cfn-guardian 0.7.9 → 0.7.13

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 87b0a72c2cf978be553f83a589a2d45643358ce43434ebd4fd6d3cf8974eee27
-  data.tar.gz: c69af701ac2d137887d935c6afc6ea0503e9529c2aa685f86c0f134bc5e0905a
+  metadata.gz: 4a230076e5d4d93c1a41be549943f3dbb745662a8faaf04afc176a1b75d3cc8f
+  data.tar.gz: 036a95941c4c8e50641d4ee7e0bfdb4e2f842b125756898599af3055843ca8f0
 SHA512:
-  metadata.gz: 11e0c2f2ef8d6b665fde021c661a4ad0c49201bc33281feab09c37ca07d9beebb64e7b2085bbd5076b89f64b2ab2e20a68f98d30c265427e25f22dfe60fc2c8e
-  data.tar.gz: fca7427abb12c5616e4162fbf0ce3a7b9e33cafc6929c301ab3084f59f642eedad0a4c68130499f3a0e5afbf3889b7af7409951b601550f2fc61deefaf633252
+  metadata.gz: d54543ea87af6922725b6d5955b0f473d037be50de85eca77e6925f5534307ed37648085befc64a3f6753ccd0224ef00f65b666e1109324925596858c2cdd85b
+  data.tar.gz: bc5d74d51b7559bb5d3ddcabfc8ef9a0cac3b4e1f679e1267d41149a3f6ebc2108962cbd19e4eda8eb1b96c4e574711ee7fc63e8a955495e54796f33ecd217b9

data/Dockerfile

@@ -1,6 +1,6 @@
 FROM ruby:2.7-alpine
 
-ARG GUARDIAN_VERSION="0.7.7"
+ARG GUARDIAN_VERSION="0.7.11"
 
 COPY . /src
 

data/README.md

@@ -29,6 +29,7 @@ CfnGuardian is a AWS monitoring tool with a few capabilities:
 - Network TargetGroups
 - AutoScalingGroups
 - CloudFront Distributions
+- DocumentDB Clusters
 - DynamoDB Tables
 - EC2 Instances
 - ECS Clusters

data/docs/event_subscriptions.md

@@ -10,14 +10,14 @@ As with the default alarms in Guardian, there are default events for some resour
 
 ## Overriding Defaults
 
-Default properites of the events can be overridden through the config YAML using the `EventsSubscription` top level key.
+Default properties of the events can be overridden through the config YAML using the `EventsSubscriptions` top level key.
 For example here we are changing the topic the event is being send to.
 
 ```yaml
 Topics:
     CustomEvents: arn:aws:sns....
 
-EventSubscription:
+EventSubscriptions:
   Ec2Instance:
     InstanceTerminated:
       Topic: CustomEvents
@@ -28,12 +28,24 @@ EventSubscription:
 Default events can be disabled, the same way default alarms can be disabled through the config YAML.
 
 ```yaml
-EventSubscription:
+EventSubscriptions:
   Ec2Instance:
     # set the instance terminated event to false to disable the event
     InstanceTerminated: false
 ```
 
+## Enabling Default Events
+
+Some templates may have events that are disabled by default, they can be enabled using a slightly different syntax to disabling.
+
+```yaml
+EventSubscriptions:
+  RDSInstance:
+    # set the replication failure event to true to enable the event
+    ReplicationFailure: 
+      Enabled: true
+```
+
 ## Creating Custom Events
 
 Custom events can be created if there are not defaults for that event. They can be inherited from a default event or from the base event model.
@@ -44,7 +56,7 @@ This is useful if you want to create a new event and a default event already has
 The following example inherits the `MasterPasswordReset` RDS event and creates a new event that captures the security group add to an rds instance event.
 
