sensu-plugins-aws-boutetnico 1.0.6

data/bin/check-beanstalk-health.rb

@@ -0,0 +1,123 @@
+#! /usr/bin/env ruby
+#
+# check-beanstalk-health
+#
+# DESCRIPTION:
+#   This plugin checks the health of a beanstalk environment using
+#   the enhanced health reporting.
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   ./check-beanstalk-health -e MyAppEnv
+#
+# NOTES:
+#
+# LICENSE:
+#   Brendan Leon Gibat
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+require 'json'
+
+class BeanstalkHealth < Sensu::Plugin::Check::CLI
+  option :environment,
+         description: 'Application environment name',
+         short: '-e ENVIRONMENT_NAME',
+         long: '--environment ENVIRONMENT_NAME',
+         required: true
+
+  option :no_data_ok,
+         short: '-n',
+         long: '--allow-no-data',
+         description: 'Returns unknown if health status is Grey. If set to false this will critical on a Grey status.',
+         boolean: true,
+         default: true
+
+  option :aws_region,
+         short:       '-r AWS_REGION',
+         long:        '--aws-region REGION',
+         description: 'Optional parameter to specify AWS Region.'
+
+  def env_health
+    @env_health ||= beanstalk_client
+                    .describe_environment_health(
+                      environment_name: config[:environment],
+                      attribute_names: %w[Color Status HealthStatus Causes]
+                    )
+  end
+
+  def beanstalk_client
+    @beanstalk_client ||= if config[:aws_region]
+                            Aws::ElasticBeanstalk::Client.new(
+                              region: config[:aws_region]
+                            )
+                          else
+                            Aws::ElasticBeanstalk::Client.new
+                          end
+  end
+
+  def instances_health
+    @instances_health ||= begin
+      curr_instances = beanstalk_client.describe_instances_health(
+        environment_name: config[:environment],
+        attribute_names: %w[Color HealthStatus Causes]
+      )
+      instances = curr_instances.instance_health_list
+      until curr_instances.next_token.nil?
+        curr_instances = beanstalk_client.describe_instances_health(
+          environment_name: config[:environment],
+          attribute_names: %w[Color HealthStatus Causes]
+        )
+        instances.concat(curr_instances.instance_health_list)
+      end
+      instances
+    end
+  end
+
+  def unhealthy_instances
+    @unhealthy_instances ||= instances_health.reject { |i| i.color == 'Green' }
+  end
+
+  def status_rollup
+    "Beanstalk Status: #{env_health.status}, Health Status: #{env_health.health_status}, Causes: #{env_health.causes.join(', ')}"
+  end
+
+  def unhealthy_instance_description(instance)
+    "instance id: #{instance.instance_id}, color: #{instance.color}, health status: #{instance.health_status}, causes: [#{instance.causes.join(', ')}]"
+  end
+
+  def unhealthy_instances_rollup
+    "Unhealthy instances and causes: [ #{unhealthy_instances.collect { |i| unhealthy_instance_description(i) }.join(', ')} ]"
+  end
+
+  def run
+    color = env_health.color
+    if color == 'Green'
+      ok
+    elsif color == 'Yellow'
+      warning "Environment status is YELLOW. #{status_rollup} #{unhealthy_instances_rollup}"
+    elsif color == 'Red'
+      critical "Environment status is RED. #{status_rollup} #{unhealthy_instances_rollup}"
+    elsif color == 'Grey'
+      if config[:no_data_ok]
+        unknown "Environment status is GREY. This means NO DATA. #{status_rollup}"
+      else
+        critical "Environment status is GREY. This means NO DATA. #{status_rollup}"
+      end
+    else
+      critical "Unknown Environment status response, #{color}"
+    end
+  end
+end

