cfn_monitor 0.1.0

data/lib/templates/alarms.rb

@@ -0,0 +1,178 @@
+require 'cfndsl'
+require_relative '../ext/alarms'
+
+CloudFormation do
+  Description("CloudWatch Alarms #{template_number}")
+
+  Parameter("MonitoredStack"){
+    Type 'String'
+  }
+  Parameter("SnsTopicCrit"){
+    Type 'String'
+  }
+  Parameter("SnsTopicWarn"){
+    Type 'String'
+  }
+  Parameter("SnsTopicTask"){
+    Type 'String'
+  }
+  Parameter("MonitoringDisabled"){
+    Type 'String'
+  }
+  Parameter("EnvironmentType"){
+    Type 'String'
+  }
+  Parameter("EnvironmentName"){
+    Type 'String'
+  }
+
+  Condition('MonitoringDisabled', FnEquals(Ref("MonitoringDisabled"),'true'))
+  Condition('CritSNS', FnNot(FnEquals(Ref("SnsTopicCrit"),'')))
+  Condition('WarnSNS', FnNot(FnEquals(Ref("SnsTopicWarn"),'')))
+  Condition('TaskSNS', FnNot(FnEquals(Ref("SnsTopicTask"),'')))
+
+  actionsEnabledMap = {
+    crit: FnIf('CritSNS',[ Ref('SnsTopicCrit') ], [ ]),
+    warn: FnIf('WarnSNS',[ Ref('SnsTopicWarn') ], [ ]),
+    task: FnIf('TaskSNS',[ Ref('SnsTopicTask') ], [ ])
+  }
+
+  alarms.each do |alarm|
+
+    # Should create or disable the alarms?
+    next if (defined? alarm[:parameters]['CreateAlarm']) and alarm[:parameters]['CreateAlarm'] == false
+
+    if (defined? alarm[:parameters]['DisableAlarm']) and alarm[:parameters]['DisableAlarm'] == true then
+      alarm[:parameters]['ActionsEnabled'] = 'false'
+      alarm[:parameters].delete('DisableAlarm')  # Remove the key from the CFN output
+    end
+
+    resourceGroup = alarm[:resource]
+    resources = resourceGroup.split('/')
+    type = alarm[:type]
+    template = alarm[:template]
+    name = alarm[:alarm]
+    params = alarm[:parameters]
+    cmd = params['cmd']
+
+    alarmHash = Digest::MD5.hexdigest "#{resourceGroup}#{template}#{name}#{cmd}"
+
+    # Set defaults for optional parameters
+    params['TreatMissingData']  ||= 'missing'
+    params['AlarmDescription']  ||= FnJoin(' ', [ Ref('MonitoredStack'), "#{template}", "#{name}", FnSub(resourceGroup, env: Ref('EnvironmentName')) ])
+    params['ActionsEnabled']    = 'true' if !params.key?('ActionsEnabled')
+    params['Period']            ||= 60
+
+    # Replace variables in parameters
+    params.each do |k,v|
+      replace_vars(params[k],'${name}',resourceGroup)
+      replace_vars(params[k],'${metric}',resourceGroup)
+      replace_vars(params[k],'${resource}',resourceGroup)
+      replace_vars(params[k],'${endpoint}',resourceGroup)
+      replace_vars(params[k],'${templateName}',template)
+      replace_vars(params[k],'${alarmName}',name)
+      replace_vars(params[k],'${cmd}',cmd)
+    end
+
+    # Alarm action defaults
+    if !params['AlarmActions'].nil?
+      alarmActions = actionsEnabledMap[ params['AlarmActions'].downcase.to_sym ]
+    else
+      alarmActions = actionsEnabledMap['crit']
+    end
+
+    if !params['InsufficientDataActions'].nil?
+      insufficientDataActions = actionsEnabledMap[ params['InsufficientDataActions'].downcase.to_sym ]
+    elsif !params['AlarmActions'].nil? && params['AlarmActions'].downcase.to_sym == :task
+      insufficientDataActions = []
+    elsif !params['AlarmActions'].nil?
