cfn_monitor 0.4.0 → 0.4.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: d9ad46a04c973e8e513a89fa1a6aaa774c55680e6d23b3a86d295107420cfe79
-  data.tar.gz: 2004bfad14bb93e09873f4d048d24a03333b43c489da972be5525ab3f402f669
+  metadata.gz: 420d2480a272de76dfcd2baad3c7cb3f955466dcff3fe2cf9ba2bcc2f607d3f6
+  data.tar.gz: 0ccdcb98a99859f0cce7019ceedee88dff40b4f0dc63ea32e53d1d97b0dc1304
 SHA512:
-  metadata.gz: e10aa44c6904f4f2e669ebd4d30ff1876c1bab5d6b79a6672591cf7003f762b830d744695864b8de89c7b99ddd7f7db55adf6c019d357f59d21df3003fcbc896
-  data.tar.gz: 4a99599700015475d0df8ae6e2822763c07b343c94a325167b838c09e0cc1644a3403e6a1e4cefc16659b0c65795e6ee07f63953a8cbc666b2c891037603a2af
+  metadata.gz: 6dd02e4fdee8bf609e43e11d423534e82cbfb68c6007969348074b72a5b05e2926c86cb2419318cde1df99a78dbfb408a7cdb5970cc0abd314a45e6f98ba0a48
+  data.tar.gz: 4fcf0812c6941e3d7ac13579efd6d42156f982403f53d23f420f8ebee16cb166582f372c4614bfdb1959f120cafa033a64fc9548680ebc9b7f2915a0e4f68876

data/README.md

@@ -13,6 +13,10 @@ It is packaged as a docker container `base2/cfn-monitor` and
 can be run by volume mounting in a local directory to access the config
 or by using within AWS CodePipeline.
 
+## Install Gem
+
+`gem install cfn_monitor`
+
 ## Commands
 
 ```bash

data/lib/cfn_monitor/generate.rb

@@ -61,11 +61,12 @@ module CfnMonitor
       hosts = custom_alarms_config['hosts'] || {}
       ssl = custom_alarms_config['ssl'] || {}
       dns = custom_alarms_config['dns'] || {}
+      sql = custom_alarms_config['sql'] || {}
       services = custom_alarms_config['services'] || {}
       endpoints = custom_alarms_config['endpoints'] || {}
       ecsClusters = custom_alarms_config['ecsClusters'] || {}
 
-      alarm_parameters = { resources: resources, metrics: metrics, endpoints: endpoints, hosts: hosts, ssl: ssl, dns: dns, services: services, ecsClusters: ecsClusters }
+      alarm_parameters = { resources: resources, metrics: metrics, endpoints: endpoints, hosts: hosts, ssl: ssl, dns: dns, sql: sql, services: services, ecsClusters: ecsClusters }
       source_bucket = custom_alarms_config['source_bucket']
 
       alarm_parameters.each do | k,v |
@@ -180,7 +181,7 @@ module CfnMonitor
         File.open("#{output_path}/alarms#{index}.json", 'w') { |file|
           file.write(JSON.pretty_generate( CfnDsl.eval_file_with_extras("#{template_path}/alarms.rb",[[:yaml, config],[:raw, "template_number=#{index}"],[:raw, "template_envs=#{template_envs}"]],verbose_cfndsl)))}
       end
-      ['endpoints', 'ssl', "dns", 'hosts', 'services','ecsClusters'].each do |template|
+      ['endpoints', 'ssl', "dns", 'sql', 'hosts', 'services','ecsClusters'].each do |template|
         if !alarm_parameters[template.to_sym].nil? and alarm_parameters[template.to_sym] != {}
           File.open("#{output_path}/#{template}.json", 'w') { |file|
             file.write(JSON.pretty_generate( CfnDsl.eval_file_with_extras("#{template_path}/#{template}.rb",[[:yaml, alarms_config_file],[:raw, "template_envs=#{template_envs}"]],verbose_cfndsl)))

data/lib/cfn_monitor/version.rb

@@ -1,3 +1,3 @@
 module CfnMonitor
-  VERSION = "0.4.0".freeze
+  VERSION = "0.4.1".freeze
 end

data/lib/config/templates.yml

@@ -101,6 +101,20 @@ templates:
       EvaluationPeriods: 1
       MetricName: ExpiresInDays
       AlarmDescription: { 'Fn::Join': [ ' ', [ '${resource}', '${templateName}' ] ] }
+  Sql:
+    Crit:
+      # An SQL check is highly customisable; this config should be overriden by
+      # a custom template.