data/bin/check-certificate-expiry.rb

@@ -0,0 +1,123 @@
+#! /usr/bin/env ruby
+#
+# check-certificate-expiry
+#
+# DESCRIPTION:
+#   Checks expiration date on certificate. If no certificate is passed it checks
+#   all certs in account.  Will use default provider if no access key and secret are passed
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   ./check-certificate-expiry.rb --server-certificate-name ${cert_name} --warning 45 --critical 30
+#
+# NOTES:
+#   Based heavily on Yohei Kawahara's check-ec2-network
+#
+# LICENSE:
+#   Zach Bintliff <zbintliff@gmail.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+
+class CheckCertificateExpiry < Sensu::Plugin::Check::CLI
+  option :aws_access_key,
+         short:       '-a AWS_ACCESS_KEY',
+         long:        '--aws-access-key AWS_ACCESS_KEY',
+         description: "AWS Access Key. Either set ENV['AWS_ACCESS_KEY'] or provide it as an option. Uses Default Credential if none are passed",
+         default:     ENV['AWS_ACCESS_KEY']
+
+  option :aws_secret_access_key,
+         short:       '-k AWS_SECRET_KEY',
+         long:        '--aws-secret-access-key AWS_SECRET_KEY',
+         description: "AWS Secret Access Key. Either set ENV['AWS_SECRET_KEY'] or provide it as an option. Uses Default Credential if none are passed",
+         default:     ENV['AWS_SECRET_KEY']
+
+  option :aws_region,
+         short:       '-r AWS_REGION',
+         long:        '--aws-region REGION',
+         description: 'AWS Region (defaults to us-east-1).',
+         default:     'us-east-1'
+
+  option :server_certificate_name,
+         short:       '-n CERTIFICATE_NAME',
+         long:        '--server-certificate-name CERTIFICATE_NAME',
+         description: 'Certificate to check. Checks all if not passed'
+
+  option :warning,
+         short:       '-w N',
+         long:        '--warning VALUE',
+         description: 'Issue a warning if the Cert will expire in under VALUE days'
+
+  option :critical,
+         short:       '-c N',
+         long:        '--critical VALUE',
+         description: 'Issue a critical if the Cert will expire in under VALUE days',
+         default:      0
+
+  def aws_config
+    { access_key_id: config[:aws_access_key],
+      secret_access_key: config[:aws_secret_access_key],
+      region: config[:aws_region] }
+  end
+
+  def aws_client(opts = {})
+    config = aws_config.merge(opts)
+    @aws_client ||= Aws::IAM::Client.new config
+  end
+
+  def get_cert(cert_name)
+    aws_client.get_server_certificate(server_certificate_name: cert_name).server_certificate.server_certificate_metadata
+  end
+
+  def check_expiry(cert, reportstring, warnflag, critflag)
+    expiration = cert.expiration.gmtime
+    current_time = Time.now.gmtime
+    time_to_expiry = (expiration - current_time).to_i / (24 * 60 * 60) ## Seconds to days, integer division
+
+    if time_to_expiry <= config[:critical].to_i
+      critflag = true
+      reportstring += if time_to_expiry < 1
+                        " #{cert.server_certificate_name} certificate is expired!"
+                      else
+                        " #{cert.server_certificate_name} certificate expires in #{time_to_expiry} days;"
+                      end
+    elsif time_to_expiry <= config[:warning].to_i
+      warnflag = true
+      reportstring += " #{cert.server_certificate_name} certificate expires in #{time_to_expiry} days;"
+    end
+    [reportstring, warnflag, critflag]
+  end
+
+  def run
+    warnflag = false
+    critflag = false
+    reportstring = ''
+    if config[:server_certificate_name].nil?
+      aws_client.list_server_certificates.server_certificate_metadata_list.each do |cert|
+        reportstring, warnflag, critflag = check_expiry(cert, reportstring, warnflag, critflag)
+      end
+    else
+      reportstring, warnflag, critflag = check_expiry(get_cert(config[:server_certificate_name]), reportstring, warnflag, critflag)
+    end
+
+    if critflag
+      critical reportstring
+    elsif warnflag
+      warning reportstring
+    else
+      ok 'All checked Certificates are ok'
+    end
+  end
+end

data/bin/check-cloudfront-tag.rb

@@ -0,0 +1,70 @@
+#! /usr/bin/env ruby
+#
+# check-cloudfront-tag
+#
+# DESCRIPTION:
+#   This plugin checks if cloud front distributions have a set of tags.
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   ./check-cloudfront-tag.rb --aws-region eu-west-1 --tag-keys xxx
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright (c) 2016, Olivier Bazoud, olivier.bazoud@gmail.com
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'sensu-plugins-aws/common'
+require 'aws-sdk'
+
+class CheckCloudFrontTag < Sensu::Plugin::Check::CLI
+  include Common
+
+  option :aws_region,
+         short: '-r AWS_REGION',
+         long: '--aws-region REGION',
+         description: 'AWS Region (defaults to us-east-1).',
+         default: 'us-east-1'
+
+  option :tag_keys,
+         short: '-t TAG_KEYS',
+         long: '--tag-keys TAG_KEYS',
+         description: 'Tag keys'
+
+  def run
+    tags = config[:tag_keys].split(',')
+    cloudfront = Aws::CloudFront::Client.new
+    missing_tags = []
+    cloudfront.list_distributions.distribution_list.items.each do |distribution|
+      begin
+        keys = cloudfront.list_tags_for_resource(resource: distribution.arn).tags.items.map(&:key)
+        if keys.sort & tags.sort != tags.sort
+          missing_tags.push distribution.id
+        end
+      rescue StandardError
+        missing_tags.push distribution.id
+      end
+    end
+
+    if missing_tags.empty?
+      ok
+    else
+      critical("Missing tags in #{missing_tags}")
+    end
+  rescue StandardError => e
+    critical "Error: #{e.message} - #{e.backtrace}"
+  end
+end

