cfn-guardian 0.3.4 → 0.4.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Gemfile.lock +22 -22
- data/README.md +73 -25
- data/lib/cfnguardian/compile.rb +6 -1
- data/lib/cfnguardian/models/alarm.rb +3 -1
- data/lib/cfnguardian/resources/base.rb +21 -6
- data/lib/cfnguardian/stacks/main.rb +2 -2
- data/lib/cfnguardian/stacks/resources.rb +1 -1
- data/lib/cfnguardian/version.rb +1 -1
- metadata +1 -1
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 97b6d983e52d77b70d2cea9e302ef3e02c377acc60bff4223fd2560a670293c5
|
4
|
+
data.tar.gz: 76cbf80c45d2af2213513b093516ed302dc527ec278d837c492a7c5736f58f91
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 7f248dc477c03b555afcee3bc74ac9d5f92be9c5937fccb6775aa9384ccaebde6dab76384106eebc8805180db1e773190636d50c3816b0e8ab6d8b872f708deb
|
7
|
+
data.tar.gz: a69c1358fc076d1c79a8f0ed1eaf85d8d6f0b0c334372fcff92785ad7ac4fbbb5f6828c72d7c6a05637cd6831e76ae03afb957a90521b0a502f132c1ecdf4568
|
data/Gemfile.lock
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
PATH
|
2
2
|
remote: .
|
3
3
|
specs:
|
4
|
-
cfn-guardian (0.3.
|
4
|
+
cfn-guardian (0.3.4)
|
5
5
|
aws-sdk-cloudformation (~> 1.31, < 2)
|
6
6
|
aws-sdk-cloudwatch (~> 1.28, < 2)
|
7
7
|
aws-sdk-codecommit (~> 1.28, < 2)
|
@@ -15,37 +15,37 @@ PATH
|
|
15
15
|
GEM
|
16
16
|
remote: https://rubygems.org/
|
17
17
|
specs:
|
18
|
-
aws-eventstream (1.0
|
19
|
-
aws-partitions (1.
|
20
|
-
aws-sdk-cloudformation (1.
|
21
|
-
aws-sdk-core (~> 3, >= 3.
|
18
|
+
aws-eventstream (1.1.0)
|
19
|
+
aws-partitions (1.337.0)
|
20
|
+
aws-sdk-cloudformation (1.40.0)
|
21
|
+
aws-sdk-core (~> 3, >= 3.99.0)
|
22
22
|
aws-sigv4 (~> 1.1)
|
23
|
-
aws-sdk-cloudwatch (1.
|
24
|
-
aws-sdk-core (~> 3, >= 3.
|
23
|
+
aws-sdk-cloudwatch (1.40.0)
|
24
|
+
aws-sdk-core (~> 3, >= 3.99.0)
|
25
25
|
aws-sigv4 (~> 1.1)
|
26
|
-
aws-sdk-codecommit (1.
|
27
|
-
aws-sdk-core (~> 3, >= 3.
|
26
|
+
aws-sdk-codecommit (1.36.0)
|
27
|
+
aws-sdk-core (~> 3, >= 3.99.0)
|
28
28
|
aws-sigv4 (~> 1.1)
|
29
|
-
aws-sdk-codepipeline (1.
|
30
|
-
aws-sdk-core (~> 3, >= 3.
|
29
|
+
aws-sdk-codepipeline (1.33.0)
|
30
|
+
aws-sdk-core (~> 3, >= 3.99.0)
|
31
31
|
aws-sigv4 (~> 1.1)
|
32
|
-
aws-sdk-core (3.
|
33
|
-
aws-eventstream (~> 1
|
32
|
+
aws-sdk-core (3.103.0)
|
33
|
+
aws-eventstream (~> 1, >= 1.0.2)
|
34
34
|
aws-partitions (~> 1, >= 1.239.0)
|
35
35
|
aws-sigv4 (~> 1.1)
|
36
36
|
jmespath (~> 1.0)
|
37
|
-
aws-sdk-kms (1.
|
38
|
-
aws-sdk-core (~> 3, >= 3.
|
37
|
+
aws-sdk-kms (1.35.0)
|
38
|
+
aws-sdk-core (~> 3, >= 3.99.0)
|
39
39
|
aws-sigv4 (~> 1.1)
|
40
|
-
aws-sdk-s3 (1.
|
41
|
-
aws-sdk-core (~> 3, >= 3.
|
40
|
+
aws-sdk-s3 (1.72.0)
|
41
|
+
aws-sdk-core (~> 3, >= 3.102.1)
|
42
42
|
aws-sdk-kms (~> 1)
|
43
43
|
aws-sigv4 (~> 1.1)
|
44
|
-
aws-sigv4 (1.
|
45
|
-
aws-eventstream (~> 1
|
46
|
-
cfndsl (1.