+      AlarmActions: crit
+      Namespace: SQL
+      ComparisonOperator: GreaterThanOrEqualToThreshold
+      Dimensions: [ { Name: 'Host', Value: '' } ]
+      Statistic: Maximum
+      Threshold: 1
+      Period: 60
+      EvaluationPeriods: 1
+      MetricName: Your_Metric_Name
+      AlarmDescription: { 'Fn::Join': [ ' ', [ '${resource}', '${templateName}' ] ] }
   Dns:
     Crit:
       AlarmActions: crit
@@ -615,6 +629,74 @@ templates:
       MetricName: DiskSpaceUsedPercent
       TreatMissingData: breaching
 
+  DiskINodeCheck:
+    CritLowINodeCountAtRootPath:
+      AlarmActions: crit
+      Namespace: CWAgent
+      ComparisonOperator: GreaterThanOrEqualToThreshold
+      Dimensions: [ { Name: 'path', Value: '/' }, { Name: 'host', Value: "${metric}" }, { Name: 'device', Value: 'xvda1' }, { Name: 'fstype', Value: 'ext4' } ]
+      Statistic: Maximum
+      Threshold: 471859   # 90% full, based off 524288 inodes (a 7.8GB disk)
+      Period: 60
+      EvaluationPeriods: 1
+      MetricName: INodesUsedCount
+      TreatMissingData: breaching
+    WarnLowINodeCountAtRootPath:
+      AlarmActions: warn
+      Namespace: CWAgent
+      ComparisonOperator: GreaterThanOrEqualToThreshold
+      Dimensions: [ { Name: 'path', Value: '/' }, { Name: 'host', Value: "${metric}" }, { Name: 'device', Value: 'xvda1' }, { Name: 'fstype', Value: 'ext4' } ]
+      Statistic: Maximum
+      Threshold: 419430   # 80% full, based off 524288 inodes (a 7.8GB disk)
+      Period: 60
+      EvaluationPeriods: 1
+      MetricName: INodesUsedCount
+      TreatMissingData: breaching
+    CritLowINodeCountAtDataPath:
+      AlarmActions: crit
+      Namespace: CWAgent
+      ComparisonOperator: GreaterThanOrEqualToThreshold
+      Dimensions: [ { Name: 'path', Value: '/data' }, { Name: 'host', Value: "${metric}" }, { Name: 'device', Value: 'xvdf' }, { Name: 'fstype', Value: 'ext4' } ]
+      Statistic: Maximum
+      Threshold: 23592960   # 90% full, based off 26214400 inodes (a 394GB disk)
+      Period: 60
+      EvaluationPeriods: 1
+      MetricName: INodesUsedCount
+      TreatMissingData: breaching
+    WarnLowINodeCountAtDataPath:
+      AlarmActions: warn
+      Namespace: CWAgent
+      ComparisonOperator: GreaterThanOrEqualToThreshold
+      Dimensions: [ { Name: 'path', Value: '/data' }, { Name: 'host', Value: "${metric}" }, { Name: 'device', Value: 'xvdf' }, { Name: 'fstype', Value: 'ext4' } ]
+      Statistic: Maximum
+      Threshold: 20971520   # 80% full, based off 26214400 inodes (a 394GB disk)
+      Period: 60
+      EvaluationPeriods: 1
+      MetricName: INodesUsedCount
+      TreatMissingData: breaching
+    CritLowINodeCountAtDockerPath:
+      AlarmActions: crit
+      Namespace: CWAgent
+      ComparisonOperator: GreaterThanOrEqualToThreshold
+      Dimensions: [ { Name: 'path', Value: '/var/lib/docker' }, { Name: 'host', Value: "${metric}" }, { Name: 'device', Value: 'xvdcz' }, { Name: 'fstype', Value: 'ext4' } ]
+      Statistic: Maximum
+      Threshold: 20643840   # 90% full, based off 22937600 inodes (a 345GB disk)
+      Period: 60
+      EvaluationPeriods: 1
+      MetricName: INodesUsedCount
+      TreatMissingData: breaching
+    WarnLowINodeCountAtDockerPath:
+      AlarmActions: warn
+      Namespace: CWAgent
+      ComparisonOperator: GreaterThanOrEqualToThreshold
+      Dimensions: [ { Name: 'path', Value: '/var/lib/docker' }, { Name: 'host', Value: "${metric}" }, { Name: 'device', Value: 'xvdcz' }, { Name: 'fstype', Value: 'ext4' } ]