 ```yaml
-EventSubscription:
+EventSubscriptions:
   RDSInstance:
     # Create a new event name
     DBNewSecurityGroup:
@@ -59,7 +71,7 @@ EventSubscription:
 If there are no default events that match the format you require you can create an event of the base event subscription model.
 
 ```yaml
-EventSubscription:
+EventSubscriptions:
   ECSCluster:
     ContainerInstanceStateChange:
       Source: aws.ecs

data/docs/overview.md

@@ -6,7 +6,7 @@
 3. [Alarm Templates](alarm_templates.md)
 4. Custom Checks
     1. [HTTP](custom_checks/http.md)
-    2. [Domain Expirey](custom_checks/domain_expirey.md)
+    2. [Domain Expiry](custom_checks/domain_expiry.md)
     3. [LogGroup Metric Filters](custom_checks/log_group_metric_filters.md)
     4. [NRPE](custom_checks/nrpe.md)
     5. [Port](custom_checks/port.md)

data/docs/resources.md

@@ -39,6 +39,7 @@ Resources:
 | ApiGateway                  | Id               |
 | AmazonMQBroker              | Id               |
 | AutoScalingGroup            | Id               |
+| DocumentDBCluster           | Id               |
 | DynamoDBTable               | Id               |
 | ElastiCacheReplicationGroup | Id               |
 | ElasticFileSystem           | Id               |
@@ -55,6 +56,8 @@ Resources:
 | CloudFrontDistribution      | Id               |
 | SQSQueue                    | Id               |
 | ElasticSearch               | Id, Domain       |
+| DMSCluster                  | Id               |
+| DMSTask                     | Id, Instance     |
 
 
 ## Custom Resource Groups

data/lib/cfnguardian/compile.rb

@@ -12,6 +12,9 @@ require 'cfnguardian/resources/autoscaling_group'
 require 'cfnguardian/resources/cloudfront_distribution'
 require 'cfnguardian/resources/autoscaling_group'
 require 'cfnguardian/resources/domain_expiry'
+require 'cfnguardian/resources/dms_task'
+require 'cfnguardian/resources/dms_cluster'
+require 'cfnguardian/resources/documentdb_cluster'
 require 'cfnguardian/resources/dynamodb_table'
 require 'cfnguardian/resources/ec2_instance'
 require 'cfnguardian/resources/ecs_cluster'

data/lib/cfnguardian/config/defaults.yaml

@@ -19,6 +19,8 @@ Resources:
   - Id: Default
   CloudFrontDistribution:
   - Id: Default
+  DocumentDBCluster:
+  - Id: Default
   DomainExpiry:
   - Id: Default
   DynamoDBTable:

data/lib/cfnguardian/models/alarm.rb

@@ -153,6 +153,38 @@ module CfnGuardian
         @dimensions = { AutoScalingGroupName: resource['Id'] }
       end
     end
+
+    class DMSTaskAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'DMSTask'
+        @namespace = 'AWS/DMS'
+        @dimensions = { 
+          ReplicationTaskIdentifier: resource['Id'],
+          ReplicationInstanceIdentifier: resource['Instance']
+         }
+      end
+    end
+
+    class DMSClusterAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'DMSCluster'
+        @namespace = 'AWS/DMS'
+        @dimensions = { 
+          ReplicationInstanceIdentifier: resource['Id']
+         }
+      end
+    end
+
+    class DocumentDBClusterAlarm < BaseAlarm
+      def initialize(resource)
+        super(resource)
+        @group = 'DocumentDBCluster'
+        @namespace = 'AWS/DocDB'
+        @dimensions = { DBClusterIdentifier: resource['Id'] }
+      end
+    end
     
     class DomainExpiryAlarm < BaseAlarm
       def initialize(resource)

data/lib/cfnguardian/resources/dms_cluster.rb

@@ -0,0 +1,40 @@
+module CfnGuardian::Resource
+  class DMSCluster < Base
+    
+    def default_alarms 
+      alarm = CfnGuardian::Models::DMSClusterAlarm.new(@resource)
+      alarm.name = 'CPUUtilizationHighSpike'
+      alarm.metric_name = 'CPUUtilization'
+      alarm.threshold = 90
+      alarm.statistic = 'Minimum'
+      alarm.evaluation_periods = 10
+      @alarms.push(alarm)
+      
+      alarm = CfnGuardian::Models::DMSClusterAlarm.new(@resource)
+      alarm.name = 'CPUUtilizationHighBase'
+      alarm.metric_name = 'CPUUtilization'
+      alarm.threshold = 95
+      alarm.evaluation_periods = 2
+      alarm.statistic = 'Maximum'
+      alarm.alarm_action = 'Warning'
+      @alarms.push(alarm)
+      
+      alarm = CfnGuardian::Models::DMSClusterAlarm.new(@resource)
+      alarm.name = 'FreeStorageSpaceCrit'
+      alarm.metric_name = 'FreeStorageSpace'
+      alarm.statistic = 'Minimum'
+      alarm.threshold = 10000000000
+      alarm.evaluation_periods = 1
+      @alarms.push(alarm)
+      
+      alarm = CfnGuardian::Models::DMSClusterAlarm.new(@resource)
+      alarm.name = 'FreeStorageSpaceWarn'