|
44
|
+
aws-sigv4 (1.2.1)
|
45
|
+
aws-eventstream (~> 1, >= 1.0.2)
|
46
|
+
cfndsl (1.1.1)
|
47
47
|
hana (~> 1.3)
|
48
|
-
hana (1.3.
|
48
|
+
hana (1.3.6)
|
49
49
|
jmespath (1.4.0)
|
50
50
|
rake (10.5.0)
|
51
51
|
sync (0.5.0)
|
@@ -54,7 +54,7 @@ GEM
|
|
54
54
|
terminal-table (1.8.0)
|
55
55
|
unicode-display_width (~> 1.1, >= 1.1.1)
|
56
56
|
thor (0.20.3)
|
57
|
-
tins (1.
|
57
|
+
tins (1.25.0)
|
58
58
|
sync
|
59
59
|
unicode-display_width (1.7.0)
|
60
60
|
|
data/README.md
CHANGED
@@ -167,6 +167,59 @@ Options:
|
|
167
167
|
[--debug], [--no-debug] # enable debug logging
|
168
168
|
```
|
169
169
|
|
170
|
+
## Alarm Notifications
|
171
|
+
|
172
|
+
There are 4 default notification levels used by Guardian Critical, Warning, Task, Informational. If you wish to recieve notifications for each of these you need to supply an sns topic arn in the alarms.yaml
|
173
|
+
|
174
|
+
```yaml
|
175
|
+
Topics:
|
176
|
+
Critical: arn:aws:sns:ap-southeast-2:123456789012:Critical
|
177
|
+
Warning: arn:aws:sns:ap-southeast-2:123456789012:Warning
|
178
|
+
Task: arn:aws:sns:ap-southeast-2:123456789012:Task
|
179
|
+
Informational: arn:aws:sns:ap-southeast-2:123456789012:Informational
|
180
|
+
```
|
181
|
+
|
182
|
+
Each alarm has a default notification level but can be overriden in the config using the `AlarmAction` property at either the alarm group or alarm level. See the [Overriding Defaults](#overriding-defaults) section on how to do that.
|
183
|
+
|
184
|
+
You can add your own notification topics to the topics section and combine them with the existing topics. `AlarmAction` property will accept both a string and array of notication topics.
|
185
|
+
|
186
|
+
```yaml
|
187
|
+
Topics:
|
188
|
+
Critical: arn:aws:sns:ap-southeast-2:123456789012:Critical
|
189
|
+
Warning: arn:aws:sns:ap-southeast-2:123456789012:Warning
|
190
|
+
Task: arn:aws:sns:ap-southeast-2:123456789012:Task
|
191
|
+
Informational: arn:aws:sns:ap-southeast-2:123456789012:Informational
|
192
|
+
CustomTopic: arn:aws:sns:ap-southeast-2:123456789012:Custom
|
193
|
+
|
194
|
+
Template:
|
195
|
+
Ec2Instance:
|
196
|
+
GroupOverrides:
|
197
|
+
AlarmActions:
|
198
|
+
- Critical
|
199
|
+
- Custom
|
200
|
+
```
|
201
|
+
|
202
|
+
### SNS Topics
|
203
|
+
|
204
|
+
Create the topics before launching the guardian stack
|
205
|
+
|
206
|
+
```bash
|
207
|
+
aws sns create-topic --name Guardian-Critical
|
208
|
+
aws sns create-topic --name Guardian-Warning
|
209
|
+
aws sns create-topic --name Guardian-Task
|
210
|
+
aws sns create-topic --name Guardian-Informational
|
211
|
+
```
|
212
|
+
|
213
|
+
SNS topics can be defined in the YAML config or during the `deploy` command using the sns switches. The full ARN must be used.
|
214
|
+
|
215
|
+
```yaml
|
216
|
+
Topics:
|
217
|
+
Critical: arn:aws:sns:ap-southeast-2:111111111111:Guardian-Critical
|
218
|
+
Warning: arn:aws:sns:ap-southeast-2:111111111111:Guardian-Warning
|
219
|
+
Task: arn:aws:sns:ap-southeast-2:111111111111:Guardian-Task
|
220
|
+
Informational: arn:aws:sns:ap-southeast-2:111111111111:Guardian-Informational
|
221
|
+
```
|
222
|
+
|
170
223
|
## Configuration
|
171
224
|
|
172
225
|
Config is stored in a standard YAML file which will default to `alarms.yaml`. This can be overridden by supplying the `--config` switch.
|
@@ -562,6 +615,26 @@ Custom alarm templates are defined within the same YAML config file un the `Temp
|
|
562
615
|
|
563
616
|
### Overriding Defaults
|
564
617
|
|
618
|
+
Alarm properties such as `Threshold`, `AlarmAction`, etc can be overriden at the alarm level or at the alarm group level.