+      insufficientDataActions = actionsEnabledMap[ params['AlarmActions'].downcase.to_sym ]
+    else
+      insufficientDataActions = actionsEnabledMap['crit']
+    end
+
+    if !params['OKActions'].nil?
+      oKActions = actionsEnabledMap[ params['OKActions'].downcase.to_sym ]
+    elsif !params['AlarmActions'].nil? && params['AlarmActions'].downcase.to_sym == :task
+      oKActions = []
+    elsif !params['AlarmActions'].nil?
+      oKActions = actionsEnabledMap[ params['AlarmActions'].downcase.to_sym ]
+    else
+      oKActions = actionsEnabledMap['crit']
+    end
+
+    conditions = []
+
+    # Configure resource parameters
+    if type == 'resource'
+      # Configure physical resource inputs
+      dimensionsNames = params['DimensionsName'].split('/')
+      dimensions = []
+      resources.each_with_index do |resource,index|
+        resourceHash =  Digest::MD5.hexdigest resource
+        # Create parameters for incoming physical resource IDs
+        Parameter("GetPhysicalId#{resourceHash}") do
+          Type 'String'
+        end
+        # Transform physical resource IDs into dimension values if required
+        dimensionValue = Ref("GetPhysicalId#{resourceHash}")
+        dimensionValue = FnSelect('5',FnSplit(':',Ref("GetPhysicalId#{resourceHash}"))) if dimensionsNames[index] == 'TargetGroup'
+        dimensionValue = FnSelect('1',FnSplit('loadbalancer/',Ref("GetPhysicalId#{resourceHash}"))) if dimensionsNames[index] == 'LoadBalancer'
+        dimensionValue = FnSelect('1',FnSplit('service/',Ref("GetPhysicalId#{resourceHash}"))) if dimensionsNames[index] == 'ServiceName'
+        dimensionValue = FnJoin('', [Ref("GetPhysicalId#{resourceHash}"),'-001']) if dimensionsNames[index] == 'CacheClusterId'
+        # Prepare conditions based on physical resource ID values
+        conditions << FnNot(FnEquals(Ref("GetPhysicalId#{resourceHash}"),'null'))
+        dimensions << { Name: dimensionsNames[index], Value: dimensionValue }
+      end
+      params['Dimensions'] = dimensions
+    end
+
+    # Add environment conditions if needed
+    if alarm[:environments] != ['all']
+      envConditions = []
+      alarm[:environments].each do | env |
+        envConditions << FnEquals(Ref("EnvironmentName"),env)
+      end
+      if envConditions.length > 1
+        conditions << FnOr(envConditions)
+      elsif envConditions.length == 1
+        conditions << envConditions[0]
+      end
+    end
+
+    # Create conditions
+    if conditions.length > 1
+      Condition("Condition#{alarmHash}", FnAnd(conditions))
+    elsif conditions.length == 1
+      Condition("Condition#{alarmHash}", conditions[0])
+    end
+
+    # Create parameter mappings
+    create_param_mappings(params,template_envs,alarmHash)
+
+    # Create alarms
+    Resource("Alarm#{alarmHash}") do
+      Condition "Condition#{alarmHash}" if conditions.length > 0
+      Type('AWS::CloudWatch::Alarm')
+      Property('ActionsEnabled', FnIf('MonitoringDisabled', false, FnFindInMap("#{alarmHash}",'ActionsEnabled',Ref('EnvironmentType'))))
+      Property('AlarmActions', alarmActions)
+      Property('AlarmDescription', params['AlarmDescription'])
+      Property('ComparisonOperator', FnFindInMap("#{alarmHash}",'ComparisonOperator',Ref('EnvironmentType')))
+      Property('Dimensions', params['Dimensions'])
+      Property('EvaluateLowSampleCountPercentile', params['EvaluateLowSampleCountPercentile']) unless params['EvaluateLowSampleCountPercentile'].nil?
+      Property('EvaluationPeriods', FnFindInMap("#{alarmHash}",'EvaluationPeriods',Ref('EnvironmentType')))
+      Property('ExtendedStatistic', params['ExtendedStatistic']) unless params['ExtendedStatistic'].nil?
