cfn-guardian 0.11.5 → 0.11.6

Sign up to get free protection for your applications and to get access to all the features.
Files changed (9) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +1 -1
  3. data/docs/resources.md +1 -0
  4. data/lib/cfnguardian/compile.rb +18 -1
  5. data/lib/cfnguardian/models/alarm.rb +9 -0
  6. data/lib/cfnguardian/models/event_subscription.rb +1 -0
  7. data/lib/cfnguardian/resources/acm.rb +39 -0
  8. data/lib/cfnguardian/version.rb +1 -1
  9. metadata +3 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: f723e435275fc1a6e2b27f9af51fe3ca405f19621c761aa26fdcf1db6567258c
4
- data.tar.gz: d84f42b73498a82d831b7ccccaaa42d379df99c73d719e75ca3262b544de35c9
3
+ metadata.gz: 9d2c40c9c770002c29f5944836df58ce457d497b8f650c4502f18fcf4e79cd71
4
+ data.tar.gz: c8d2396742afaeecc84ffcb30aab78a6be53af64292cd362581a75275f4332cb
5
5
  SHA512:
6
- metadata.gz: 4b843af3e2e6a131853d472575eb71edd22d529e93e4203cf4c726b231101f4644426acd69e1b21ad4c03ec675620b4836d7f3dc2c1a8ec864c6769ea564bde3
7
- data.tar.gz: 765da898a28024041595acdcd7e46de3e34c172861f0b4df7aeb82e434de4c8ec99abf659370e4fc58615ddf32abbb885224c7ee13e48e02dd3c2d29a1fd170f
6
+ metadata.gz: b8e74696940031d2e2010eb005172bd98eb6478b9c0feccdb7a5c413c70d6a9db36b7ab6d51022d7f2ea761a7fd170f166b3892b06e7627da2a9b7b04d2a6222
7
+ data.tar.gz: 39c24609796c7019a2cbe12ff6cef57e53a8532c89bd143eeb356813798c3fd354a24c9d61d94ff1fb981da030bdf0e42183fa2504cd7fad1a6b2155053c811c
data/README.md CHANGED
@@ -22,7 +22,7 @@ CfnGuardian is a AWS monitoring tool with a few capabilities:
22
22
  - tls version checking
23
23
 
24
24
  **Supported AWS Resources**
25
-
25
+ - ACM Certificates
26
26
  - AmazonMq(RabbitMQ and ActiveMQ)
27
27
  - ApiGateway
28
28
  - Application Targetgroups
data/docs/resources.md CHANGED
@@ -36,6 +36,7 @@ Resources:
36
36
 
37
37
  | Resource Group | Require Keys |
38
38
  | --------------------------- | ---------------- |
39
+ | Acm | Id |
39
40
  | ApiGateway | Id |
40
41
  | AmazonMQBroker | Id |
41
42
  | AutoScalingGroup | Id |
data/lib/cfnguardian/compile.rb CHANGED
@@ -5,6 +5,7 @@ require 'cfnguardian/stacks/resources'
5
5
  require 'cfnguardian/stacks/main'
6
6
  require 'cfnguardian/models/composite'
7
7
  require 'cfnguardian/resources/base'
8
+ require 'cfnguardian/resources/acm'
8
9
  require 'cfnguardian/resources/apigateway'
9
10
  require 'cfnguardian/resources/application_targetgroup'
10
11
  require 'cfnguardian/resources/amazonmq_broker'
@@ -139,6 +140,9 @@ module CfnGuardian
139
140
  @cost += resource_class.get_cost
140
141
  end
141
142
  end
143
+
144
+ # Add default event subscriptions
145
+ @resources.concat generate_default_event_subscriptions()
142
146
 
143
147
  @maintenance_groups.each do |maintenance_group,resource_groups|
144
148
  resource_groups.each do |group, alarms|
@@ -251,6 +255,19 @@ module CfnGuardian
251
255
 
252
256
  File.write("out/template-config.guardian.json", template.to_json)
253
257
  end
254
-
258
+
259
+ def generate_default_event_subscriptions()
260
+ # List of Classes which default events should be deployed
261
+ default_resource_classes = ['CfnGuardian::Resource::Acm']
262
+ default_event_subscriptions = []
263
+
264
+ default_resource_classes.each do |resource_class|
265
+ resource_instance = Kernel.const_get(resource_class).new({"Id"=>resource_class}) # Dummy ID
266
+ default_event_subscriptions.concat(resource_instance.default_event_subscriptions())
267
+ end
268
+
269
+ return default_event_subscriptions
270
+ end
271
+
255
272
  end
256
273
  end
data/lib/cfnguardian/models/alarm.rb CHANGED
@@ -66,6 +66,15 @@ module CfnGuardian
66
66
  end
67
67
  end
68
68
 
