cfn-guardian 0.7.1 → 0.7.5
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.gitignore +2 -1
- data/Dockerfile +1 -1
- data/docs/custom_checks/http.md +2 -0
- data/docs/custom_checks/log_group_metric_filters.md +12 -2
- data/lib/cfnguardian/compile.rb +1 -0
- data/lib/cfnguardian/models/alarm.rb +9 -0
- data/lib/cfnguardian/models/check.rb +1 -1
- data/lib/cfnguardian/models/event.rb +2 -0
- data/lib/cfnguardian/resources/amazonmq_broker.rb +1 -1
- data/lib/cfnguardian/resources/apigateway.rb +1 -0
- data/lib/cfnguardian/resources/base.rb +3 -0
- data/lib/cfnguardian/resources/jenkins.rb +17 -0
- data/lib/cfnguardian/resources/lambda.rb +5 -0
- data/lib/cfnguardian/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 6d76bc093ba8dfbbc3cd69f13a46de04ed09c66e858a429841345e372b5cd989
|
4
|
+
data.tar.gz: ef0871d219f893b3f048fa6e6aed1985321ca731e3aa7579e4b345593719bc4f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: a6c49d85573e1032d893a1142a8b578be35cdf795dbc42e82159309bd8e98d8894cf8260eb6c0762ffdc3e23b538317347db5696ada71cdf7bab03375a5843cb
|
7
|
+
data.tar.gz: 959866a604e7cd3c668ba2e99ac28ca1f74ae5ac6fe65fd452840e9d3b4d2a9d248f93a5591319bcc04e92cd210c3341eaa0e9c2d5ff9be8f63f342468212d51
|
data/.gitignore
CHANGED
data/Dockerfile
CHANGED
data/docs/custom_checks/http.md
CHANGED
@@ -32,6 +32,8 @@ Resources:
|
|
32
32
|
Method: post
|
33
33
|
# specify headers using "key=value key=value"
|
34
34
|
Headers: content-type=application/json
|
35
|
+
# specify a useragent that contains spaces
|
36
|
+
UserAgent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:15.0) Gecko/20100101 Base2/Lambda
|
35
37
|
# pass in custom payload for the request
|
36
38
|
Payload: '{"name": "john"}'
|
37
39
|
```
|
@@ -15,10 +15,20 @@ Resources:
|
|
15
15
|
# Name of the cloud watch metric
|
16
16
|
- MetricName: MyFunctionErrors
|
17
17
|
# search pattern, see aws docs for syntax
|
18
|
-
Pattern: error
|
18
|
+
Pattern: 'error'
|
19
19
|
# metric to push to cloudwatch. Optional as it defaults to 1
|
20
20
|
MetricValue: 1
|
21
|
-
|
21
|
+
- Id: /prod/custom/app
|
22
|
+
# List of metric filters
|
23
|
+
MetricFilters:
|
24
|
+
# Name of the cloud watch metric
|
25
|
+
- MetricName: MyAppErrors
|
26
|
+
# search pattern, see aws docs for syntax
|
27
|
+
# note; any non-alphanumeric characters have to be wrapped in double quotes WITHIN single quotes
|
28
|
+
Pattern: '"Connection to ssl://mail.google.com:465 Timed Out"'
|
29
|
+
# metric to push to cloudwatch. Optional as it defaults to 1
|
30
|
+
MetricValue: 1
|
31
|
+
|
22
32
|
Templates:
|
23
33
|
LogGroup:
|
24
34
|
# use the MetricName name to override the alarm defaults
|
data/lib/cfnguardian/compile.rb
CHANGED
@@ -44,6 +44,7 @@ require 'cfnguardian/resources/step_functions'
|
|
44
44
|
require 'cfnguardian/resources/vpn_tunnel'
|
45
45
|
require 'cfnguardian/resources/vpn_connection'
|
46
46
|
require 'cfnguardian/resources/elastic_search'
|
47
|
+
require 'cfnguardian/resources/jenkins'
|
47
48
|
require 'cfnguardian/version'
|
48
49
|
require 'cfnguardian/error'
|
49
50
|
|
@@ -485,6 +485,15 @@ module CfnGuardian
|
|
485
485
|
end
|
486
486
|
end
|
487
487
|
|
488
|
+
class JenkinsAlarm < BaseAlarm
|
489
|
+
def initialize(resource)
|
490
|
+
super(resource)
|
491
|
+
@group = 'Jenkins'
|
492
|
+
@namespace = 'Ciinabox/Jenkins'
|
493
|
+
@dimensions = { Jenkins: resource['Id'], Monitoring: 'JenkMon' }
|
494
|
+
end
|
495
|
+
end
|
496
|
+
|
488
497
|
class VPNTunnelAlarm < BaseAlarm
|
489
498
|
def initialize(resource)
|
490
499
|
super(resource)
|
@@ -52,6 +52,7 @@ module CfnGuardian
|
|
52
52
|
@status_code = resource.fetch('StatusCode',200)
|
53
53
|
@body_regex = resource.fetch('BodyRegex',nil)
|
54
54
|
@headers = resource.fetch('Headers',nil)
|
55
|
+
@user_agent = resource.fetch('UserAgent',nil)
|
55
56
|
@payload = resource.fetch('Payload',nil)
|
56
57
|
@compressed = resource.fetch('Compressed',false)
|
57
58
|
end
|
@@ -65,6 +66,7 @@ module CfnGuardian
|
|
65
66
|
}
|
66
67
|
payload['BODY_REGEX_MATCH'] = @body_regex unless @body_regex.nil?
