cfn-guardian 0.7.12 → 0.7.15
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.github/workflows/push.yml +36 -0
- data/Dockerfile +3 -1
- data/docs/notifiers.md +2 -2
- data/docs/overview.md +1 -1
- data/docs/resources.md +2 -0
- data/lib/cfnguardian/compile.rb +2 -0
- data/lib/cfnguardian/models/alarm.rb +28 -1
- data/lib/cfnguardian/models/check.rb +2 -2
- data/lib/cfnguardian/resources/dms_cluster.rb +40 -0
- data/lib/cfnguardian/resources/dms_task.rb +42 -0
- data/lib/cfnguardian/resources/jenkins.rb +5 -4
- data/lib/cfnguardian/version.rb +1 -1
- metadata +5 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 567efd39fc8d796033685c545fd64681422c060455c92581400dc9fe6345595b
|
|
4
|
+
data.tar.gz: 645a2e2184b33a38e1f53f2a7fd88746f9a16424d80df81070e5703857a9a1cf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 108eae0146b64f8a3d68027fd8b97509cfedb838aa7ecb0f4dff8cdb55c238112a379deb9ce5003bc04146a1bd400a4ca9983e54a24deff8dbb619136af8ba22
|
|
7
|
+
data.tar.gz: 9df078700af6df291765e7ef78ab100ef0076e54a5b846f9ed161a8d4349f04c2b46e655ea975808ee3f8388d6a56d5b77fb32c275bd0ce1357a43e0cb5ea1f9
|
|
@@ -0,0 +1,36 @@
|
|
|
1
|
+
name: build image
|
|
2
|
+
on:
|
|
3
|
+
push:
|
|
4
|
+
branches:
|
|
5
|
+
- master
|
|
6
|
+
- feature/*
|
|
7
|
+
|
|
8
|
+
jobs:
|
|
9
|
+
build:
|
|
10
|
+
name: Build + Publish Container Image
|
|
11
|
+
runs-on: ubuntu-latest
|
|
12
|
+
|
|
13
|
+
steps:
|
|
14
|
+
- name: Check out the repo
|
|
15
|
+
uses: actions/checkout@v2
|
|
16
|
+
|
|
17
|
+
- name: Inject slug/short variables
|
|
18
|
+
uses: rlespinasse/github-slug-action@v3.x
|
|
19
|
+
|
|
20
|
+
- name: Set up Docker Buildx
|
|
21
|
+
uses: docker/setup-buildx-action@v1
|
|
22
|
+
|
|
23
|
+
- name: Login to GitHub Container Repository
|
|
24
|
+
uses: docker/login-action@v1
|
|
25
|
+
with:
|
|
26
|
+
registry: ghcr.io
|
|
27
|
+
username: ${{ github.repository_owner }}
|
|
28
|
+
password: ${{ secrets.GHCR_PUSH_TOKEN }}
|
|
29
|
+
|
|
30
|
+
- name: Build and push Container Image to GitHub Container Repository
|
|
31
|
+
uses: docker/build-push-action@v2
|
|
32
|
+
with:
|
|
33
|
+
context: .
