cfn-guardian 0.6.7 → 0.6.8
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/Dockerfile +1 -1
- data/docs/custom_checks/ecs_container_instance_check.md +18 -0
- data/docs/overview.md +1 -0
- data/lib/cfnguardian/compile.rb +1 -0
- data/lib/cfnguardian/config/defaults.yaml +2 -0
- data/lib/cfnguardian/models/alarm.rb +11 -0
- data/lib/cfnguardian/models/event_subscription.rb +1 -0
- data/lib/cfnguardian/resources/vpn_tunnel.rb +18 -0
- data/lib/cfnguardian/version.rb +1 -1
- metadata +4 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: fbdee8de2045f846a77f73303f61d13fbf8f9110d54d053ff78ad157f0ba96b7
|
|
4
|
+
data.tar.gz: 1aa05cff0d3bfa15d296adc0d508161ca80360f0cb1bcee454c9668ca65bd8b5
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: db29791aaf3771a0013d77dfef99683be75cf3093ccc121531e92adf37316d0d4a2e22ddb65652297a86674f07784383a01510f23d3c79534a431a97eccc5906
|
|
7
|
+
data.tar.gz: 4d568808e86bf1e4e3effb6ee3b4e6270093ac3a8ea4ac809bac3126e343271989e0932afdb811eebfaa7d2b8381c7a89084f5b3c7937b81701bc96ab1e40424
|
data/Dockerfile
CHANGED
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
# ECS Container Instance Check
|
|
2
|
+
|
|
3
|
+
Source: https://github.com/base2Services/aws-lambda-ecs-container-instance-check
|
|
4
|
+
|
|
5
|
+
Checks the agent status of a ECS container instance for a ECS cluster.
|
|
6
|
+
This check and alarms are created by default when a ECS cluster resource is specified in the config.
|
|
7
|
+
|
|
8
|
+
```yaml
|
|
9
|
+
Resources:
|
|
10
|
+
ECSCluster:
|
|
11
|
+
- Id: my-cluster
|
|
12
|
+
|
|
13
|
+
Templates:
|
|
14
|
+
ECSCluster:
|
|
15
|
+
# override the alarm defaults
|
|
16
|
+
ECSContianerInstancesDisconnected:
|
|
17
|
+
...
|
|
18
|
+
```
|
data/docs/overview.md
CHANGED
|
@@ -14,6 +14,7 @@
|
|
|
14
14
|
7. [SQL](custom_checks/sql.md)
|
|
15
15
|
8. [TLS](custom_checks/tls.md)
|
|
16
16
|
9. [Azure File Check](custom_checks/azure_file_check.md)
|
|
17
|
+
10. [ECS Container Instance Check](custom_checks/ecs_container_instance_check.md)
|
|
17
18
|
5. [Event Subscriptions](event_subscriptions.md)
|
|
18
19
|
6. [Notifiers](notifiers.md)
|
|
19
20
|
7. [Maintenance Mode](maintenance_mode.md)
|
data/lib/cfnguardian/compile.rb
CHANGED
|
@@ -40,6 +40,7 @@ require 'cfnguardian/resources/amazonmq_rabbitmq'
|
|
|
40
40
|
require 'cfnguardian/resources/batch'
|
|
41
41
|
require 'cfnguardian/resources/glue'
|
|
42
42
|
require 'cfnguardian/resources/step_functions'
|
|
43
|
+
require 'cfnguardian/resources/vpn_tunnel'
|
|
43
44
|
require 'cfnguardian/version'
|
|
44
45
|
require 'cfnguardian/error'
|
|
45
46
|
|
|
@@ -445,6 +445,17 @@ module CfnGuardian
|
|
|
445
445
|
@dimensions = { StorageAccount: resource['Id'], StorageContainer: resource['Container'] }
|
|
446
446
|
end
|
|
447
447
|
end
|
|
448
|
+
|
|
449
|
+
class VPNTunnelAlarm < BaseAlarm
|
|
450
|
+
def initialize(resource)
|
|
451
|
+
super(resource)
|
|
452
|
+
@group = 'VPNTunnel'
|
|
453
|
+
@namespace = 'AWS/VPN'
|
|
454
|
+
@dimensions = {
|
|
455
|
+
TunnelIpAddress: resource['Id']
|
|
456
|
+
}
|
|
457
|
+
end
|
|
458
|
+
end
|
|
448
459
|
|
|
449
460
|
end
|
|
450
461
|
end
|
|
@@ -107,5 +107,6 @@ module CfnGuardian
|
|
|
107
107
|
class NetworkTargetGroupEventSubscription < BaseEventSubscription; end
|
|
108
108
|
class RedshiftClusterEventSubscription < BaseEventSubscription; end
|
|
109
109
|
class StepFunctionsSubscription < BaseEventSubscription; end
|
|
110
|
+
class VPNTunnelEventSubscription < BaseEventSubscription; end
|
|
110
111
|
end
|
|
111
112
|
end
|
|
@@ -0,0 +1,18 @@
|
|
|
1
|
+
module CfnGuardian::Resource
|
|
2
|
+
class VPNTunnel < Base
|
|
3
|
+
|
|
4
|
+
def default_alarms
|
|
5
|
+
alarm = CfnGuardian::Models::VPNTunnelAlarm.new(@resource)
|
|
6
|
+
alarm.name = 'VPNTunnelState'
|
|
7
|
+
alarm.metric_name = 'TunnelState'
|
|
8
|
+
alarm.comparison_operator = 'LessThanThreshold'
|
|
9
|
+
alarm.statistic = 'Minimum'
|
|
10
|
+
alarm.threshold = 1
|
|
11
|
+
alarm.evaluation_periods = 5
|
|
12
|
+
alarm.treat_missing_data = 'breaching'
|
|
13
|
+
alarm.datapoints_to_alarm = 5
|
|
14
|
+
@alarms.push(alarm)
|
|
15
|
+
end
|
|
16
|
+
|
|
17
|
+
end
|
|
18
|
+
end
|
data/lib/cfnguardian/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-guardian
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.6.
|
|
4
|
+
version: 0.6.8
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Guslington
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2021-
|
|
11
|
+
date: 2021-05-31 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|
|
@@ -238,6 +238,7 @@ files:
|
|
|
238
238
|
- docs/composite_alarms.md
|
|
239
239
|
- docs/custom_checks/azure_file_check.md
|
|
240
240
|
- docs/custom_checks/domain_expiry.md
|
|
241
|
+
- docs/custom_checks/ecs_container_instance_check.md
|
|
241
242
|
- docs/custom_checks/http.md
|
|
242
243
|
- docs/custom_checks/log_group_metric_filters.md
|
|
243
244
|
- docs/custom_checks/nrpe.md
|
|
@@ -306,6 +307,7 @@ files:
|
|
|
306
307
|
- lib/cfnguardian/resources/sqs_queue.rb
|
|
307
308
|
- lib/cfnguardian/resources/step_functions.rb
|
|
308
309
|
- lib/cfnguardian/resources/tls.rb
|
|
310
|
+
- lib/cfnguardian/resources/vpn_tunnel.rb
|
|
309
311
|
- lib/cfnguardian/s3.rb
|
|
310
312
|
- lib/cfnguardian/stacks/main.rb
|
|
311
313
|
- lib/cfnguardian/stacks/resources.rb
|