+      Statistic: Maximum
+      Threshold: 18350080   # 80% full, based off 22937600 inodes (a 345GB disk)
+      Period: 60
+      EvaluationPeriods: 1
+      MetricName: INodesUsedCount
+      TreatMissingData: breaching
+
   AmazonMQBroker: # AWS::AmazonMQ::Broker
     CpuCreditBalanceCrit:
       AlarmActions: crit

data/lib/templates/master.rb

@@ -164,7 +164,7 @@ CloudFormation do
     Property('Handler', 'handler.main')
     Property('MemorySize', 128)
     Property('Runtime', 'python3.6')
-    Property('Timeout', 300)
+    Property('Timeout', 120)
     Property('Role', FnGetAtt('LambdaExecutionRole','Arn'))
   end
 
@@ -181,7 +181,7 @@ CloudFormation do
     Property('Handler', 'main')
     Property('MemorySize', 128)
     Property('Runtime', 'go1.x')
-    Property('Timeout', 300)
+    Property('Timeout', 30)
     Property('Role', FnGetAtt('LambdaExecutionRole','Arn'))
   end
 
@@ -198,7 +198,7 @@ CloudFormation do
     Property('Handler', 'main')
     Property('MemorySize', 128)
     Property('Runtime', 'go1.x')
-    Property('Timeout', 300)
+    Property('Timeout', 30)
     Property('Role', FnGetAtt('LambdaExecutionRole','Arn'))
   end
 
@@ -215,7 +215,7 @@ CloudFormation do
     Property('Handler', 'handler.run_check')
     Property('MemorySize', 128)
     Property('Runtime', 'python3.6')
-    Property('Timeout', 300)
+    Property('Timeout', 30)
     Property('Role', FnGetAtt('EcsCICheckLambdaExecutionRole','Arn'))
   end
 
@@ -296,6 +296,21 @@ CloudFormation do
     end
   end
 
+  sqlParams = {
+    MonitoredStack: Ref('MonitoredStack'),
+    EnvironmentName: FnGetAtt('GetEnvironmentName', 'EnvironmentName' )
+  }
+
+  sql ||= {}
+  if !sql.empty?
+    Resource("SqlStack") do
+      Type 'AWS::CloudFormation::Stack'
+      Property('TemplateURL', "https://#{source_bucket}.s3.amazonaws.com/#{upload_path}/sql.json")
+      Property('TimeoutInMinutes', 5)
+      Property('Parameters', sqlParams)
+    end
+  end
+
   hostParams = {
     EnvironmentName: FnGetAtt('GetEnvironmentName', 'EnvironmentName' )
   }

data/lib/templates/sql.rb

@@ -0,0 +1,117 @@
+require 'cfndsl'
+
+CloudFormation do
+  Description("CloudWatch Endpoints")
+
+  Parameter("MonitoredStack"){
+    Type 'String'
+  }
+  Parameter("EnvironmentName"){
+    Type 'String'
+  }
+
+  Resource("SqlLambdaExecutionRole") do
+    Type 'AWS::IAM::Role'
+    Property('AssumeRolePolicyDocument', {
+      Version: '2012-10-17',
+      Statement: [{
+        Effect: 'Allow',
+        Principal: { Service: [ 'lambda.amazonaws.com' ] },
+        Action: [ 'sts:AssumeRole' ]
+      }]
+    })
+    Property('Path','/')
+    Property('Policies', [
+      PolicyName: 'SQL',
+      PolicyDocument: {
+        Version: '2012-10-17',
+        Statement: [{
+          Effect: 'Allow',
+          Action: [ 'logs:CreateLogGroup', 'logs:CreateLogStream', 'logs:PutLogEvents' ],
+          Resource: 'arn:aws:logs:*:*:*'
+        },
+        {
+          Effect: 'Allow',
+          Action: [ 'cloudwatch:PutMetricData' ],
+          Resource: '*'
+        },
+        {
+          Effect: 'Allow',
+          Action: [ 'ec2:CreateNetworkInterface', 'ec2:DescribeNetworkInterfaces', 'ec2:DeleteNetworkInterface' ],
+          Resource: '*'
+        }]
+      }
+    ])
+  end
+
+  alarms.each do |alarm|
+    if alarm[:type] == 'sq'
+
+      config = alarm[:parameters]
