cfn-guardian 0.6.8 → 0.6.13

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: fbdee8de2045f846a77f73303f61d13fbf8f9110d54d053ff78ad157f0ba96b7
-  data.tar.gz: 1aa05cff0d3bfa15d296adc0d508161ca80360f0cb1bcee454c9668ca65bd8b5
+  metadata.gz: ed07cb07793213554d2611f693312d285d672d54146a8188c6b178f56d946aa7
+  data.tar.gz: 2322c8908d7239288fb689e0a102ccd9ab5af32a702a6aa6af3df76c90f6c740
 SHA512:
-  metadata.gz: db29791aaf3771a0013d77dfef99683be75cf3093ccc121531e92adf37316d0d4a2e22ddb65652297a86674f07784383a01510f23d3c79534a431a97eccc5906
-  data.tar.gz: 4d568808e86bf1e4e3effb6ee3b4e6270093ac3a8ea4ac809bac3126e343271989e0932afdb811eebfaa7d2b8381c7a89084f5b3c7937b81701bc96ab1e40424
+  metadata.gz: 35f90c8f88dafa4092f3b44adb604f794ced719fc8d1b72252b8013d9c7420df66981d40435c96c7176a46623b98f701e0d725ed866adcb93bcfdb2d4b31843b
+  data.tar.gz: 887fac6d120e13890639341295a97f54955e7de67875e554c2806177daacf3abe2542a0ec5ab45d73166eed71e63327d31e2e123329e93910324e43cc0eff58e

data/Dockerfile

@@ -1,6 +1,6 @@
 FROM ruby:2.7-alpine
 
-ARG GUARDIAN_VERSION="0.6.7"
+ARG GUARDIAN_VERSION="0.6.9"
 
 COPY . /src
 

data/README.md

@@ -41,3 +41,4 @@ CfnGuardian is a AWS monitoring tool with a few capabilities:
 - Redshift Cluster
 - SQS Queues
 - LogGroup Metric Filters
+- ElasticSearch

data/docs/resources.md

@@ -54,6 +54,7 @@ Resources:
 | Lambda                      | Id               |
 | CloudFrontDistribution      | Id               |
 | SQSQueue                    | Id               |
+| ElasticSearch               | Id, Domain       |
 
 
 ## Custom Resource Groups

data/lib/cfnguardian/compile.rb

@@ -16,6 +16,7 @@ require 'cfnguardian/resources/dynamodb_table'
 require 'cfnguardian/resources/ec2_instance'
 require 'cfnguardian/resources/ecs_cluster'
 require 'cfnguardian/resources/ecs_service'
+require 'cfnguardian/resources/eks_container_insights'
 require 'cfnguardian/resources/elastic_file_system'
 require 'cfnguardian/resources/elasticache_replication_group'
 require 'cfnguardian/resources/elastic_loadbalancer'
@@ -41,9 +42,12 @@ require 'cfnguardian/resources/batch'
 require 'cfnguardian/resources/glue'
 require 'cfnguardian/resources/step_functions'
 require 'cfnguardian/resources/vpn_tunnel'
+require 'cfnguardian/resources/vpn_connection'
+require 'cfnguardian/resources/elastic_search'
 require 'cfnguardian/version'
 require 'cfnguardian/error'
 
+
 module CfnGuardian
   class Compile
     include Logging

data/lib/cfnguardian/config/defaults.yaml

@@ -8,7 +8,7 @@ Resources:
     Node: Default
   AmazonMQRabbitMQQueue:
   - Id: Default
-    Queue: Default
+    Broker: Default
     Vhost: Default
   ApiGateway:
   - Id: Default
@@ -28,12 +28,20 @@ Resources:
   ECSCluster:
   - Id: Default
   ECSService:
+  - Id: Default
+    Cluster: Default
+  EKSContainerInsightsCluster:
+  - Id: Default
+  EKSContainerInsightsNamespace:
   - Id: Default
     Cluster: Default
   ElasticFileSystem:
   - Id: Default
   ElasticLoadBalancer:
   - Id: Default
+  ElasticSearch:
+  - Id: Default
+    Domain: Default
   ElastiCacheReplicationGroup:
   - Id: Default
   Http:
@@ -102,4 +110,6 @@ Resources:
   - Id: Default
   VPNTunnel:
   - Id: Default
+  VPNConnection:
+  - Id: Default
   

data/lib/cfnguardian/models/alarm.rb

@@ -122,8 +122,8 @@ module CfnGuardian
         @group = 'AmazonMQRabbitMQQueue'
         @namespace = 'AWS/AmazonMQ'
         @dimensions = { 
-          Broker: resource['Id'],
-          Queue: resource['Queue'],
+          Broker: resource['Broker'],
+          Queue: resource['Id'],
           VirtualHost: resource['Vhost']
         }
       end
@@ -203,7 +203,28 @@ module CfnGuardian
         }
       end
     end
+
+    class EKSContainerInsightsClusterAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'EKSContainerInsightsCluster'
+        @namespace = 'ContainerInsights'
+        @dimensions = { ClusterName: resource['Id'] }
+      end
+    end
     
+    class EKSContainerInsightsNamespaceAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'EKSContainerInsightsNamespace'
+        @namespace = 'ContainerInsights'
+        @dimensions = { 
+          ClusterName: resource['Cluster'],
+          Namespace: resource['Id']
+        }
+      end
+    end
+
     class ElastiCacheReplicationGroupAlarm < BaseAlarm
       def initialize(resource)
         super(resource)
@@ -212,6 +233,24 @@ module CfnGuardian
         @dimensions = { CacheClusterId: resource['Id'] }
       end
     end
+
+    class ElasticSearchAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'ElasticSearch'
+        @namespace = 'AWS/ES'
+        @dimensions = { 
+          DomainName: resource['Domain'], 
+          ClientId: resource['Id'] 
+        }
+        @comparison_operator = 'GreaterThanOrEqualToThreshold'
+        @threshold = 1
+        @evaluation_periods = 5
+        @treat_missing_data = 'breaching'
+        @period = 60
+        @data_points_to_alarm = 1
+      end
+    end
     
     class ElasticLoadBalancerAlarm < BaseAlarm
       def initialize(resource)
@@ -456,6 +495,17 @@ module CfnGuardian
         }
       end
     end
-    
+
+    class VPNConnectionAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'VPNConnection'
+        @namespace = 'AWS/VPN'
+        @dimensions = {
+          VpnId: resource['Id']
+        }
+      end
+    end
+
   end
 end

data/lib/cfnguardian/models/event_subscription.rb

@@ -108,5 +108,6 @@ module CfnGuardian
     class RedshiftClusterEventSubscription < BaseEventSubscription; end
     class StepFunctionsSubscription < BaseEventSubscription; end
     class VPNTunnelEventSubscription < BaseEventSubscription; end
+    class VPNConnectionEventSubscription < BaseEventSubscription; end
   end
 end

data/lib/cfnguardian/resources/ec2_instance.rb

@@ -17,6 +17,17 @@ module CfnGuardian
         alarm.threshold = 90
         alarm.evaluation_periods = 10
         @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::Ec2InstanceAlarm.new(@resource)
+        alarm.name = 'CPUCreditBalanceLow'
+        alarm.metric_name = 'CPUCreditBalance'
+        alarm.comparison_operator = 'LessThanThreshold'
+        alarm.statistic = 'Minimum'
+        alarm.threshold = 100
+        alarm.evaluation_periods = 5
+        alarm.treat_missing_data = 'notBreaching'
+        alarm.datapoints_to_alarm = 5
+        @alarms.push(alarm)
       end
       
       def default_event_subscriptions()

data/lib/cfnguardian/resources/eks_container_insights.rb

@@ -0,0 +1,99 @@
+module CfnGuardian::Resource
+  class EKSContainerInsightsCluster < Base
+
+    def default_alarms
+
+      alarm = CfnGuardian::Models::EKSContainerInsightsClusterAlarm.new(@resource)
+      alarm.name = 'NodeCpuUtilisationBase'
+      alarm.metric_name = 'node_cpu_utilization'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 75
+      alarm.evaluation_periods = 60
+      alarm.alarm_action = 'Warning'
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::EKSContainerInsightsClusterAlarm.new(@resource)
+      alarm.name = 'NodeCpuUtilisationSpike'
+      alarm.metric_name = 'node_cpu_utilization'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 95
+      alarm.evaluation_periods = 5
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::EKSContainerInsightsClusterAlarm.new(@resource)
+      alarm.name = 'NodeFileSystemUtilisationCrit'
+      alarm.metric_name = 'node_filesystem_utilization'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 90
+      alarm.evaluation_periods = 1
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::EKSContainerInsightsClusterAlarm.new(@resource)
+      alarm.name = 'NodeFileSystemUtilisationWarning'
+      alarm.metric_name = 'node_filesystem_utilization'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 75
+      alarm.evaluation_periods = 1
+      alarm.alarm_action = 'Warning'
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::EKSContainerInsightsClusterAlarm.new(@resource)
+      alarm.name = 'NodeMemoryUtilisationBase'
+      alarm.metric_name = 'node_memory_utilization'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 80
+      alarm.evaluation_periods = 60
+      alarm.alarm_action = 'Warning'
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::EKSContainerInsightsClusterAlarm.new(@resource)
+      alarm.name = 'NodeMemoryUtilisationSpike'
+      alarm.metric_name = 'node_memory_utilization'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 90
+      alarm.evaluation_periods = 5
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::EKSContainerInsightsClusterAlarm.new(@resource)
+      alarm.name = 'ClusterFailedNodeCount'
+      alarm.metric_name = 'cluster_failed_node_count'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Minimum'
+      alarm.threshold = 0
+      alarm.evaluation_periods = 1
+      @alarms.push(alarm)
+
+    end
+  end
+
+  class EKSContainerInsightsNamespace < Base
+
+    def default_alarms
+
+      alarm = CfnGuardian::Models::EKSContainerInsightsNamespaceAlarm.new(@resource)
+      alarm.name = 'PodCpuUtilisation'
+      alarm.metric_name = 'pod_cpu_utilization'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 90
+      alarm.evaluation_periods = 5
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::EKSContainerInsightsNamespaceAlarm.new(@resource)
+      alarm.name = 'PodMemoryUtilisation'
+      alarm.metric_name = 'pod_memory_utilization'
+      alarm.comparison_operator = 'GreaterThanThreshold'
+      alarm.statistic = 'Maximum'
+      alarm.threshold = 90
+      alarm.evaluation_periods = 5
+      @alarms.push(alarm)
+
+    end
+  end
+end 

