cfn-guardian 0.7.9 → 0.7.10
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +1 -0
- data/docs/event_subscriptions.md +17 -5
- data/docs/resources.md +1 -0
- data/lib/cfnguardian/compile.rb +1 -0
- data/lib/cfnguardian/config/defaults.yaml +2 -0
- data/lib/cfnguardian/models/alarm.rb +9 -0
- data/lib/cfnguardian/resources/documentdb_cluster.rb +39 -0
- data/lib/cfnguardian/version.rb +1 -1
- metadata +3 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 033f2fc6acd9cb43ea7d5ed3e86380ad7ca5466f933a74a9ce82d596dcd60357
|
|
4
|
+
data.tar.gz: beae571c60d4b70cfb822ecce7987ef7c4f24e95b26b998982baee926bfd9779
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 155df68c0cf8696ca55547df817e45e60e967c817b2b00eae8fb416113a776792edc9cd6ba508ef6350fca3f09da202eb384e5bfb63047b5f598b5be2098dfb7
|
|
7
|
+
data.tar.gz: b1e423475b999de9444b1a90fcf22215a65284c2694c9c68cd7d32985a0690f018fee7343e9360809be00d3ec8615bef4800540b8f01a84d59020172b48640aa
|
data/README.md
CHANGED
data/docs/event_subscriptions.md
CHANGED
|
@@ -10,14 +10,14 @@ As with the default alarms in Guardian, there are default events for some resour
|
|
|
10
10
|
|
|
11
11
|
## Overriding Defaults
|
|
12
12
|
|
|
13
|
-
Default
|
|
13
|
+
Default properties of the events can be overridden through the config YAML using the `EventsSubscriptions` top level key.
|
|
14
14
|
For example here we are changing the topic the event is being send to.
|
|
15
15
|
|
|
16
16
|
```yaml
|
|
17
17
|
Topics:
|
|
18
18
|
CustomEvents: arn:aws:sns....
|
|
19
19
|
|
|
20
|
-
|
|
20
|
+
EventSubscriptions:
|
|
21
21
|
Ec2Instance:
|
|
22
22
|
InstanceTerminated:
|
|
23
23
|
Topic: CustomEvents
|
|
@@ -28,12 +28,24 @@ EventSubscription:
|
|
|
28
28
|
Default events can be disabled, the same way default alarms can be disabled through the config YAML.
|
|
29
29
|
|
|
30
30
|
```yaml
|
|
31
|
-
|
|
31
|
+
EventSubscriptions:
|
|
32
32
|
Ec2Instance:
|
|
33
33
|
# set the instance terminated event to false to disable the event
|
|
34
34
|
InstanceTerminated: false
|
|
35
35
|
```
|
|
36
36
|
|
|
37
|
+
## Enabling Default Events
|
|
38
|
+
|
|
39
|
+
Some templates may have events that are disabled by default, they can be enabled using a slightly different syntax to disabling.
|
|
40
|
+
|
|
41
|
+
```yaml
|
|
42
|
+
EventSubscriptions:
|
|
43
|
+
RDSInstance:
|
|
44
|
+
# set the replication failure event to true to enable the event
|
|
45
|
+
ReplicationFailure:
|
|
46
|
+
Enabled: true
|
|
47
|
+
```
|
|
48
|
+
|
|
37
49
|
## Creating Custom Events
|
|
38
50
|
|
|
39
51
|
Custom events can be created if there are not defaults for that event. They can be inherited from a default event or from the base event model.
|
|
@@ -44,7 +56,7 @@ This is useful if you want to create a new event and a default event already has
|
|
|
44
56
|
The following example inherits the `MasterPasswordReset` RDS event and creates a new event that captures the security group add to an rds instance event.
|
|
45
57
|
|
|
46
58
|
```yaml
|
|
47
|
-
|
|
59
|
+
EventSubscriptions:
|
|
48
60
|
RDSInstance:
|
|
49
61
|
# Create a new event name
|
|
50
62
|
DBNewSecurityGroup:
|
|
@@ -59,7 +71,7 @@ EventSubscription:
|
|
|
59
71
|
If there are no default events that match the format you require you can create an event of the base event subscription model.
