208
+ def initialize(resource)
209
+ super(resource)
210
+ @group = 'EKSContainerInsightsCluster'
211
+ @namespace = 'ContainerInsights'
212
+ @dimensions = { ClusterName: resource['Id'] }
213
+ end
214
+ end
206
215
 
216
+ class EKSContainerInsightsNamespaceAlarm < BaseAlarm
217
+ def initialize(resource)
218
+ super(resource)
219
+ @group = 'EKSContainerInsightsNamespace'
220
+ @namespace = 'ContainerInsights'
221
+ @dimensions = {
222
+ ClusterName: resource['Cluster'],
223
+ Namespace: resource['Id']
224
+ }
225
+ end
226
+ end
227
+
207
228
  class ElastiCacheReplicationGroupAlarm < BaseAlarm
208
229
  def initialize(resource)
209
230
  super(resource)
@@ -212,6 +233,24 @@ module CfnGuardian
212
233
  @dimensions = { CacheClusterId: resource['Id'] }
213
234
  end
214
235
  end
236
+
237
+ class ElasticSearchAlarm < BaseAlarm
238
+ def initialize(resource)
239
+ super(resource)
240
+ @group = 'ElasticSearch'
241
+ @namespace = 'AWS/ES'
242
+ @dimensions = {
243
+ DomainName: resource['Domain'],
244
+ ClientId: resource['Id']
245
+ }
246
+ @comparison_operator = 'GreaterThanOrEqualToThreshold'
247
+ @threshold = 1
248
+ @evaluation_periods = 5
249
+ @treat_missing_data = 'breaching'
250
+ @period = 60
251
+ @data_points_to_alarm = 1
252
+ end
253
+ end
215
254
 
216
255
  class ElasticLoadBalancerAlarm < BaseAlarm
217
256
  def initialize(resource)
@@ -456,6 +495,17 @@ module CfnGuardian
456
495
  }
457
496
  end
458
497
  end
459
-
498
+
499
+ class VPNConnectionAlarm < BaseAlarm
500
+ def initialize(resource)
501
+ super(resource)
502
+ @group = 'VPNConnection'
503
+ @namespace = 'AWS/VPN'
504
+ @dimensions = {
505
+ VpnId: resource['Id']
506
+ }
507
+ end
508
+ end
509
+
460
510
  end
461
511
  end
@@ -108,5 +108,6 @@ module CfnGuardian
108
108
  class RedshiftClusterEventSubscription < BaseEventSubscription; end
109
109
  class StepFunctionsSubscription < BaseEventSubscription; end
110
110
  class VPNTunnelEventSubscription < BaseEventSubscription; end
111
+ class VPNConnectionEventSubscription < BaseEventSubscription; end
111
112
  end
112
113
  end
@@ -17,6 +17,17 @@ module CfnGuardian
17
17
  alarm.threshold = 90
18
18
  alarm.evaluation_periods = 10
19
19
  @alarms.push(alarm)
20
+
21
+ alarm = CfnGuardian::Models::Ec2InstanceAlarm.new(@resource)
22
+ alarm.name = 'CPUCreditBalanceLow'
23
+ alarm.metric_name = 'CPUCreditBalance'
24
+ alarm.comparison_operator = 'LessThanThreshold'
25
+ alarm.statistic = 'Minimum'
26
+ alarm.threshold = 100
27
+ alarm.evaluation_periods = 5
28
+ alarm.treat_missing_data = 'notBreaching'
29
+ alarm.datapoints_to_alarm = 5
30
+ @alarms.push(alarm)
20
31
  end
21
32
 
22
33
  def default_event_subscriptions()
@@ -0,0 +1,99 @@
1
+ module CfnGuardian::Resource
2
+ class EKSContainerInsightsCluster < Base
3
+
4
+ def default_alarms
5
+
6
+ alarm = CfnGuardian::Models::EKSContainerInsightsClusterAlarm.new(@resource)
7
+ alarm.name = 'NodeCpuUtilisationBase'
8
+ alarm.metric_name = 'node_cpu_utilization'
9
+ alarm.comparison_operator = 'GreaterThanThreshold'
10
+ alarm.statistic = 'Maximum'
11
+ alarm.threshold = 75
12
+ alarm.evaluation_periods = 60
13
+ alarm.alarm_action = 'Warning'
14
+ @alarms.push(alarm)
15
+
16
+ alarm = CfnGuardian::Models::EKSContainerInsightsClusterAlarm.new(@resource)
17
+ alarm.name = 'NodeCpuUtilisationSpike'
18