|
619
|
+
|
620
|
+
**Alarm Group Overrides**
|
621
|
+
|
622
|
+
Alarm group level overrides apply to all alarms within the alarm group.
|
623
|
+
|
624
|
+
```yaml
|
625
|
+
Templates:
|
626
|
+
# define the resource group
|
627
|
+
Ec2Instance:
|
628
|
+
# GroupOverrides key denotes the group level overrides
|
629
|
+
GroupOverrides:
|
630
|
+
# supply the key value of the alarm property you want to override
|
631
|
+
AlarmAction: Informational
|
632
|
+
```
|
633
|
+
|
634
|
+
**Alarm Overrides**
|
635
|
+
|
636
|
+
Alarm overrides apply only to the alarm the property is applied to. This will override any alarm group level overrides.
|
637
|
+
|
565
638
|
```yaml
|
566
639
|
Templates:
|
567
640
|
# define the resource group
|
@@ -650,27 +723,6 @@ Templates:
|
|
650
723
|
TargetResponseTime: false
|
651
724
|
```
|
652
725
|
|
653
|
-
## SNS Topics
|
654
|
-
|
655
|
-
Create the topics before launching the guardian stack
|
656
|
-
|
657
|
-
```bash
|
658
|
-
aws sns create-topic --name Guardian-Critical
|
659
|
-
aws sns create-topic --name Guardian-Warning
|
660
|
-
aws sns create-topic --name Guardian-Task
|
661
|
-
aws sns create-topic --name Guardian-Informational
|
662
|
-
```
|
663
|
-
|
664
|
-
SNS topics can be defined in the YAML config or during the `deploy` command using the sns switches. The full ARN must be used.
|
665
|
-
|
666
|
-
```yaml
|
667
|
-
Topics:
|
668
|
-
Critical: arn:aws:sns:ap-southeast-2:111111111111:Guardian-Critical
|
669
|
-
Warning: arn:aws:sns:ap-southeast-2:111111111111:Guardian-Warning
|
670
|
-
Task: arn:aws:sns:ap-southeast-2:111111111111:Guardian-Task
|
671
|
-
Informational: arn:aws:sns:ap-southeast-2:111111111111:Guardian-Informational
|
672
|
-
```
|
673
|
-
|
674
726
|
## M Out Of N Metric Data Points
|
675
727
|
|
676
728
|
This can be good to alert on groups of spikes with in a certain time frame without getting alerts for individual spikes.
|
@@ -798,10 +850,6 @@ cfn-guardian disable-alarms --group AppUpdate
|
|
798
850
|
cfn-guardian enable-alarms --group AppUpdate
|
799
851
|
```
|
800
852
|
|
801
|
-
## Severities
|
802
|
-
|
803
|
-
Severties are defined in each alarm sing the `AlarmAction` key. There are 4 options `[ Critical, Warning, Task, Informational ]`
|
804
|
-
|
805
853
|
## Contributing
|
806
854
|
|
807
855
|
Bug reports and pull requests are welcome on GitHub at https://github.com/base2services/cfn-guardian.
|
data/lib/cfnguardian/compile.rb
CHANGED
@@ -51,6 +51,11 @@ module CfnGuardian
|
|
51
51
|
@topics = config.fetch('Topics',{})
|
52
52
|
@maintenance_groups = config.fetch('MaintenaceGroups', {})
|
53
53
|
|
54
|
+
# Make sure the default topics exist if they aren't supplied in the alarms.yaml
|
55
|
+
%w(Critical Warning Task Informational).each do |topic|
|
56
|
+
@topics[topic] = '' unless @topics.has_key?(topic)
|
57
|
+
end
|
58
|
+
|
54
59
|
@maintenance_group_list = @maintenance_groups.keys.map {|group| "#{group}MaintenanceGroup"}
|
55
60
|
@resources = []
|
56
61
|
@stacks = []
|
@@ -82,7 +87,7 @@ module CfnGuardian
|
|
82
87
|
end
|
83
88
|
|
84
89
|
overides = @templates.has_key?(group) ? @templates[group] : {}
|
85
|
-
@resources.concat resource_class.get_alarms(overides
|
90
|
+
@resources.concat resource_class.get_alarms(resource,group,overides)
|
86
91
|
@resources.concat resource_class.get_metric_filters()
|
87
92
|
@resources.concat resource_class.get_events()
|
88
93
|
@checks.concat resource_class.get_checks()
|
@@ -28,7 +28,8 @@ module CfnGuardian
|
|
28
28
|
:extended_statistic,
|
29
29
|
:evaluate_low_sample_count_percentile,
|
30
30
|
:unit,
|
31
|
-
:maintenance_groups
|
31
|
+
:maintenance_groups,
|
32
|
+
:additional_notifiers
|
32
33
|
|
33
34
|
def initialize(resource)
|
34
35
|
@type = 'Alarm'
|
@@ -54,6 +55,7 @@ module CfnGuardian
|
|
54
55
|
@alarm_action = 'Critical'
|
55
56
|
@treat_missing_data = nil
|
56
57
|
@maintenance_groups = []
|
58
|
+
@additional_notifiers = []
|
57
59
|
end
|
58
60
|
|
59
61
|
def metric_name=(metric_name)
|
@@ -23,10 +23,19 @@ module CfnGuardian::Resource
|
|
23
23
|
return @alarms
|
24
24
|
end
|
25
25
|
|
26
|
-
def get_alarms(overides={}
|
26
|
+
def get_alarms(resource,group,overides={})
|
27
27
|
# generate default alarms
|
28
28
|
default_alarms()
|
29
|
-
|
29
|
+
|
30
|
+
# override any group properties
|
31
|
+
group_overrides = overides.has_key?('GroupOverrides') ? overides['GroupOverrides'] : {}
|
32
|
+
overides.delete('GroupOverrides')
|
33
|
+
if group_overrides.any?