|
|
34
|
+
file: ./Dockerfile
|
|
35
|
+
push: true
|
|
36
|
+
tags: ghcr.io/base2services/guardian:snapshot_${{env.GITHUB_REF_SLUG}}
|
data/Dockerfile
CHANGED
data/docs/notifiers.md
CHANGED
|
@@ -24,10 +24,10 @@ Topics:
|
|
|
24
24
|
Informational: arn:aws:sns:ap-southeast-2:123456789012:Informational
|
|
25
25
|
Custom: arn:aws:sns:ap-southeast-2:123456789012:Custom
|
|
26
26
|
|
|
27
|
-
|
|
27
|
+
Templates:
|
|
28
28
|
Ec2Instance:
|
|
29
29
|
GroupOverrides:
|
|
30
|
-
|
|
30
|
+
AlarmAction:
|
|
31
31
|
- Critical
|
|
32
32
|
- Custom
|
|
33
33
|
```
|
data/docs/overview.md
CHANGED
|
@@ -6,7 +6,7 @@
|
|
|
6
6
|
3. [Alarm Templates](alarm_templates.md)
|
|
7
7
|
4. Custom Checks
|
|
8
8
|
1. [HTTP](custom_checks/http.md)
|
|
9
|
-
2. [Domain
|
|
9
|
+
2. [Domain Expiry](custom_checks/domain_expiry.md)
|
|
10
10
|
3. [LogGroup Metric Filters](custom_checks/log_group_metric_filters.md)
|
|
11
11
|
4. [NRPE](custom_checks/nrpe.md)
|
|
12
12
|
5. [Port](custom_checks/port.md)
|
data/docs/resources.md
CHANGED
data/lib/cfnguardian/compile.rb
CHANGED
|
@@ -12,6 +12,8 @@ require 'cfnguardian/resources/autoscaling_group'
|
|
|
12
12
|
require 'cfnguardian/resources/cloudfront_distribution'
|
|
13
13
|
require 'cfnguardian/resources/autoscaling_group'
|
|
14
14
|
require 'cfnguardian/resources/domain_expiry'
|
|
15
|
+
require 'cfnguardian/resources/dms_task'
|
|
16
|
+
require 'cfnguardian/resources/dms_cluster'
|
|
15
17
|
require 'cfnguardian/resources/documentdb_cluster'
|
|
16
18
|
require 'cfnguardian/resources/dynamodb_table'
|
|
17
19
|
require 'cfnguardian/resources/ec2_instance'
|
|
@@ -154,6 +154,29 @@ module CfnGuardian
|
|
|
154
154
|
end
|
|
155
155
|
end
|
|
156
156
|
|
|
157
|
+
class DMSTaskAlarm < BaseAlarm
|
|
158
|
+
def initialize(resource)
|
|
159
|
+
super(resource)
|
|
160
|
+
@group = 'DMSTask'
|
|
161
|
+
@namespace = 'AWS/DMS'
|
|
162
|
+
@dimensions = {
|
|
163
|
+
ReplicationTaskIdentifier: resource['Id'],
|
|
164
|
+
ReplicationInstanceIdentifier: resource['Instance']
|
|
165
|
+
}
|
|
166
|
+
end
|
|
167
|
+
end
|
|
168
|
+
|
|
169
|
+
class DMSClusterAlarm < BaseAlarm
|
|
170
|
+
def initialize(resource)
|
|
171
|
+
super(resource)
|
|
172
|
+
@group = 'DMSCluster'
|
|
173
|
+
@namespace = 'AWS/DMS'
|
|
174
|
+
@dimensions = {
|
|
175
|
+
ReplicationInstanceIdentifier: resource['Id']
|
|
176
|
+
}
|
|
177
|
+
end
|
|
178
|
+
end
|
|
179
|
+
|
|
157
180
|
class DocumentDBClusterAlarm < BaseAlarm
|
|
158
181
|
def initialize(resource)
|
|
159
182
|
super(resource)
|
|
@@ -506,7 +529,11 @@ module CfnGuardian
|
|
|
506
529
|
super(resource)
|
|
507
530
|
@group = 'Jenkins'
|
|
508
531
|
@namespace = 'Ciinabox/Jenkins'
|
|
509
|
-
@dimensions = {
|
|
532
|
+
@dimensions = {
|
|
533
|
+
Jenkins: resource['Id'],
|
|
534
|
+
Label: resource['Label'],
|
|
535
|
+
Monitoring: 'JenkMon'
|
|
536
|
+
}
|
|
510
537
|
end
|
|
511
538
|
end
|
|
512
539
|
|
|
@@ -64,7 +64,7 @@ module CfnGuardian
|
|
|
64
64
|
@package = 'port-check'
|
|
65
65
|
@handler = 'handler.port_check'
|
|
66
66
|
@version = '356203b2a720ba0730622f978e677b88f8d0c328'
|
|
67
|
-
@runtime = 'python3.
|
|
67
|
+
@runtime = 'python3.7'
|
|
68
68
|
end
|
|
69
69
|
end
|
|
70
70
|
|
|
@@ -152,7 +152,7 @@ module CfnGuardian
|
|
|
152
152
|
@package = 'ecs-containder-instance-check'
|
|
153
153
|
@handler = 'handler.run_check'
|
|
154
154
|
@version = '4f650d5846d6e8d19f0139bccdeeb147f03f0dd6'
|
|
155
|
-
@runtime = 'python3.