+      Property('InsufficientDataActions', insufficientDataActions)
+      Property('MetricName', FnFindInMap("#{alarmHash}",'MetricName',Ref('EnvironmentType')))
+      Property('Namespace', FnFindInMap("#{alarmHash}",'Namespace',Ref('EnvironmentType')))
+      Property('OKActions', oKActions)
+      Property('Period', FnFindInMap("#{alarmHash}",'Period',Ref('EnvironmentType')))
+      Property('Statistic', FnFindInMap("#{alarmHash}",'Statistic',Ref('EnvironmentType')))
+      Property('Threshold', FnFindInMap("#{alarmHash}",'Threshold',Ref('EnvironmentType')))
+      Property('TreatMissingData',FnFindInMap("#{alarmHash}",'TreatMissingData',Ref('EnvironmentType')))
+      Property('Unit', params['Unit']) unless params['Unit'].nil?
+    end
+
+end
+
+end

data/lib/templates/endpoints.rb

@@ -0,0 +1,66 @@
+require 'cfndsl'
+
+CloudFormation do
+  Description("CloudWatch Endpoints")
+
+  Parameter("MonitoredStack"){
+    Type 'String'
+  }
+  Parameter("EnvironmentName"){
+    Type 'String'
+  }
+  Parameter("HttpCheckFunctionArn"){
+    Type 'String'
+  }
+
+  alarms.each do |alarm|
+    if alarm[:type] == 'endpoint'
+      endpointHash =  Digest::MD5.hexdigest alarm[:resource]
+
+      # Conditionally create shedule based on environments attribute
+      if alarm[:environments] != ['all']
+        conditions = []
+        alarm[:environments].each do | env |
+          conditions << FnEquals(Ref("EnvironmentName"),env)
+        end
+        if conditions.length > 1
+          Condition("Condition#{endpointHash}", FnOr(conditions))
+        else
+          Condition("Condition#{endpointHash}", conditions[0])
+        end
+      end
+
+      ep = alarm[:parameters]
+
+      # Set defaults
+      ep['scheduleExpression'] ||= "* * * * ? *"
+
+      # Create payload
+      payload = {}
+      payload['TIMEOUT'] = ep['timeOut'] || 120
+      payload['STATUS_CODE_MATCH'] = ep['statusCode'] || 200
+      payload['ENDPOINT'] = alarm[:resource]
+      payload['BODY_REGEX_MATCH'] = ep['bodyRegex'] if !ep['bodyRegex'].nil?
+      payload['HEADERS'] = ep['headers'] if !ep['headers'].nil?
+      payload['METHOD'] = ep['method'] || "GET"
+      payload['PAYLOAD'] = ep['payload'] if !ep['payload'].nil?
+
+      endpointHash =  Digest::MD5.hexdigest alarm[:resource]
+      Resource("HttpCheckSchedule#{endpointHash}") do
+        Condition "Condition#{endpointHash}" if alarm[:environments] != ['all']
+        Type 'AWS::Events::Rule'
+        Property('Description', FnSub( payload['ENDPOINT'], env: Ref('EnvironmentName') ) )
+        Property('ScheduleExpression', "cron(#{ep['scheduleExpression']})")
+        Property('State', 'ENABLED')
+        Property('Targets', [
+          {
+            Arn: Ref('HttpCheckFunctionArn'),
+            Id: endpointHash,
+            Input: FnSub( payload.to_json, env: Ref('EnvironmentName') )
+          }
+        ])
+      end
+    end
+  end
+
+end

data/lib/templates/hosts.rb

@@ -0,0 +1,126 @@
+require 'cfndsl'
+
+CloudFormation do
+  Description("CloudWatch Hosts")
+
+  Parameter("EnvironmentName"){
+    Type 'String'
+  }
+
+  alarms.each do |alarm|
+    if alarm[:type] == 'host'
+      hostHash = Digest::MD5.hexdigest alarm[:resource]
+
+      # Conditionally create shedule based on environments attribute
+      if alarm[:environments] != ['all']
+        conditions = []
+        alarm[:environments].each do | env |