+ alarm.metric_name = 'node_cpu_utilization'
19
+ alarm.comparison_operator = 'GreaterThanThreshold'
20
+ alarm.statistic = 'Maximum'
21
+ alarm.threshold = 95
22
+ alarm.evaluation_periods = 5
23
+ @alarms.push(alarm)
24
+
25
+ alarm = CfnGuardian::Models::EKSContainerInsightsClusterAlarm.new(@resource)
26
+ alarm.name = 'NodeFileSystemUtilisationCrit'
27
+ alarm.metric_name = 'node_filesystem_utilization'
28
+ alarm.comparison_operator = 'GreaterThanThreshold'
29
+ alarm.statistic = 'Maximum'
30
+ alarm.threshold = 90
31
+ alarm.evaluation_periods = 1
32
+ @alarms.push(alarm)
33
+
34
+ alarm = CfnGuardian::Models::EKSContainerInsightsClusterAlarm.new(@resource)
35
+ alarm.name = 'NodeFileSystemUtilisationWarning'
36
+ alarm.metric_name = 'node_filesystem_utilization'
37
+ alarm.comparison_operator = 'GreaterThanThreshold'
38
+ alarm.statistic = 'Maximum'
39
+ alarm.threshold = 75
40
+ alarm.evaluation_periods = 1
41
+ alarm.alarm_action = 'Warning'
42
+ @alarms.push(alarm)
43
+
44
+ alarm = CfnGuardian::Models::EKSContainerInsightsClusterAlarm.new(@resource)
45
+ alarm.name = 'NodeMemoryUtilisationBase'
46
+ alarm.metric_name = 'node_memory_utilization'
47
+ alarm.comparison_operator = 'GreaterThanThreshold'
48
+ alarm.statistic = 'Maximum'
49
+ alarm.threshold = 80
50
+ alarm.evaluation_periods = 60
51
+ alarm.alarm_action = 'Warning'
52
+ @alarms.push(alarm)
53
+
54
+ alarm = CfnGuardian::Models::EKSContainerInsightsClusterAlarm.new(@resource)
55
+ alarm.name = 'NodeMemoryUtilisationSpike'
56
+ alarm.metric_name = 'node_memory_utilization'
57
+ alarm.comparison_operator = 'GreaterThanThreshold'
58
+ alarm.statistic = 'Maximum'
59
+ alarm.threshold = 90
60
+ alarm.evaluation_periods = 5
61
+ @alarms.push(alarm)
62
+
63
+ alarm = CfnGuardian::Models::EKSContainerInsightsClusterAlarm.new(@resource)
64
+ alarm.name = 'ClusterFailedNodeCount'
65
+ alarm.metric_name = 'cluster_failed_node_count'
66
+ alarm.comparison_operator = 'GreaterThanThreshold'
67
+ alarm.statistic = 'Minimum'
68
+ alarm.threshold = 0
69
+ alarm.evaluation_periods = 1
70
+ @alarms.push(alarm)
71
+
72
+ end
73
+ end
74
+
75
+ class EKSContainerInsightsNamespace < Base
76
+
77
+ def default_alarms
78
+
79
+ alarm = CfnGuardian::Models::EKSContainerInsightsNamespaceAlarm.new(@resource)
80
+ alarm.name = 'PodCpuUtilisation'
81
+ alarm.metric_name = 'pod_cpu_utilization'
82
+ alarm.comparison_operator = 'GreaterThanThreshold'
83
+ alarm.statistic = 'Maximum'
84
+ alarm.threshold = 90
85
+ alarm.evaluation_periods = 5
86
+ @alarms.push(alarm)
87
+
88
+ alarm = CfnGuardian::Models::EKSContainerInsightsNamespaceAlarm.new(@resource)
89
+ alarm.name = 'PodMemoryUtilisation'
90
+ alarm.metric_name = 'pod_memory_utilization'
91
+ alarm.comparison_operator = 'GreaterThanThreshold'
92
+ alarm.statistic = 'Maximum'
93
+ alarm.threshold = 90
94
+ alarm.evaluation_periods = 5
95
+ @alarms.push(alarm)
96
+
97
+ end
98
+ end
99
+ end
@@ -11,6 +11,17 @@ module CfnGuardian
11
11
  alarm.evaluation_periods = 5
12
12
  alarm.statistic = 'Minimum'
13
13
  @alarms.push(alarm)
14
+
15
+ alarm = CfnGuardian::Models::ElasticFileSystemAlarm.new(@resource)
16
+ alarm.name = 'BurstCreditBalanceLow'
17
+ alarm.metric_name = 'BurstCreditBalance'
18
+ alarm.comparison_operator = 'LessThanThreshold'
19
+ alarm.statistic = 'Minimum'
20
+ alarm.threshold = 1000000000000
21