data/bin/check-cloudwatch-alarm.rb

@@ -0,0 +1,102 @@
+#! /usr/bin/env ruby
+#
+# check-cloudwatch-alarm
+#
+# DESCRIPTION:
+#   This plugin retrieves the state of a CloudWatch alarm. Can be configured
+#   to trigger a warning or critical based on the result. Defaults to OK unless
+#   alarm is missing
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   ./check-cloudwatch-alarm -n TestAlarm
+#   ./check-cloudwatch-alarm -c Alarm,INSUFFICIENT_DATA -n TestAlarm
+#   ./check-cloudwatch-alarm -c Alarm -w INSUFFICIENT_DATA -n TestAlarm
+#
+# NOTES:
+#
+# LICENSE:
+#   Justin McCarty
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+
+class CloudWatchCheck < Sensu::Plugin::Check::CLI
+  option :aws_access_key,
+         short: '-a AWS_ACCESS_KEY',
+         long: '--aws-access-key AWS_ACCESS_KEY',
+         description: "AWS Access Key. Either set ENV['AWS_ACCESS_KEY'] or provide it as an option",
+         default: ENV['AWS_ACCESS_KEY']
+
+  option :aws_secret_access_key,
+         short: '-k AWS_SECRET_KEY',
+         long: '--aws-secret-access-key AWS_SECRET_KEY',
+         description: "AWS Secret Access Key. Either set ENV['AWS_SECRET_KEY'] or provide it as an option",
+         default: ENV['AWS_SECRET_KEY']
+
+  option :aws_region,
+         short: '-r AWS_REGION',
+         long: '--aws-region REGION',
+         description: 'AWS Region (defaults to us-east-1).',
+         default: 'us-east-1'
+
+  option :name,
+         description: 'Alarm name',
+         short: '-n NAME',
+         long: '--name NAME',
+         default: ''
+
+  option :critical,
+         description: 'Critical List',
+         short: '-c Criticals',
+         long: '--critical',
+         default: ''
+
+  option :warning,
+         description: 'Warning state threshold',
+         short: '-w THRESHOLD',
+         long: '--warning THRESHOLD',
+         default: ''
+
+  def aws_config
+    { access_key_id: config[:aws_access_key],
+      secret_access_key: config[:aws_secret_access_key],
+      region: config[:aws_region] }
+  end
+
+  def run
+    client = Aws::CloudWatch::Client.new aws_config
+
+    options = { alarm_names: [config[:name]] }
+    data = client.describe_alarms(options)
+
+    if data.metric_alarms.empty?
+      unknown 'Unable to find alarm'
+    end
+
+    message = "Alarm State: #{data.metric_alarms[0].state_value}"
+
+    if config[:critical].upcase.split(',').include? data.metric_alarms[0].state_value
+      critical message
+    elsif config[:warning].upcase.split(',').include? data.metric_alarms[0].state_value
+      warning message
+    end
+
+    ok message
+  rescue StandardError => e
+    puts "Error: exception: #{e}"
+    critical
+  end
+end

data/bin/check-cloudwatch-alarms.rb

@@ -0,0 +1,89 @@
+#! /usr/bin/env ruby
+#
+# check-cloudwatch-alarms
+#
+# DESCRIPTION:
+#   This plugin raise a critical if one of cloud watch alarms are in given state.
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   ./check-cloudwatch-alarms --name-prefix "staging"
+#   ./check-cloudwatch-alarms --exclude-alarms "CPUAlarmLow"
+#   ./check-cloudwatch-alarms --region eu-west-1 --exclude-alarms "CPUAlarmLow"
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright (c) 2017, Olivier Bazoud, olivier.bazoud@gmail.com
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'sensu-plugins-aws/common'
+require 'aws-sdk'
+
+class CloudWatchCheck < Sensu::Plugin::Check::CLI
+  include Common
+
+  option :aws_region,
+         short: '-r AWS_REGION',
+         long: '--aws-region REGION',
+         description: 'AWS Region (defaults to us-east-1).',
+         default: 'us-east-1'
+
+  option :state,
+         description: 'State of the alarm',
+         short: '-s STATE',
+         long: '--state STATE',
+         default: 'ALARM'
+
+  option :name_prefix,
+         description: 'Alarm name prefix',
+         short: '-p NAME_PREFIX',
+         long: '--name-prefix NAME_PREFIX',
+         default: ''
+
+  option :exclude_alarms,
+         description: 'Exclude alarms',
+         short: '-e EXCLUDE_ALARMS',
+         long: '--exclude-alarms',
+         proc: proc { |a| a.split(',') },
+         default: []
+
+  def run
+    client = Aws::CloudWatch::Client.new
+
+    options = { state_value: config[:state] }
+
+    unless config[:name_prefix].empty?
+      options[:alarm_name_prefix] = config[:name_prefix]
+    end
+
+    alarms = client.describe_alarms(options).metric_alarms
+
+    if alarms.empty?
+      ok "No alarms in '#{config[:state]}' state"
+    end
+
+    config[:exclude_alarms].each do |x|
+      alarms.delete_if { |alarm| alarm.alarm_name.match(x) }
+    end
+
+    critical "#{alarms.size} in '#{config[:state]}' state: #{alarms.map(&:alarm_name).join(',')}" unless alarms.empty?
+
+    ok 'everything looks good'
+  rescue StandardError => e
+    puts "Error: exception: #{e}"
+    critical
+  end
+end