|
67
68
|
payload['HEADERS'] = @headers unless @headers.nil?
|
69
|
+
payload['USER_AGENT'] = @user_agent unless @user_agent.nil?
|
68
70
|
payload['PAYLOAD'] = @payload unless @payload.nil?
|
69
71
|
payload['COMPRESSED'] = '1' if @compressed
|
70
72
|
return payload.to_json
|
@@ -13,7 +13,7 @@ module CfnGuardian::Resource
|
|
13
13
|
@alarms.push(alarm)
|
14
14
|
|
15
15
|
alarm = CfnGuardian::Models::AmazonMQBrokerAlarm.new(@resource)
|
16
|
-
alarm.name = '
|
16
|
+
alarm.name = 'CpuCreditBalanceWarning'
|
17
17
|
alarm.metric_name = 'CpuCreditBalance'
|
18
18
|
alarm.comparison_operator = 'LessThanThreshold'
|
19
19
|
alarm.statistic = 'Minimum'
|
@@ -26,6 +26,9 @@ module CfnGuardian::Resource
|
|
26
26
|
end
|
27
27
|
|
28
28
|
def get_alarms(group,overides={})
|
29
|
+
# deep copying the overrides to preserse it's reference before doing any changes to it
|
30
|
+
overides = Marshal.load(Marshal.dump(overides))
|
31
|
+
|
29
32
|
# generate default alarms
|
30
33
|
default_alarms()
|
31
34
|
|
@@ -0,0 +1,17 @@
|
|
1
|
+
module CfnGuardian::Resource
|
2
|
+
class Jenkins < Base
|
3
|
+
|
4
|
+
def default_alarms
|
5
|
+
alarm = CfnGuardian::Models::JenkinsAlarm.new(@resource)
|
6
|
+
alarm.name = 'NoSuccess'
|
7
|
+
alarm.metric_name = 'Success'
|
8
|
+
alarm.statistic = 'Maximum'
|
9
|
+
alarm.treat_missing_data = 'breaching'
|
10
|
+
alarm.alarm_action = 'Warning'
|
11
|
+
alarm.period = 3600
|
12
|
+
alarm.comparison_operator = 'LessThanThreshold'
|
13
|
+
alarm.threshold = 1
|
14
|
+
@alarms.push(alarm)
|
15
|
+
end
|
16
|
+
end
|
17
|
+
end
|
@@ -6,24 +6,28 @@ module CfnGuardian::Resource
|
|
6
6
|
alarm.name = 'LambdaErrors'
|
7
7
|
alarm.metric_name = 'Errors'
|
8
8
|
alarm.threshold = 0.5
|
9
|
+
alarm.treat_missing_data = 'notBreaching'
|
9
10
|
@alarms.push(alarm)
|
10
11
|
|
11
12
|
alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
|
12
13
|
alarm.name = 'Throttles'
|
13
14
|
alarm.metric_name = 'Throttles'
|
14
15
|
alarm.threshold = 0.5
|
16
|
+
alarm.treat_missing_data = 'notBreaching'
|
15
17
|
@alarms.push(alarm)
|
16
18
|
|
17
19
|
alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
|
18
20
|
alarm.name = 'DeadLetterErrors'
|
19
21
|
alarm.metric_name = 'DeadLetterErrors'
|
20
22
|
alarm.threshold = 0.5
|
23
|
+
alarm.treat_missing_data = 'notBreaching'
|
21
24
|
@alarms.push(alarm)
|
22
25
|
|
23
26
|
alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
|
24
27
|
alarm.name = 'IteratorAge'
|
25
28
|
alarm.metric_name = 'IteratorAge'
|
26
29
|
alarm.threshold = 600000
|
30
|
+
alarm.treat_missing_data = 'notBreaching'
|
27
31
|
@alarms.push(alarm)
|
28
32
|
|
29
33
|
alarm = CfnGuardian::Models::LambdaAlarm.new(@resource)
|
@@ -31,6 +35,7 @@ module CfnGuardian::Resource
|
|
31
35
|
alarm.metric_name = 'Duration'
|
32
36
|
alarm.statistic = 'Average'
|
33
37
|
alarm.threshold = 30
|
38
|
+
alarm.treat_missing_data = 'notBreaching'
|
34
39
|
@alarms.push(alarm)
|
35
40
|
end
|
36
41
|
|
data/lib/cfnguardian/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: cfn-guardian
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.7.
|
4
|
+
version: 0.7.5
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Guslington
|
8
8
|
autorequire:
|
9
9
|
bindir: exe
|
10
10
|
cert_chain: []
|
11
|
-
date: 2021-
|
11
|
+
date: 2021-11-24 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: thor
|
@@ -295,6 +295,7 @@ files:
|
|
295
295
|
- lib/cfnguardian/resources/internal_http.rb
|
296
296
|
- lib/cfnguardian/resources/internal_port.rb
|
297
297
|
- lib/cfnguardian/resources/internal_sftp.rb
|
298
|
+
- lib/cfnguardian/resources/jenkins.rb
|
298
299
|
- lib/cfnguardian/resources/lambda.rb
|
299
300
|
- lib/cfnguardian/resources/log_group.rb
|
300
301
|
- lib/cfnguardian/resources/network_targetgroup.rb
|