+      configHash =  Digest::MD5.hexdigest ("sql-" + config['subnetIds'].sort().join() + config['vpcId'])
+
+      # No default as this is value is highly variable
+      #params['scheduleExpression'] ||= "0 12 * * ? *"
+
+      Resource("SqlSecurityGroup#{configHash}") {
+        Type 'AWS::EC2::SecurityGroup'
+        Property('VpcId', config['vpcId'])
+        Property('GroupDescription', "Monitoring Security Group (SQL)")
+      }
+
+      Resource("SqlCheckFunction#{configHash}") do
+        Type 'AWS::Lambda::Function'
+        Property('Code', { S3Bucket: FnJoin('.', ['base2.lambda', Ref('AWS::Region')]), S3Key: 'aws-lambda-sql-check/0.1/handler.zip' })
+        Property('Handler', 'main')
+        Property('MemorySize', 128)
+        Property('Runtime', 'go1.x')
+        Property('Timeout', 300)
+        Property('Role', FnGetAtt("SqlLambdaExecutionRole",'Arn'))
+        Property('VpcConfig', {
+          SecurityGroupIds: config['securityGroupIds'] || [  Ref("SqlSecurityGroup#{configHash}") ],
+          SubnetIds: config['subnetIds']
+        })
+      end
+
+      Resource("SqlCheckPermissions#{configHash}") do
+        Type 'AWS::Lambda::Permission'
+        Property('FunctionName', Ref("SqlCheckFunction#{configHash}"))
+        Property('Action', 'lambda:InvokeFunction')
+        Property('Principal', 'events.amazonaws.com')
+      end
+
+      # e.g. db_user:password@tcp(localhost:3306)/my_db
+      connection_string = "#{config['databaseUsername']}:#{config['databasePassword']}@tcp(#{config['databaseHost']}:#{config['databasePort']})"
+      if config.key?('databaseName')
+        connection_string += "/#{config['databaseName']}"
+      end
+
+      #p "Connection string for metric is: #{connection_string}"
+
+      # Create payload
+      payload = {
+        SqlHost:      config['databaseHost'],
+        SqlDriver:    config['databaseDriver'],
+        SqlCall:      config['databaseQuery'],
+        SqlConnectionString: connection_string,
+        MetricName:   alarm[:resource],
+        Region:       "${region}",
+        TestType:     '1-row-1-value-zero-is-good'
+      }
+
+      Resource("SqlCheckSchedule#{configHash}") do
+        Type 'AWS::Events::Rule'
+        Property('Description', "#{config['databaseHost']} => #{alarm[:resource]}")
+        Property('ScheduleExpression', config['scheduleExpression'])
+        Property('State', 'ENABLED')
+        Property('Targets', [
+          {
+            Arn: FnGetAtt("SqlCheckFunction#{configHash}", "Arn"),
+            Id: configHash,
+            Input: FnSub(payload.to_json, region: Ref("AWS::Region"))
+          }
+        ])
+      end
+    end
+  end
+end

data/lib/templates/ssl.rb

@@ -1,7 +1,7 @@
 require 'cfndsl'
 
 CloudFormation do
-  Description("CloudWatch Endpoints")
+  Description("CloudWatch SQL Queries")
 
   Parameter("MonitoredStack"){
     Type 'String'

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: cfn_monitor
 version: !ruby/object:Gem::Version
-  version: 0.4.0
+  version: 0.4.1
 platform: ruby
 authors:
 - Base2Services
@@ -10,7 +10,7 @@ authors:
 autorequire: 
 bindir: exe
 cert_chain: []
-date: 2019-06-20 00:00:00.000000000 Z
+date: 2019-07-11 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: thor
@@ -227,6 +227,7 @@ files:
 - lib/templates/master.rb
 - lib/templates/resources.rb
 - lib/templates/services.rb
+- lib/templates/sql.rb
 - lib/templates/ssl.rb
 homepage: https://github.com/base2Services/cfn-monitor/blob/master/README.md
 licenses: