cfn-guardian 0.11.5 → 0.11.6
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -1
- data/docs/resources.md +1 -0
- data/lib/cfnguardian/compile.rb +18 -1
- data/lib/cfnguardian/models/alarm.rb +9 -0
- data/lib/cfnguardian/models/event_subscription.rb +1 -0
- data/lib/cfnguardian/resources/acm.rb +39 -0
- data/lib/cfnguardian/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 9d2c40c9c770002c29f5944836df58ce457d497b8f650c4502f18fcf4e79cd71
|
|
4
|
+
data.tar.gz: c8d2396742afaeecc84ffcb30aab78a6be53af64292cd362581a75275f4332cb
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: b8e74696940031d2e2010eb005172bd98eb6478b9c0feccdb7a5c413c70d6a9db36b7ab6d51022d7f2ea761a7fd170f166b3892b06e7627da2a9b7b04d2a6222
|
|
7
|
+
data.tar.gz: 39c24609796c7019a2cbe12ff6cef57e53a8532c89bd143eeb356813798c3fd354a24c9d61d94ff1fb981da030bdf0e42183fa2504cd7fad1a6b2155053c811c
|
data/README.md
CHANGED
data/docs/resources.md
CHANGED
data/lib/cfnguardian/compile.rb
CHANGED
|
@@ -5,6 +5,7 @@ require 'cfnguardian/stacks/resources'
|
|
|
5
5
|
require 'cfnguardian/stacks/main'
|
|
6
6
|
require 'cfnguardian/models/composite'
|
|
7
7
|
require 'cfnguardian/resources/base'
|
|
8
|
+
require 'cfnguardian/resources/acm'
|
|
8
9
|
require 'cfnguardian/resources/apigateway'
|
|
9
10
|
require 'cfnguardian/resources/application_targetgroup'
|
|
10
11
|
require 'cfnguardian/resources/amazonmq_broker'
|
|
@@ -139,6 +140,9 @@ module CfnGuardian
|
|
|
139
140
|
@cost += resource_class.get_cost
|
|
140
141
|
end
|
|
141
142
|
end
|
|
143
|
+
|
|
144
|
+
# Add default event subscriptions
|
|
145
|
+
@resources.concat generate_default_event_subscriptions()
|
|
142
146
|
|
|
143
147
|
@maintenance_groups.each do |maintenance_group,resource_groups|
|
|
144
148
|
resource_groups.each do |group, alarms|
|
|
@@ -251,6 +255,19 @@ module CfnGuardian
|
|
|
251
255
|
|
|
252
256
|
File.write("out/template-config.guardian.json", template.to_json)
|
|
253
257
|
end
|
|
254
|
-
|
|
258
|
+
|
|
259
|
+
def generate_default_event_subscriptions()
|
|
260
|
+
# List of Classes which default events should be deployed
|
|
261
|
+
default_resource_classes = ['CfnGuardian::Resource::Acm']
|
|
262
|
+
default_event_subscriptions = []
|
|
263
|
+
|
|
264
|
+
default_resource_classes.each do |resource_class|
|
|
265
|
+
resource_instance = Kernel.const_get(resource_class).new({"Id"=>resource_class}) # Dummy ID
|
|
266
|
+
default_event_subscriptions.concat(resource_instance.default_event_subscriptions())
|
|
267
|
+
end
|
|
268
|
+
|
|
269
|
+
return default_event_subscriptions
|
|
270
|
+
end
|
|
271
|
+
|
|
255
272
|
end
|
|
256
273
|
end
|
|
@@ -66,6 +66,15 @@ module CfnGuardian
|
|
|
66
66
|
end
|
|
67
67
|
end
|
|
68
68
|
|
|
69
|
+
class AcmAlarm < BaseAlarm
|
|
70
|
+
def initialize(resource)
|
|
71
|
+
super(resource)
|
|
72
|
+
@group = 'Acm'
|
|
73
|
+
@namespace = 'AWS/CertificateManager'
|
|
74
|
+
@dimensions = { CertificateArn: { "Fn::Sub" => "arn:aws:acm:${AWS::Region}:${AWS::AccountId}:certificate/#{resource['Id']}"}}
|
|
75
|
+
end
|
|
76
|
+
end
|
|
77
|
+
|
|
69
78
|
class ApiGatewayAlarm < BaseAlarm
|
|
70
79
|
def initialize(resource)
|
|
71
80
|
super(resource)
|
|
@@ -95,6 +95,7 @@ module CfnGuardian
|
|
|
95
95
|
end
|
|
96
96
|
end
|
|
97
97
|
|
|
98
|
+
class AcmEventSubscription < BaseEventSubscription; end
|
|
98
99
|
class ApiGatewayEventSubscription < BaseEventSubscription; end
|
|
99
100
|
class ApplicationTargetGroupEventSubscription < BaseEventSubscription; end
|
|
100
101
|
class AmazonMQBrokerEventSubscription < BaseEventSubscription; end
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
module CfnGuardian::Resource
|
|
2
|
+
class Acm < Base
|
|
3
|
+
|
|
4
|
+
def default_alarms
|
|
5
|
+
alarm = CfnGuardian::Models::AcmAlarm.new(@resource)
|
|
6
|
+
alarm.name = 'CertificateExpiry'
|
|
7
|
+
alarm.metric_name = 'DaysToExpiry'
|
|
8
|
+
alarm.statistic = 'Average'
|
|
9
|
+
alarm.threshold = 30
|
|
10
|
+
alarm.comparison_operator = 'LessThanThreshold'
|
|
11
|
+
alarm.evaluation_periods = 1
|
|
12
|
+
alarm.period = 86400
|
|
13
|
+
@alarms.push(alarm)
|
|
14
|
+
end
|
|
15
|
+
|
|
16
|
+
def default_event_subscriptions()
|
|
17
|
+
event_subscription = CfnGuardian::Models::AcmEventSubscription.new(@resource)
|
|
18
|
+
event_subscription.name = 'AcmCertificateNearExpiry'
|
|
19
|
+
event_subscription.detail_type = 'ACM Certificate Approaching Expiration'
|
|
20
|
+
event_subscription.source = 'aws.acm'
|
|
21
|
+
event_subscription.detail = {
|
|
22
|
+
'DaysToExpiry' => [31]
|
|
23
|
+
}
|
|
24
|
+
@event_subscriptions.push(event_subscription)
|
|
25
|
+
|
|
26
|
+
event_subscription = CfnGuardian::Models::AcmEventSubscription.new(@resource)
|
|
27
|
+
event_subscription.name = 'AcmCertificateExpired'
|
|
28
|
+
event_subscription.detail_type = 'ACM Certificate Expired'
|
|
29
|
+
event_subscription.source = 'aws.acm'
|
|
30
|
+
@event_subscriptions.push(event_subscription)
|
|
31
|
+
|
|
32
|
+
event_subscription = CfnGuardian::Models::AcmEventSubscription.new(@resource)
|
|
33
|
+
event_subscription.name = 'AcmRenewalActionRequired'
|
|
34
|
+
event_subscription.detail_type = 'ACM Certificate Renewal Action Required'
|
|
35
|
+
event_subscription.source = 'aws.acm'
|
|
36
|
+
@event_subscriptions.push(event_subscription)
|
|
37
|
+
end
|
|
38
|
+
end
|
|
39
|
+
end
|
data/lib/cfnguardian/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-guardian
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.11.
|
|
4
|
+
version: 0.11.6
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Guslington
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2023-
|
|
11
|
+
date: 2023-10-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|
|
@@ -328,6 +328,7 @@ files:
|
|
|
328
328
|
- lib/cfnguardian/models/event.rb
|
|
329
329
|
- lib/cfnguardian/models/event_subscription.rb
|
|
330
330
|
- lib/cfnguardian/models/metric_filter.rb
|
|
331
|
+
- lib/cfnguardian/resources/acm.rb
|
|
331
332
|
- lib/cfnguardian/resources/amazonmq_broker.rb
|
|
332
333
|
- lib/cfnguardian/resources/amazonmq_rabbitmq.rb
|
|
333
334
|
- lib/cfnguardian/resources/apigateway.rb
|