+          conditions << FnEquals(Ref("EnvironmentName"),env)
+        end
+        if conditions.length > 1
+          Condition("Condition#{hostHash}", FnOr(conditions))
+        else
+          Condition("Condition#{hostHash}", conditions[0])
+        end
+      end
+
+      # Set defaults
+      host = alarm[:parameters]
+      host['scheduleExpression'] ||= "* * * * ? *"
+
+      Resource("NrpeLambdaExecutionRole#{hostHash}") do
+        Condition "Condition#{hostHash}" if alarm[:environments] != ['all']
+        Type 'AWS::IAM::Role'
+        Property('AssumeRolePolicyDocument', {
+          Version: '2012-10-17',
+          Statement: [{
+            Effect: 'Allow',
+            Principal: { Service: [ 'lambda.amazonaws.com' ] },
+            Action: [ 'sts:AssumeRole' ]
+          }]
+        })
+        Property('Path','/')
+        Property('Policies', [
+          PolicyName: 'NRPE',
+          PolicyDocument: {
+            Version: '2012-10-17',
+            Statement: [{
+              Effect: 'Allow',
+              Action: [ 'logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents' ],
+              Resource: 'arn:aws:logs:*:*:*'
+            },
+            {
+              Effect: 'Allow',
+              Action: [ 'cloudwatch:PutMetricData' ],
+              Resource: '*'
+            },
+            {
+              Effect: 'Allow',
+              Action: [ 'ec2:CreateNetworkInterface', 'ec2:DescribeNetworkInterfaces', 'ec2:DeleteNetworkInterface' ],
+              Resource: '*'
+            }]
+          }
+        ])
+      end
+
+      Resource("SecurityGroup#{hostHash}") {
+        Condition "Condition#{hostHash}" if alarm[:environments] != ['all']
+        Type 'AWS::EC2::SecurityGroup'
+        Property('VpcId', host['vpcId'])
+        Property('GroupDescription', "Monitoring Security Group #{hostHash}")
+      }
+
+      Resource("NrpeCheckFunction#{hostHash}") do
+        Condition "Condition#{hostHash}" if alarm[:environments] != ['all']
+        Type 'AWS::Lambda::Function'
+        Property('Code', { S3Bucket: FnJoin('.',['base2.lambda',Ref('AWS::Region')]), S3Key: 'nrpe.zip' })
+        Property('Handler', 'nrpe')
+        Property('MemorySize', 128)
+        Property('Runtime', 'go1.x')
+        Property('Timeout', 300)
+        Property('Role', FnGetAtt("NrpeLambdaExecutionRole#{hostHash}",'Arn'))
+        Property('VpcConfig', {
+          SecurityGroupIds: [ Ref("SecurityGroup#{hostHash}") ],
+          SubnetIds: host['subnetIds']
+        })
+      end
+
+      Resource("NrpeCheckPermissions#{hostHash}") do
+        Condition "Condition#{hostHash}" if alarm[:environments] != ['all']
+        Type 'AWS::Lambda::Permission'
+        Property('FunctionName', Ref("NrpeCheckFunction#{hostHash}"))
+        Property('Action', 'lambda:InvokeFunction')
+        Property('Principal', 'events.amazonaws.com')
+      end
+
+      cmds = host['cmds']
+      if !cmds.kind_of?(Array) then cmds = cmds.split end
+      cmds.each do |cmd|
+
+        # Create payload
+        payload = {}
+        payload['host'] = alarm[:resource]
+        payload['environment'] = "${env}"
+        payload['region'] = "${region}"
+        payload['cmd'] = cmd
+
+        cmdHash = Digest::MD5.hexdigest cmd
+        Resource("NrpeCheckSchedule#{hostHash}#{cmdHash}") do