|
|
155
|
+
@runtime = 'python3.7'
|
|
156
156
|
end
|
|
157
157
|
end
|
|
158
158
|
|
|
@@ -0,0 +1,40 @@
|
|
|
1
|
+
module CfnGuardian::Resource
|
|
2
|
+
class DMSCluster < Base
|
|
3
|
+
|
|
4
|
+
def default_alarms
|
|
5
|
+
alarm = CfnGuardian::Models::DMSClusterAlarm.new(@resource)
|
|
6
|
+
alarm.name = 'CPUUtilizationHighSpike'
|
|
7
|
+
alarm.metric_name = 'CPUUtilization'
|
|
8
|
+
alarm.threshold = 90
|
|
9
|
+
alarm.statistic = 'Minimum'
|
|
10
|
+
alarm.evaluation_periods = 10
|
|
11
|
+
@alarms.push(alarm)
|
|
12
|
+
|
|
13
|
+
alarm = CfnGuardian::Models::DMSClusterAlarm.new(@resource)
|
|
14
|
+
alarm.name = 'CPUUtilizationHighBase'
|
|
15
|
+
alarm.metric_name = 'CPUUtilization'
|
|
16
|
+
alarm.threshold = 95
|
|
17
|
+
alarm.evaluation_periods = 2
|
|
18
|
+
alarm.statistic = 'Maximum'
|
|
19
|
+
alarm.alarm_action = 'Warning'
|
|
20
|
+
@alarms.push(alarm)
|
|
21
|
+
|
|
22
|
+
alarm = CfnGuardian::Models::DMSClusterAlarm.new(@resource)
|
|
23
|
+
alarm.name = 'FreeStorageSpaceCrit'
|
|
24
|
+
alarm.metric_name = 'FreeStorageSpace'
|
|
25
|
+
alarm.statistic = 'Minimum'
|
|
26
|
+
alarm.threshold = 10000000000
|
|
27
|
+
alarm.evaluation_periods = 1
|
|
28
|
+
@alarms.push(alarm)
|
|
29
|
+
|
|
30
|
+
alarm = CfnGuardian::Models::DMSClusterAlarm.new(@resource)
|
|
31
|
+
alarm.name = 'FreeStorageSpaceWarn'
|
|
32
|
+
alarm.metric_name = 'FreeStorageSpace'
|
|
33
|
+
alarm.statistic = 'Minimum'
|
|
34
|
+
alarm.threshold = 20000000000
|
|
35
|
+
alarm.evaluation_periods = 1
|
|
36
|
+
alarm.alarm_action = 'Warning'
|
|
37
|
+
@alarms.push(alarm)
|
|
38
|
+
end
|
|
39
|
+
end
|
|
40
|
+
end
|
|
@@ -0,0 +1,42 @@
|
|
|
1
|
+
module CfnGuardian::Resource
|
|
2
|
+
class DMSTask < Base
|
|
3
|
+
|
|
4
|
+
def default_alarms
|
|
5
|
+
alarm = CfnGuardian::Models::DMSTaskAlarm.new(@resource)
|
|
6
|
+
alarm.name = 'CDCLatencySourceCritical'
|
|
7
|
+
alarm.metric_name = 'CDCLatencySource'
|
|
8
|
+
alarm.statistic = 'Minimum'
|
|
9
|
+
alarm.threshold = 30
|
|
10
|
+
alarm.evaluation_periods = 10
|
|
11
|
+
alarm.enabled = false
|
|
12
|
+
@alarms.push(alarm)
|
|
13
|
+
|
|
14
|
+
alarm = CfnGuardian::Models::DMSTaskAlarm.new(@resource)
|
|
15
|
+
alarm.name = 'CDCLatencySourceWarn'
|
|
16
|
+
alarm.metric_name = 'CDCLatencySource'
|
|
17
|
+
alarm.statistic = 'Minimum'
|
|
18
|
+
alarm.threshold = 30
|
|
19
|
+
alarm.evaluation_periods = 1
|
|
20
|
+
alarm.enabled = false
|
|
21
|
+
@alarms.push(alarm)
|
|
22
|
+
|
|
23
|
+
alarm = CfnGuardian::Models::DMSTaskAlarm.new(@resource)
|
|
24
|
+
alarm.name = 'CDCLatencyTargetCritical'
|
|
25
|
+