|
34
|
+
@alarms.each do |alarm|
|
35
|
+
group_overrides.each {|attr,value| update_alarm(alarm,attr,value)}
|
36
|
+
end
|
37
|
+
end
|
38
|
+
|
30
39
|
# loop over each override template for the service
|
31
40
|
overides.each do |name,properties|
|
32
41
|
|
@@ -40,7 +49,7 @@ module CfnGuardian::Resource
|
|
40
49
|
next
|
41
50
|
end
|
42
51
|
end
|
43
|
-
|
52
|
+
|
44
53
|
# continue if the override is in the incorrect format
|
45
54
|
unless properties.is_a?(Hash)
|
46
55
|
if name != 'Inherit'
|
@@ -48,7 +57,9 @@ module CfnGuardian::Resource
|
|
48
57
|
end
|
49
58
|
next
|
50
59
|
end
|
51
|
-
|
60
|
+
|
61
|
+
properties.merge!(group_overrides)
|
62
|
+
|
52
63
|
# Create a new alarm inheriting the defaults of an existing alarm
|
53
64
|
if properties.has_key?('Inherit')
|
54
65
|
alarm = find_alarm(properties['Inherit'])
|
@@ -64,10 +75,14 @@ module CfnGuardian::Resource
|
|
64
75
|
end
|
65
76
|
|
66
77
|
alarm = find_alarm(name)
|
67
|
-
|
78
|
+
|
68
79
|
if alarm.nil?
|
80
|
+
if @resource.has_key?('Hosts')
|
81
|
+
logger.warn("this resource doesn't support adding new alarms")
|
82
|
+
next
|
83
|
+
end
|
69
84
|
# if alarm doesn't exist create a new one
|
70
|
-
alarm = Kernel.const_get("CfnGuardian::Models::#{self.class.to_s.split('::').last}Alarm").new(resource)
|
85
|
+
alarm = Kernel.const_get("CfnGuardian::Models::#{self.class.to_s.split('::').last}Alarm").new(@resource)
|
71
86
|
properties.each {|attr,value| update_alarm(alarm,attr,value)}
|
72
87
|
alarm.name = name
|
73
88
|
@alarms.push(alarm)
|
@@ -15,11 +15,11 @@ module CfnGuardian
|
|
15
15
|
def build_template(stacks,checks,topics,maintenance_groups,ssm_parameters)
|
16
16
|
parameters = {}
|
17
17
|
|
18
|
-
|
18
|
+
topics.each do |name, sns|
|
19
19
|
parameter = @template.Parameter(name)
|
20
20
|
parameter.Type 'String'
|
21
21
|
parameter.Description "SNS topic ARN for #{name} notifications"
|
22
|
-
parameter.Default
|
22
|
+
parameter.Default sns
|
23
23
|
parameters[name] = Ref(name)
|
24
24
|
end
|
25
25
|
|
@@ -35,7 +35,7 @@ module CfnGuardian
|
|
35
35
|
end
|
36
36
|
|
37
37
|
def add_alarm(alarm)
|
38
|
-
actions = [Ref(alarm.alarm_action)]
|
38
|
+
actions = alarm.alarm_action.kind_of?(Array) ? alarm.alarm_action.map{|action| Ref(action)} : [Ref(alarm.alarm_action)]
|
39
39
|
actions.concat alarm.maintenance_groups.map {|mg| Ref(mg)} if alarm.maintenance_groups.any?
|
40
40
|
|
41
41
|
@template.declare do
|
data/lib/cfnguardian/version.rb
CHANGED