+      alarm.metric_name = 'FreeStorageSpace'
+      alarm.statistic = 'Minimum'
+      alarm.threshold = 20000000000
+      alarm.evaluation_periods = 1
+      alarm.alarm_action = 'Warning'
+      @alarms.push(alarm)
+    end
+  end
+end

data/lib/cfnguardian/resources/dms_task.rb

@@ -0,0 +1,42 @@
+module CfnGuardian::Resource
+  class DMSTask < Base
+    
+    def default_alarms             
+      alarm = CfnGuardian::Models::DMSTaskAlarm.new(@resource)
+      alarm.name = 'CDCLatencySourceCritical'
+      alarm.metric_name = 'CDCLatencySource'
+      alarm.statistic = 'Minimum'
+      alarm.threshold = 30
+      alarm.evaluation_periods = 10
+      alarm.enabled = false
+      @alarms.push(alarm)
+      
+      alarm = CfnGuardian::Models::DMSTaskAlarm.new(@resource)
+      alarm.name = 'CDCLatencySourceWarn'
+      alarm.metric_name = 'CDCLatencySource'
+      alarm.statistic = 'Minimum'
+      alarm.threshold = 30
+      alarm.evaluation_periods = 1
+      alarm.enabled = false
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::DMSTaskAlarm.new(@resource)
+      alarm.name = 'CDCLatencyTargetCritical'
+      alarm.metric_name = 'CDCLatencyTarget'
+      alarm.statistic = 'Minimum'
+      alarm.threshold = 30
+      alarm.evaluation_periods = 10
+      alarm.enabled = false
+      @alarms.push(alarm)
+
+      alarm = CfnGuardian::Models::DMSTaskAlarm.new(@resource)
+      alarm.name = 'CDCLatencyTargetWarn'
+      alarm.metric_name = 'CDCLatencyTarget'
+      alarm.statistic = 'Minimum'
+      alarm.threshold = 30
+      alarm.evaluation_periods = 1
+      alarm.enabled = false
+      @alarms.push(alarm)
+    end
+  end
+end

data/lib/cfnguardian/resources/documentdb_cluster.rb

@@ -0,0 +1,40 @@
+module CfnGuardian::Resource
+    class DocumentDBCluster < Base
+      
+      def default_alarms    
+        alarm = CfnGuardian::Models::DocumentDBClusterAlarm.new(@resource)
+        alarm.name = 'CPUUtilizationHighBase'
+        alarm.metric_name = 'CPUUtilization'
+        alarm.threshold = 75
+        alarm.evaluation_periods = 60
+        alarm.alarm_action = 'Warning'
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::DocumentDBClusterAlarm.new(@resource)
+        alarm.name = 'CPUUtilizationHighSpike'
+        alarm.metric_name = 'CPUUtilization'
+        alarm.threshold = 95
+        alarm.evaluation_periods = 10
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::DocumentDBClusterAlarm.new(@resource)
+        alarm.name = 'DatabaseConnections'
+        alarm.metric_name = 'DatabaseConnections'
+        alarm.statistic = 'Minimum'
+        alarm.threshold = 50
+        alarm.evaluation_periods = 10
+        @alarms.push(alarm)
+
+        alarm = CfnGuardian::Models::DocumentDBClusterAlarm.new(@resource)
+        alarm.name = 'FreeableMemory'
+        alarm.metric_name = 'FreeableMemory'
+        alarm.threshold = 1000000000
+        alarm.evaluation_periods = 3
+        alarm.comparison_operator = 'LessThanThreshold'
+        @alarms.push(alarm)
+      end
+      
+    end
+  end
+  
+  

data/lib/cfnguardian/resources/ec2_instance.rb

@@ -14,8 +14,9 @@ module CfnGuardian
         alarm = CfnGuardian::Models::Ec2InstanceAlarm.new(@resource)
         alarm.name = 'StatusCheckFailed'
         alarm.metric_name = 'StatusCheckFailed'
-        alarm.threshold = 90
-        alarm.evaluation_periods = 10
+        alarm.threshold = 0
+        alarm.evaluation_periods = 1
+        alarm.comparison_operator = 'GreaterThanThreshold'
         @alarms.push(alarm)
 
         alarm = CfnGuardian::Models::Ec2InstanceAlarm.new(@resource)

data/lib/cfnguardian/version.rb

@@ -1,4 +1,4 @@
 module CfnGuardian
-  VERSION = "0.7.9"
+  VERSION = "0.7.13"
   CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: cfn-guardian
 version: !ruby/object:Gem::Version
-  version: 0.7.9
+  version: 0.7.13
 platform: ruby
 authors:
 - Guslington
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2022-01-13 00:00:00.000000000 Z
+date: 2022-02-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -280,6 +280,9 @@ files:
 - lib/cfnguardian/resources/base.rb
 - lib/cfnguardian/resources/batch.rb
 - lib/cfnguardian/resources/cloudfront_distribution.rb
+- lib/cfnguardian/resources/dms_cluster.rb
+- lib/cfnguardian/resources/dms_task.rb
+- lib/cfnguardian/resources/documentdb_cluster.rb
 - lib/cfnguardian/resources/domain_expiry.rb
 - lib/cfnguardian/resources/dynamodb_table.rb
 - lib/cfnguardian/resources/ec2_instance.rb