+          Condition "Condition#{hostHash}" if alarm[:environments] != ['all']
+          Type 'AWS::Events::Rule'
+          Property('Description', FnSub( "${env}-#{alarm[:resource]} #{cmd}", env: Ref('EnvironmentName') ) )
+          Property('ScheduleExpression', "cron(#{host['scheduleExpression']})")
+          Property('State', 'ENABLED')
+          Property('Targets', [
+            {
+              Arn: FnGetAtt("NrpeCheckFunction#{hostHash}",'Arn'),
+              Id: hostHash,
+              Input: FnSub( payload.to_json, env: Ref('EnvironmentName'), region: Ref("AWS::Region") )
+            }
+          ])
+        end
+      end
+    end
+  end
+
+end

data/lib/templates/master.rb

@@ -0,0 +1,213 @@
+require 'cfndsl'
+require 'cfn_monitor/version'
+
+src_lambda_dir = File.expand_path("../../lambda", __FILE__)
+
+CloudFormation do
+
+  Description("CloudWatch Alarms Master")
+
+  Parameter("MonitoredStack"){
+    Type 'String'
+  }
+  Parameter("SnsTopicCrit"){
+    Type 'String'
+  }
+  Parameter("SnsTopicWarn"){
+    Type 'String'
+  }
+  Parameter("SnsTopicTask"){
+    Type 'String'
+  }
+  Parameter("MonitoringDisabled"){
+    Type 'String'
+    Default false
+    AllowedValues [true,false]
+  }
+  Parameter("EnvironmentType"){
+    Type 'String'
+    AllowedValues template_envs
+    Default 'production'
+  }
+  Parameter("ConfigToggle"){
+    Type 'String'
+    AllowedValues ['up','down']
+    Default 'up'
+  }
+
+  Resource("CFLambdaExecutionRole") do
+    Type 'AWS::IAM::Role'
+    Property('AssumeRolePolicyDocument', {
+      Version: '2012-10-17',
+      Statement: [{
+        Effect: 'Allow',
+        Principal: { Service: [ 'lambda.amazonaws.com' ] },
+        Action: [ 'sts:AssumeRole' ]
+      }]
+    })
+    Property('Path','/')
+    Property('Policies', [
+      PolicyName: 'CloudFormationReadOnly',
+      PolicyDocument: {
+        Version: '2012-10-17',
+        Statement: [{
+          Effect: 'Allow',
+          Action: [ 'logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents' ],
+          Resource: 'arn:aws:logs:*:*:*'
+        },
+        {
+          Effect: 'Allow',
+          Action: [ 'cloudformation:Describe*', 'cloudformation:Get*', 'cloudformation:List*' ],
+          Resource: '*'
+        }]
+      }
+    ])
+  end
+
+  Resource("HttpLambdaExecutionRole") do
+    Type 'AWS::IAM::Role'
+    Property('AssumeRolePolicyDocument', {
+      Version: '2012-10-17',
+      Statement: [{
+        Effect: 'Allow',
+        Principal: { Service: [ 'lambda.amazonaws.com' ] },
+        Action: [ 'sts:AssumeRole' ]
+      }]
+    })
+    Property('Path','/')
+    Property('Policies', [
+      PolicyName: 'CloudFormationReadOnly',
+      PolicyDocument: {
+        Version: '2012-10-17',
+        Statement: [{
+          Effect: 'Allow',
+          Action: [ 'logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents' ],
+          Resource: 'arn:aws:logs:*:*:*'
+        },
+        {
+          Effect: 'Allow',
+          Action: [ 'cloudwatch:PutMetricData' ],
+          Resource: '*'
+        }]
+      }
+    ])
+  end
+
+  Resource("GetPhysicalIdFunction") do
+    Type 'AWS::Lambda::Function'
+    Property('Code', { ZipFile: FnJoin("", IO.readlines("#{src_lambda_dir}/getPhysicalId.py").each { |line| "\"#{line}\"," }) })
+    Property('Handler', 'index.handler')
+    Property('MemorySize', 128)
+    Property('Runtime', 'python2.7')
+    Property('Timeout', 300)
+    Property('Role', FnGetAtt('CFLambdaExecutionRole','Arn'))
+  end
+
+  Resource("GetEnvironmentNameFunction") do
+    Type 'AWS::Lambda::Function'
+    Property('Code', { ZipFile: FnJoin("", IO.readlines("#{src_lambda_dir}/getEnvironmentName.py").each { |line| "\"#{line}\"," }) })
+    Property('Handler', 'index.handler')
+    Property('MemorySize', 128)
+    Property('Runtime', 'python2.7')
+    Property('Timeout', 300)
+    Property('Role', FnGetAtt('CFLambdaExecutionRole','Arn'))
+  end
+
+  Resource("GetEnvironmentName") do
+    Type 'Custom::GetEnvironmentName'
+    Property('ServiceToken',FnGetAtt('GetEnvironmentNameFunction','Arn'))
+    Property('StackName', Ref('MonitoredStack'))
+    Property('Region', Ref('AWS::Region'))
+    Property('ConfigToggle', Ref('ConfigToggle'))
+  end
+
+  Resource("HttpCheckFunction") do
+    Type 'AWS::Lambda::Function'
+    Property('Code', { S3Bucket: FnJoin('.',[Ref('AWS::Region'),'aws-lambda-http-check']), S3Key: 'httpCheck-v2.zip' })
+    Property('Handler', 'handler.http_check')
+    Property('MemorySize', 128)
+    Property('Runtime', 'python3.6')
+    Property('Timeout', 300)
+    Property('Role', FnGetAtt('HttpLambdaExecutionRole','Arn'))
+  end
+
+  Resource("HttpCheckPermissions") do
+    Type 'AWS::Lambda::Permission'
+    Property('FunctionName', Ref('HttpCheckFunction'))
+    Property('Action', 'lambda:InvokeFunction')
+    Property('Principal', 'events.amazonaws.com')
+  end
+
+  params = {
+    MonitoredStack: Ref('MonitoredStack'),
+    SnsTopicCrit: Ref('SnsTopicCrit'),
+    SnsTopicWarn: Ref('SnsTopicWarn'),
+    SnsTopicTask: Ref('SnsTopicTask'),
+    MonitoringDisabled: Ref('MonitoringDisabled'),
+    EnvironmentType: Ref('EnvironmentType'),
+    GetPhysicalIdFunctionArn: FnGetAtt('GetPhysicalIdFunction','Arn'),
+    EnvironmentName: FnGetAtt('GetEnvironmentName', 'EnvironmentName' ),
+    ConfigToggle: Ref('ConfigToggle')
+  }
+
+  templateCount.times do |i|
+    Resource("ResourcesStack#{i}") do
+      Type 'AWS::CloudFormation::Stack'
+      Property('TemplateURL', "https://#{source_bucket}.s3.amazonaws.com/#{upload_path}/resources#{i}.json")
+      Property('TimeoutInMinutes', 5)
+      Property('Parameters', params)
+    end
+  end
+
+  endpointParams = {
+    MonitoredStack: Ref('MonitoredStack'),
+    HttpCheckFunctionArn: FnGetAtt('HttpCheckFunction','Arn'),
+    EnvironmentName: FnGetAtt('GetEnvironmentName', 'EnvironmentName' )
+  }
+
+  endpoints ||= {}
+  if !endpoints.empty?
+    Resource("EndpointsStack") do
+      Type 'AWS::CloudFormation::Stack'
+      Property('TemplateURL', "https://#{source_bucket}.s3.amazonaws.com/#{upload_path}/endpoints.json")
+      Property('TimeoutInMinutes', 5)
+      Property('Parameters', endpointParams)
+    end
+  end
+
+  hostParams = {
+    EnvironmentName: FnGetAtt('GetEnvironmentName', 'EnvironmentName' )
+  }
+
+  hosts ||= {}
+  if !hosts.empty?
+    Resource("HostsStack") do
+      Type 'AWS::CloudFormation::Stack'
+      Property('TemplateURL', "https://#{source_bucket}.s3.amazonaws.com/#{upload_path}/hosts.json")
+      Property('TimeoutInMinutes', 5)
+      Property('Parameters', hostParams)
+    end
+  end
+
+  servicesParams = {
+    EnvironmentName: FnGetAtt('GetEnvironmentName', 'EnvironmentName' )
+  }
+
+  services ||= {}
+  if !services.empty?
+    Resource("ServicesStack") do
+      Type 'AWS::CloudFormation::Stack'
+      Property('TemplateURL', "https://#{source_bucket}.s3.amazonaws.com/#{upload_path}/services.json")
+      Property('TimeoutInMinutes', 5)
+      Property('Parameters', servicesParams)
+    end
+  end
+
+  Output("CfnMonitorVersion") { Value(CfnMonitor::VERSION) }
+  Output("RenderDate") { Value(Time.now.strftime("%Y-%m-%d")) }
+  Output("MonitoredStack") { Value(Ref("MonitoredStack")) }
+  Output("StackName") { Value(Ref("AWS::StackName")) }
+  Output("Region") { Value(Ref("AWS::Region")) }
+  Output("MonitoringDisabled") { Value(Ref("MonitoringDisabled")) }
+
+end

data/lib/templates/resources.rb

@@ -0,0 +1,82 @@
+require 'cfndsl'
+
+CloudFormation do
+  Description("CloudWatch Resources #{template_number}")
+
+  Parameter("MonitoredStack"){
+    Type 'String'
+  }
+  Parameter("SnsTopicCrit"){
+    Type 'String'
+  }
+  Parameter("SnsTopicWarn"){
+    Type 'String'
+  }
+  Parameter("SnsTopicTask"){
+    Type 'String'
+  }
+  Parameter("MonitoringDisabled"){
+    Type 'String'
+  }
+  Parameter("EnvironmentType"){
+    Type 'String'
+  }
+  Parameter("GetPhysicalIdFunctionArn"){
+    Type 'String'
+  }
+  Parameter("EnvironmentName"){
+    Type 'String'
+  }
+  Parameter("ConfigToggle"){
+    Type 'String'
+  }
+
+  Condition('MonitoringDisabled', FnEquals(Ref("MonitoringDisabled"),'true'))
+
+  # Create CloudFormation Custom Resources
+  customResources = []
+  alarms.each do |alarm|
+    type = alarm[:type]
+    if type == 'resource'
+      # Split resources for multi-dimension alarms
+      resources = alarm[:resource].split('/')
+      resources.each_with_index do |resource,index|
+        resourceHash =  Digest::MD5.hexdigest resource
+        Resource("GetPhysicalId#{resourceHash}") do
+          Type 'Custom::GetResourcePhysicalId'
+          Property('ServiceToken', Ref('GetPhysicalIdFunctionArn'))
+          Property('StackName', Ref('MonitoredStack'))
+          Property('LogicalResourceId', FnJoin( '.', [ Ref('MonitoredStack'), resource ] ))
+          Property('Region', Ref('AWS::Region'))
+          Property('ConfigToggle', Ref('ConfigToggle'))
+        end
+        customResources << "GetPhysicalId#{resourceHash}"
+        # Create outputs for user reference
+        Output("#{resource.delete('.')}") { Value(FnGetAtt("GetPhysicalId#{resourceHash}",'PhysicalResourceId')) }
+      end
+    end
+  end
+
+  params = {
+    MonitoredStack: Ref('MonitoredStack'),
+    SnsTopicCrit: Ref('SnsTopicCrit'),
+    SnsTopicWarn: Ref('SnsTopicWarn'),
+    SnsTopicTask: Ref('SnsTopicTask'),
+    MonitoringDisabled: Ref('MonitoringDisabled'),
+    EnvironmentType: Ref('EnvironmentType'),
+    EnvironmentName: Ref('EnvironmentName')
+  }
+
+  # Add custom resources to nested stack params
+  customResources.each do |cr|
+    params.merge!( cr => FnGetAtt(cr, 'PhysicalResourceId' ))
+  end
+
+  Resource("AlarmsStack#{template_number}") do
+    Type 'AWS::CloudFormation::Stack'
+    Property('TemplateURL', "https://#{source_bucket}.s3.amazonaws.com/#{upload_path}/alarms#{template_number}.json")
+    Property('TimeoutInMinutes', 5)
+    Property('Parameters', params)
+  end
+
+end