+ alarm.evaluation_periods = 5
22
+ alarm.treat_missing_data = 'notBreaching'
23
+ alarm.datapoints_to_alarm = 5
24
+ @alarms.push(alarm)
14
25
  end
15
26
  end
16
27
  end
@@ -0,0 +1,135 @@
1
+ module CfnGuardian::Resource
2
+ class ElasticSearch < Base
3
+
4
+ def default_alarms
5
+ alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
6
+ alarm.name = 'NodeCount'
7
+ alarm.metric_name = 'Nodes'
8
+ alarm.threshold = 3
9
+ alarm.evaluation_periods = 1440 # 24 hours
10
+ alarm.datapoints_to_alarm = 1
11
+ alarm.comparison_operator = 'LessThanOrEqualToThreshold'
12
+ alarm.alarm_action = 'Critical'
13
+ alarm.enabled = false
14
+ @alarms.push(alarm)
15
+
16
+ alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
17
+ alarm.name = 'JVMMemoryPressureWarning'
18
+ alarm.metric_name = 'JVMMemoryPressure'
19
+ alarm.threshold = 72
20
+ alarm.evaluation_periods = 5
21
+ alarm.datapoints_to_alarm = 3
22
+ alarm.alarm_action = 'Warning'
23
+ @alarms.push(alarm)
24
+
25
+ alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
26
+ alarm.name = 'JVMMemoryPressureCrit'
27
+ alarm.metric_name = 'JVMMemoryPressure'
28
+ alarm.threshold = 92
29
+ alarm.evaluation_periods = 5
30
+ alarm.alarm_action = 'Critical'
31
+ @alarms.push(alarm)
32
+
33
+ alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
34
+ alarm.name = 'ClusterIndexWritesBlocked'
35
+ alarm.metric_name = 'ClusterIndexWritesBlocked'
36
+ alarm.threshold = 1
37
+ alarm.evaluation_periods = 5
38
+ alarm.alarm_action = 'Critical'
39
+ @alarms.push(alarm)
40
+
41
+ alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
42
+ alarm.name = 'MasterNodeCPUUtilisationWarning'
43
+ alarm.metric_name = 'MasterCPUUtilization'
44
+ alarm.threshold = 75
45
+ alarm.evaluation_periods = 60
46
+ alarm.alarm_action = 'Warning'
47
+ @alarms.push(alarm)
48
+
49
+ alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
50
+ alarm.name = 'MasterNodeCPUUtilisationCrit'
51
+ alarm.metric_name = 'MasterCPUUtilization'
52
+ alarm.threshold = 95
53
+ alarm.evaluation_periods = 10
54
+ alarm.alarm_action = 'Critical'
55
+ @alarms.push(alarm)
56
+
57
+ alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
58
+ alarm.name = 'FreeStorageSpaceWarning'
59
+ alarm.metric_name = 'FreeStorageSpace'
60
+ alarm.threshold = 50000
61
+ alarm.evaluation_periods = 1
62
+ alarm.alarm_action = 'Warning'
63
+ alarm.statistic = 'Minimum'
64
+ alarm.comparison_operator = 'LessThanOrEqualToThreshold'
65
+ @alarms.push(alarm)
66
+
67
+ alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
68
+ alarm.name = 'FreeStorageSpaceCrit'
69
+ alarm.metric_name = 'FreeStorageSpace'
70
+ alarm.threshold = 25000
71
+ alarm.evaluation_periods = 1
72
+ alarm.alarm_action = 'Critical'
73
+ alarm.comparison_operator = 'LessThanOrEqualToThreshold'
74
+ @alarms.push(alarm)
75
+
76
+ alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
77
+ alarm.name = 'CPUUtilizationWarning'
78
+ alarm.metric_name = 'CPUUtilization'
79
+ alarm.threshold = 75
80
+ alarm.evaluation_periods = 15
81
+ alarm.datapoints_to_alarm = 3
82
+ alarm.alarm_action = 'Warning'
83
+ alarm.statistic = 'Average'
84
+ @alarms.push(alarm)
85
+
86
+ alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
87
+ alarm.name = 'CPUUtilizationCrit'
88
+ alarm.metric_name = 'CPUUtilization'
89
+ alarm.threshold = 95
90
+ alarm.evaluation_periods = 5