alarm.metric_name = 'CDCLatencyTarget'
|
|
26
|
+
alarm.statistic = 'Minimum'
|
|
27
|
+
alarm.threshold = 30
|
|
28
|
+
alarm.evaluation_periods = 10
|
|
29
|
+
alarm.enabled = false
|
|
30
|
+
@alarms.push(alarm)
|
|
31
|
+
|
|
32
|
+
alarm = CfnGuardian::Models::DMSTaskAlarm.new(@resource)
|
|
33
|
+
alarm.name = 'CDCLatencyTargetWarn'
|
|
34
|
+
alarm.metric_name = 'CDCLatencyTarget'
|
|
35
|
+
alarm.statistic = 'Minimum'
|
|
36
|
+
alarm.threshold = 30
|
|
37
|
+
alarm.evaluation_periods = 1
|
|
38
|
+
alarm.enabled = false
|
|
39
|
+
@alarms.push(alarm)
|
|
40
|
+
end
|
|
41
|
+
end
|
|
42
|
+
end
|
|
@@ -1,14 +1,15 @@
|
|
|
1
1
|
module CfnGuardian::Resource
|
|
2
2
|
class Jenkins < Base
|
|
3
|
-
|
|
4
3
|
def default_alarms
|
|
4
|
+
# evaluate this alarm every hour but only alert if there is no data point after 25 hours
|
|
5
5
|
alarm = CfnGuardian::Models::JenkinsAlarm.new(@resource)
|
|
6
|
-
alarm.name = '
|
|
7
|
-
alarm.metric_name = '
|
|
6
|
+
alarm.name = 'HealthyAgent'
|
|
7
|
+
alarm.metric_name = 'HealthyAgent'
|
|
8
8
|
alarm.statistic = 'Maximum'
|
|
9
9
|
alarm.treat_missing_data = 'breaching'
|
|
10
10
|
alarm.alarm_action = 'Warning'
|
|
11
|
-
alarm.period = 3600
|
|
11
|
+
alarm.period = 3600 # 1 hour
|
|
12
|
+
alarm.evaluation_periods = 24 # 24 hours
|
|
12
13
|
alarm.comparison_operator = 'LessThanThreshold'
|
|
13
14
|
alarm.threshold = 1
|
|
14
15
|
@alarms.push(alarm)
|
data/lib/cfnguardian/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-guardian
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.
|
|
4
|
+
version: 0.7.15
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Guslington
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-
|
|
11
|
+
date: 2022-05-04 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|
|
@@ -222,6 +222,7 @@ extra_rdoc_files: []
|
|
|
222
222
|
files:
|
|
223
223
|
- ".dockerignore"
|
|
224
224
|
- ".github/workflows/build-gem.yml"
|
|
225
|
+
- ".github/workflows/push.yml"
|
|
225
226
|
- ".github/workflows/release-gem.yml"
|
|
226
227
|
- ".github/workflows/release-image.yml"
|
|
227
228
|
- ".gitignore"
|
|
@@ -280,6 +281,8 @@ files:
|
|
|
280
281
|
- lib/cfnguardian/resources/base.rb
|
|
281
282
|
- lib/cfnguardian/resources/batch.rb
|
|
282
283
|
- lib/cfnguardian/resources/cloudfront_distribution.rb
|
|
284
|
+
- lib/cfnguardian/resources/dms_cluster.rb
|
|
285
|
+
- lib/cfnguardian/resources/dms_task.rb
|
|
283
286
|
- lib/cfnguardian/resources/documentdb_cluster.rb
|
|
284
287
|
- lib/cfnguardian/resources/domain_expiry.rb
|
|
285
288
|
- lib/cfnguardian/resources/dynamodb_table.rb
|