data/lib/cfnguardian/resources/elastic_file_system.rb

@@ -11,6 +11,17 @@ module CfnGuardian
         alarm.evaluation_periods = 5
         alarm.statistic = 'Minimum'
         @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::ElasticFileSystemAlarm.new(@resource)
+        alarm.name = 'BurstCreditBalanceLow'
+        alarm.metric_name = 'BurstCreditBalance'
+        alarm.comparison_operator = 'LessThanThreshold'
+        alarm.statistic = 'Minimum'
+        alarm.threshold = 1000000000000
+        alarm.evaluation_periods = 5
+        alarm.treat_missing_data = 'notBreaching'
+        alarm.datapoints_to_alarm = 5
+        @alarms.push(alarm)
       end
     end
   end

data/lib/cfnguardian/resources/elastic_search.rb

@@ -0,0 +1,135 @@
+module CfnGuardian::Resource
+    class ElasticSearch < Base
+
+      def default_alarms    
+        alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
+        alarm.name = 'NodeCount'
+        alarm.metric_name = 'Nodes'
+        alarm.threshold = 3
+        alarm.evaluation_periods = 1440 # 24 hours
+        alarm.datapoints_to_alarm = 1
+        alarm.comparison_operator = 'LessThanOrEqualToThreshold'
+        alarm.alarm_action = 'Critical'
+        alarm.enabled = false
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
+        alarm.name = 'JVMMemoryPressureWarning'
+        alarm.metric_name = 'JVMMemoryPressure'
+        alarm.threshold = 72
+        alarm.evaluation_periods = 5
+        alarm.datapoints_to_alarm = 3
+        alarm.alarm_action = 'Warning'
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
+        alarm.name = 'JVMMemoryPressureCrit'
+        alarm.metric_name = 'JVMMemoryPressure'
+        alarm.threshold = 92
+        alarm.evaluation_periods = 5
+        alarm.alarm_action = 'Critical'
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
+        alarm.name = 'ClusterIndexWritesBlocked'
+        alarm.metric_name = 'ClusterIndexWritesBlocked'
+        alarm.threshold = 1
+        alarm.evaluation_periods = 5
+        alarm.alarm_action = 'Critical'
+        @alarms.push(alarm)  
+        
+        alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
+        alarm.name = 'MasterNodeCPUUtilisationWarning'
+        alarm.metric_name = 'MasterCPUUtilization'
+        alarm.threshold = 75
+        alarm.evaluation_periods = 60
+        alarm.alarm_action = 'Warning'
+        @alarms.push(alarm)  
+
+        alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
+        alarm.name = 'MasterNodeCPUUtilisationCrit'
+        alarm.metric_name = 'MasterCPUUtilization'
+        alarm.threshold = 95
+        alarm.evaluation_periods = 10
+        alarm.alarm_action = 'Critical'
+        @alarms.push(alarm)  
+
+        alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
+        alarm.name = 'FreeStorageSpaceWarning'
+        alarm.metric_name = 'FreeStorageSpace'
+        alarm.threshold = 50000
+        alarm.evaluation_periods = 1
+        alarm.alarm_action = 'Warning'
+        alarm.statistic = 'Minimum'
+        alarm.comparison_operator = 'LessThanOrEqualToThreshold'
+        @alarms.push(alarm)  
+
+        alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
+        alarm.name = 'FreeStorageSpaceCrit'
+        alarm.metric_name = 'FreeStorageSpace'
+        alarm.threshold = 25000
+        alarm.evaluation_periods = 1
+        alarm.alarm_action = 'Critical'
+        alarm.comparison_operator = 'LessThanOrEqualToThreshold'
+        @alarms.push(alarm)  
+       
+        alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
+        alarm.name = 'CPUUtilizationWarning'
+        alarm.metric_name = 'CPUUtilization'
+        alarm.threshold = 75
+        alarm.evaluation_periods = 15
+        alarm.datapoints_to_alarm = 3
+        alarm.alarm_action = 'Warning'
+        alarm.statistic = 'Average'
+        @alarms.push(alarm)  
+
+        alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
+        alarm.name = 'CPUUtilizationCrit'
+        alarm.metric_name = 'CPUUtilization'
+        alarm.threshold = 95
+        alarm.evaluation_periods = 5
+        alarm.datapoints_to_alarm = 3
+        alarm.alarm_action = 'Critical'
+        alarm.statistic = 'Average'
+        @alarms.push(alarm)  
+
+        alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
+        alarm.name = 'KMSKeyError'
+        alarm.metric_name = 'KMSKeyError'
+        alarm.threshold = 1
+        alarm.evaluation_periods = 1
+        alarm.alarm_action = 'Warning'
+        alarm.statistic = 'Minimum'
+        @alarms.push(alarm)  
+
+        alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
+        alarm.name = 'KMSKeyInaccessible'
+        alarm.metric_name = 'KMSKeyInaccessible'
+        alarm.threshold = 1
+        alarm.evaluation_periods = 1
+        alarm.alarm_action = 'Critical'
+        alarm.statistic = 'Minimum'
+        alarm.enabled = false
+        @alarms.push(alarm)  
+
+        alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
+        alarm.name = 'ClusterStatusRed'
+        alarm.metric_name = 'ClusterStatus.red'
+        alarm.threshold = 1
+        alarm.evaluation_periods = 1
+        alarm.alarm_action = 'Critical'
+        alarm.statistic = 'Minimum'
+        @alarms.push(alarm)  
+
+        alarm = CfnGuardian::Models::ElasticSearchAlarm.new(@resource)
+        alarm.name = 'ClusterStatusYellow'
+        alarm.metric_name = 'ClusterStatus.yellow'
+        alarm.threshold = 1
+        alarm.evaluation_periods = 1
+        alarm.alarm_action = 'Warning'
+        alarm.statistic = 'Minimum'
+        @alarms.push(alarm)  
+
+    end
+  end
+end