69
+ class AcmAlarm < BaseAlarm
70
+ def initialize(resource)
71
+ super(resource)
72
+ @group = 'Acm'
73
+ @namespace = 'AWS/CertificateManager'
74
+ @dimensions = { CertificateArn: { "Fn::Sub" => "arn:aws:acm:${AWS::Region}:${AWS::AccountId}:certificate/#{resource['Id']}"}}
75
+ end
76
+ end
77
+
69
78
  class ApiGatewayAlarm < BaseAlarm
70
79
  def initialize(resource)
71
80
  super(resource)
data/lib/cfnguardian/models/event_subscription.rb CHANGED
@@ -95,6 +95,7 @@ module CfnGuardian
95
95
  end
96
96
  end
97
97
 
98
+ class AcmEventSubscription < BaseEventSubscription; end
98
99
  class ApiGatewayEventSubscription < BaseEventSubscription; end
99
100
  class ApplicationTargetGroupEventSubscription < BaseEventSubscription; end
100
101
  class AmazonMQBrokerEventSubscription < BaseEventSubscription; end
data/lib/cfnguardian/resources/acm.rb ADDED
@@ -0,0 +1,39 @@
1
+ module CfnGuardian::Resource
2
+ class Acm < Base
3
+
4
+ def default_alarms
5
+ alarm = CfnGuardian::Models::AcmAlarm.new(@resource)
6
+ alarm.name = 'CertificateExpiry'
7
+ alarm.metric_name = 'DaysToExpiry'
8
+ alarm.statistic = 'Average'
9
+ alarm.threshold = 30
10
+ alarm.comparison_operator = 'LessThanThreshold'
11
+ alarm.evaluation_periods = 1
12
+ alarm.period = 86400
13
+ @alarms.push(alarm)
14
+ end
15
+
16
+ def default_event_subscriptions()
17
+ event_subscription = CfnGuardian::Models::AcmEventSubscription.new(@resource)
18
+ event_subscription.name = 'AcmCertificateNearExpiry'
19
+ event_subscription.detail_type = 'ACM Certificate Approaching Expiration'
20
+ event_subscription.source = 'aws.acm'
21
+ event_subscription.detail = {
22
+ 'DaysToExpiry' => [31]
23
+ }
24
+ @event_subscriptions.push(event_subscription)
25
+
26
+ event_subscription = CfnGuardian::Models::AcmEventSubscription.new(@resource)
27
+ event_subscription.name = 'AcmCertificateExpired'
28
+ event_subscription.detail_type = 'ACM Certificate Expired'
29
+ event_subscription.source = 'aws.acm'
30
+ @event_subscriptions.push(event_subscription)
31
+
32
+ event_subscription = CfnGuardian::Models::AcmEventSubscription.new(@resource)
33
+ event_subscription.name = 'AcmRenewalActionRequired'
34
+ event_subscription.detail_type = 'ACM Certificate Renewal Action Required'
35
+ event_subscription.source = 'aws.acm'
36
+ @event_subscriptions.push(event_subscription)
37
+ end
38
+ end
39
+ end
data/lib/cfnguardian/version.rb CHANGED
@@ -1,4 +1,4 @@
1
1
  module CfnGuardian
2
- VERSION = "0.11.5"
2
+ VERSION = "0.11.6"
3
3
  CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
4
4
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: cfn-guardian
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.11.5
4
+ version: 0.11.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Guslington
8
8
  autorequire:
9
9
  bindir: exe
10
10
  cert_chain: []
11
- date: 2023-09-14 00:00:00.000000000 Z
11
+ date: 2023-10-17 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: thor
@@ -328,6 +328,7 @@ files:
328
328
  - lib/cfnguardian/models/event.rb
329
329
  - lib/cfnguardian/models/event_subscription.rb
330
330
  - lib/cfnguardian/models/metric_filter.rb
331
+ - lib/cfnguardian/resources/acm.rb
331
332
  - lib/cfnguardian/resources/amazonmq_broker.rb
332
333
  - lib/cfnguardian/resources/amazonmq_rabbitmq.rb
333
334
  - lib/cfnguardian/resources/apigateway.rb