91
+ alarm.datapoints_to_alarm = 3
92
+ alarm.alarm_action = 'Critical'
93
+ alarm.statistic = 'Average'
94
+ @alarms.push(alarm)
95
+
96
+ alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
97
+ alarm.name = 'KMSKeyError'
98
+ alarm.metric_name = 'KMSKeyError'
99
+ alarm.threshold = 1
100
+ alarm.evaluation_periods = 1
101
+ alarm.alarm_action = 'Warning'
102
+ alarm.statistic = 'Minimum'
103
+ @alarms.push(alarm)
104
+
105
+ alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
106
+ alarm.name = 'KMSKeyInaccessible'
107
+ alarm.metric_name = 'KMSKeyInaccessible'
108
+ alarm.threshold = 1
109
+ alarm.evaluation_periods = 1
110
+ alarm.alarm_action = 'Critical'
111
+ alarm.statistic = 'Minimum'
112
+ alarm.enabled = false
113
+ @alarms.push(alarm)
114
+
115
+ alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
116
+ alarm.name = 'ClusterStatusRed'
117
+ alarm.metric_name = 'ClusterStatus.red'
118
+ alarm.threshold = 1
119
+ alarm.evaluation_periods = 1
120
+ alarm.alarm_action = 'Critical'
121
+ alarm.statistic = 'Minimum'
122
+ @alarms.push(alarm)
123
+
124
+ alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
125
+ alarm.name = 'ClusterStatusYellow'
126
+ alarm.metric_name = 'ClusterStatus.yellow'
127
+ alarm.threshold = 1
128
+ alarm.evaluation_periods = 1
129
+ alarm.alarm_action = 'Warning'
130
+ alarm.statistic = 'Minimum'
131
+ @alarms.push(alarm)
132
+
133
+ end
134
+ end
135
+ end
@@ -0,0 +1,18 @@
1
+ module CfnGuardian::Resource
2
+ class VPNConnection < Base
3
+
4
+ def default_alarms
5
+ alarm = CfnGuardian::Models::VPNConnectionAlarm.new(@resource)
6
+ alarm.name = 'VPNConnectionState'
7
+ alarm.metric_name = 'TunnelState'
8
+ alarm.comparison_operator = 'LessThanThreshold'
9
+ alarm.statistic = 'Average'
10
+ alarm.threshold = 0.5
11
+ alarm.evaluation_periods = 3
12
+ alarm.treat_missing_data = 'breaching'
13
+ alarm.datapoints_to_alarm = 3
14
+ @alarms.push(alarm)
15
+ end
16
+
17
+ end
18
+ end
@@ -1,4 +1,4 @@
1
1
  module CfnGuardian
2
- VERSION = "0.6.8"
2
+ VERSION = "0.6.13"
3
3
  CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-guardian
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.6.8
4
+ version: 0.6.13
5
5
  platform: ruby
6
6
  authors:
7
7
  - Guslington
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2021-05-31 00:00:00.000000000 Z
11
+ date: 2021-07-06 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor
@@ -285,8 +285,10 @@ files:
285
285
  - lib/cfnguardian/resources/ec2_instance.rb
286
286
  - lib/cfnguardian/resources/ecs_cluster.rb
287
287
  - lib/cfnguardian/resources/ecs_service.rb
288
+ - lib/cfnguardian/resources/eks_container_insights.rb
288
289
  - lib/cfnguardian/resources/elastic_file_system.rb
289
290
  - lib/cfnguardian/resources/elastic_loadbalancer.rb
291
+ - lib/cfnguardian/resources/elastic_search.rb
290
292
  - lib/cfnguardian/resources/elasticache_replication_group.rb
291
293
  - lib/cfnguardian/resources/glue.rb
292
294
  - lib/cfnguardian/resources/http.rb
@@ -307,6 +309,7 @@ files:
307
309
  - lib/cfnguardian/resources/sqs_queue.rb
308
310
  - lib/cfnguardian/resources/step_functions.rb
309
311
  - lib/cfnguardian/resources/tls.rb
312
+ - lib/cfnguardian/resources/vpn_connection.rb
310
313
  - lib/cfnguardian/resources/vpn_tunnel.rb
311
314
  - lib/cfnguardian/s3.rb
312
315
  - lib/cfnguardian/stacks/main.rb