data/lib/cfnguardian/resources/vpn_connection.rb

@@ -0,0 +1,18 @@
+module CfnGuardian::Resource
+    class VPNConnection < Base
+      
+      def default_alarms    
+        alarm = CfnGuardian::Models::VPNConnectionAlarm.new(@resource)
+        alarm.name = 'VPNConnectionState'
+        alarm.metric_name = 'TunnelState'
+        alarm.comparison_operator = 'LessThanThreshold'
+        alarm.statistic = 'Average'
+        alarm.threshold = 0.5
+        alarm.evaluation_periods = 3
+        alarm.treat_missing_data = 'breaching'
+        alarm.datapoints_to_alarm = 3
+        @alarms.push(alarm)
+      end
+      
+    end
+end

data/lib/cfnguardian/version.rb

@@ -1,4 +1,4 @@
 module CfnGuardian
-  VERSION = "0.6.8"
+  VERSION = "0.6.13"
   CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-guardian
 version: !ruby/object:Gem::Version
-  version: 0.6.8
+  version: 0.6.13
 platform: ruby
 authors:
 - Guslington
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2021-05-31 00:00:00.000000000 Z
+date: 2021-07-06 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -285,8 +285,10 @@ files:
 - lib/cfnguardian/resources/ec2_instance.rb
 - lib/cfnguardian/resources/ecs_cluster.rb
 - lib/cfnguardian/resources/ecs_service.rb
+- lib/cfnguardian/resources/eks_container_insights.rb
 - lib/cfnguardian/resources/elastic_file_system.rb
 - lib/cfnguardian/resources/elastic_loadbalancer.rb
+- lib/cfnguardian/resources/elastic_search.rb
 - lib/cfnguardian/resources/elasticache_replication_group.rb
 - lib/cfnguardian/resources/glue.rb
 - lib/cfnguardian/resources/http.rb
@@ -307,6 +309,7 @@ files:
 - lib/cfnguardian/resources/sqs_queue.rb
 - lib/cfnguardian/resources/step_functions.rb
 - lib/cfnguardian/resources/tls.rb
+- lib/cfnguardian/resources/vpn_connection.rb
 - lib/cfnguardian/resources/vpn_tunnel.rb
 - lib/cfnguardian/s3.rb
 - lib/cfnguardian/stacks/main.rb