|
|
60
72
|
|
|
61
73
|
```yaml
|
|
62
|
-
|
|
74
|
+
EventSubscriptions:
|
|
63
75
|
ECSCluster:
|
|
64
76
|
ContainerInstanceStateChange:
|
|
65
77
|
Source: aws.ecs
|
data/docs/resources.md
CHANGED
data/lib/cfnguardian/compile.rb
CHANGED
|
@@ -12,6 +12,7 @@ require 'cfnguardian/resources/autoscaling_group'
|
|
|
12
12
|
require 'cfnguardian/resources/cloudfront_distribution'
|
|
13
13
|
require 'cfnguardian/resources/autoscaling_group'
|
|
14
14
|
require 'cfnguardian/resources/domain_expiry'
|
|
15
|
+
require 'cfnguardian/resources/documentdb_cluster'
|
|
15
16
|
require 'cfnguardian/resources/dynamodb_table'
|
|
16
17
|
require 'cfnguardian/resources/ec2_instance'
|
|
17
18
|
require 'cfnguardian/resources/ecs_cluster'
|
|
@@ -153,6 +153,15 @@ module CfnGuardian
|
|
|
153
153
|
@dimensions = { AutoScalingGroupName: resource['Id'] }
|
|
154
154
|
end
|
|
155
155
|
end
|
|
156
|
+
|
|
157
|
+
class DocumentDBClusterAlarm < BaseAlarm
|
|
158
|
+
def initialize(resource)
|
|
159
|
+
super(resource)
|
|
160
|
+
@group = 'DocumentDBCluster'
|
|
161
|
+
@namespace = 'AWS/DocDB'
|
|
162
|
+
@dimensions = { DBClusterIdentifier: resource['Id'] }
|
|
163
|
+
end
|
|
164
|
+
end
|
|
156
165
|
|
|
157
166
|
class DomainExpiryAlarm < BaseAlarm
|
|
158
167
|
def initialize(resource)
|
|
@@ -0,0 +1,39 @@
|
|
|
1
|
+
module CfnGuardian::Resource
|
|
2
|
+
class DocumentDBCluster < Base
|
|
3
|
+
|
|
4
|
+
def default_alarms
|
|
5
|
+
alarm = CfnGuardian::Models::DocumentDBClusterAlarm.new(@resource)
|
|
6
|
+
alarm.name = 'CPUUtilizationHighBase'
|
|
7
|
+
alarm.metric_name = 'CPUUtilization'
|
|
8
|
+
alarm.threshold = 75
|
|
9
|
+
alarm.evaluation_periods = 60
|
|
10
|
+
alarm.alarm_action = 'Warning'
|
|
11
|
+
@alarms.push(alarm)
|
|
12
|
+
|
|
13
|
+
alarm = CfnGuardian::Models::DocumentDBClusterAlarm.new(@resource)
|
|
14
|
+
alarm.name = 'CPUUtilizationHighSpike'
|
|
15
|
+
alarm.metric_name = 'CPUUtilization'
|
|
16
|
+
alarm.threshold = 95
|
|
17
|
+
alarm.evaluation_periods = 10
|
|
18
|
+
@alarms.push(alarm)
|
|
19
|
+
|
|
20
|
+
alarm = CfnGuardian::Models::DocumentDBClusterAlarm.new(@resource)
|
|
21
|
+
alarm.name = 'DatabaseConnections'
|
|
22
|
+
alarm.metric_name = 'DatabaseConnections'
|
|
23
|
+
alarm.statistic = 'Minimum'
|
|
24
|
+
alarm.threshold = 50
|
|
25
|
+
alarm.evaluation_periods = 10
|
|
26
|
+
@alarms.push(alarm)
|
|
27
|
+
|
|
28
|
+
alarm = CfnGuardian::Models::DocumentDBClusterAlarm.new(@resource)
|
|
29
|
+
alarm.name = 'FreeableMemory'
|
|
30
|
+
alarm.metric_name = 'FreeableMemory'
|
|
31
|
+
alarm.threshold = 1000000000
|
|
32
|
+
alarm.evaluation_periods = 3
|
|
33
|
+
@alarms.push(alarm)
|
|
34
|
+
end
|
|
35
|
+
|
|
36
|
+
end
|
|
37
|
+
end
|
|
38
|
+
|
|
39
|
+
|
data/lib/cfnguardian/version.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: cfn-guardian
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.7.
|
|
4
|
+
version: 0.7.10
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Guslington
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: exe
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2022-01-
|
|
11
|
+
date: 2022-01-28 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: thor
|
|
@@ -280,6 +280,7 @@ files:
|
|
|
280
280
|
- lib/cfnguardian/resources/base.rb
|
|
281
281
|
- lib/cfnguardian/resources/batch.rb
|
|
282
282
|
- lib/cfnguardian/resources/cloudfront_distribution.rb
|
|
283
|
+
- lib/cfnguardian/resources/documentdb_cluster.rb
|
|
283
284
|
- lib/cfnguardian/resources/domain_expiry.rb
|
|
284
285
|
- lib/cfnguardian/resources/dynamodb_table.rb
|
|
285
286
|
- lib/cfnguardian/resources/ec2_instance.rb
|