sensu-plugins-aws-boutetnico 1.0.6

data/bin/check-ebs-snapshots.rb

@@ -0,0 +1,104 @@
+#! /usr/bin/env ruby
+#
+# check-ebs-snapshots
+#
+# DESCRIPTION:
+#   Check EC2 Attached Volumes for Snapshots.  Only for Volumes with a Name tag.
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   ./check-ebs-snapshots.rb -r ${you_region}
+#   ./check-ebs-snapshots.rb -r ${you_region} -p 1
+#   ./check-ebs-snapshots.rb -r ${you_region} -p -i
+#   ./check-ebs-snapshots.rb -r ${you_region} -i
+#
+# NOTES:
+#   When using -i flag any volume that has a tag-key of "IGNORE_BACKUP" will
+#   be ignored.
+#
+# LICENSE:
+#   Shane Starcher <shane.starcher@gmail.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'sensu-plugins-aws'
+require 'aws-sdk'
+
+class CheckEbsSnapshots < Sensu::Plugin::Check::CLI
+  include Common
+  option :period,
+         short:       '-p N',
+         long:        '--period Days',
+         default:     7,
+         description: 'Length in time to alert on missing snapshots'
+
+  option :aws_region,
+         short:       '-r R',
+         long:        '--region REGION',
+         description: 'AWS region',
+         default: 'us-east-1'
+
+  option :check_ignored,
+         short:       '-i',
+         long:        '--ignore',
+         description: 'mark as true to ignore volumes with an IGNORE_BACKUP tag',
+         default: false,
+         boolean: true
+
+  def run
+    errors = []
+    @ec2 = Aws::EC2::Client.new
+
+    volumes = @ec2.describe_volumes(
+      filters: [
+        {
+          name: 'attachment.status',
+          values: ['attached']
+        },
+        {
+          name: 'tag-key',
+          values: ['Name']
+        }
+      ]
+    )
+    volumes[:volumes].each do |volume|
+      tags = volume[:tags].map { |a| Hash[*a] }.reduce(:merge) || {}
+      next if config[:check_ignored] && tags.key?('IGNORE_BACKUP')
+      snapshots = @ec2.describe_snapshots(
+        filters: [
+          {
+            name: 'volume-id',
+            values: [volume[:volume_id]]
+          }
+        ]
+      )
+
+      sorted_times = snapshots[:snapshots].sort_by { |i| i[:start_time].to_i }
+      if !sorted_times.empty?
+        latest_snapshot = sorted_times[-1][:start_time]
+        if (Date.today - config[:period].to_i).to_time > latest_snapshot
+          errors << "#{tags['Name']} latest snapshot is #{latest_snapshot} for #{volume[:volume_id]}"
+        end
+      else
+        errors << " #{tags['Name']} has no snapshots for #{volume[:volume_id]}"
+      end
+    end
+
+    if errors.empty?
+      ok
+    else
+      warning errors.join("\n")
+    end
+  end
+end

data/bin/check-ec2-cpu_balance.rb

@@ -0,0 +1,139 @@
+#! /usr/bin/env ruby
+#
+# check-ec2-cpu_balance
+#
+# DESCRIPTION:
+#   This plugin retrieves the value of the cpu balance for all servers
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   ./check-ec2-cpu_balance -c 20
+#   ./check-ec2-cpu_balance -w 25 -c 20
+#   ./check-ec2-cpu_balance -c 20 -t 'Name'
+#   ./check-ec2-cpu_balance -c 20 -t 'Name' -F "{name:tag-value,values:[infrastructure]}"
+#
+# NOTES:
+#
+# LICENSE:
+#   Shane Starcher
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugins-aws'
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+require 'sensu-plugins-aws/filter'
+
+class EC2CpuBalance < Sensu::Plugin::Check::CLI
+  include Common
+  include Filter
+
+  option :critical,
+         description: 'Trigger a critical when value is below VALUE',
+         short: '-c VALUE',
+         long: '--critical VALUE',
+         proc: proc(&:to_f),
+         required: true
+
+  option :warning,
+         description: 'Trigger a warning when value is below VALUE',
+         short: '-w VALUE',
+         long: '--warning VALUE',
+         proc: proc(&:to_f)
+
+  option :aws_region,
+         short: '-r R',
+         long: '--region REGION',
+         description: 'AWS region',
+         default: 'us-east-1'
+
+  option :tag,
+         description: 'Add instance TAG value to warn/critical message.',
+         short: '-t TAG',
+         long: '--tag TAG'
+
+  option :instance_families,
+         description: 'List of burstable instance families to check. Default to t2,t3',
+         short: '-f t2,t3',
+         long: '--instance-families t2,t3',
+         proc: proc { |x| x.split(',') },
+         default: %w[t2 t3]
+
+  option :filter,
+         short: '-F FILTER',
+         long: '--filter FILTER',
+         description: 'String representation of the filter to apply',
+         default: '{}'
+
+  def data(instance)
+    client = Aws::CloudWatch::Client.new
+    stats = 'Average'
+    period = 60
+    resp = client.get_metric_statistics(
+      namespace: 'AWS/EC2',
+      metric_name: 'CPUCreditBalance',
+      dimensions: [
+        {
+          name: 'InstanceId',
+          value: instance
+        }
+      ],
+      start_time: Time.now - period * 10,
+      end_time: Time.now,
+      period: period,
+      statistics: [stats]
+    )
+
+    return resp.datapoints.first.send(stats.downcase) unless resp.datapoints.first.nil?
+  end
+
+  def instance_tag(instance, tag_name)
+    tag = instance.tags.select { |t| t.key == tag_name }.first
+    tag.nil? ? '' : tag.value
+  end
+
+  def run
+    filters = Filter.parse(config[:filter])
+    filters.push(
+      name: 'instance-state-name',
+      values: ['running']
+    )
+    ec2 = Aws::EC2::Client.new
+    instances = ec2.describe_instances(
+      filters: filters
+    )
+
+    messages = "\n"
+    level = 0
+    instances.reservations.each do |reservation|
+      reservation.instances.each do |instance|
+        next unless instance.instance_type.start_with?(*config[:instance_families])
+        id = instance.instance_id
+        result = data id
+        tag = config[:tag] ? " (#{instance_tag(instance, config[:tag])})" : ''
+        unless result.nil?
+          if result < config[:critical]
+            level = 2
+            messages << "#{id}#{tag} is below critical threshold [#{result} < #{config[:critical]}]\n"
+          elsif config[:warning] && result < config[:warning]
+            level = 1 if level.zero?
+            messages << "#{id}#{tag} is below warning threshold [#{result} < #{config[:warning]}]\n"
+          end
+        end
+      end
+    end
+    ok messages if level.zero?
+    warning messages if level == 1
+    critical messages if level == 2
+  end
+end

data/bin/check-ec2-filter.rb

@@ -0,0 +1,190 @@
+#! /usr/bin/env ruby
+#
+# check-ec2-filter
+#
+# DESCRIPTION:
+#   This plugin retrieves EC2 instances matching a given filter and
+#   returns the number matched. Warning and Critical thresholds may be set as needed.
+#   Thresholds may be compared to the count using [equal, not, greater, less] operators.
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   ./check-ec2-filter.rb -w 20 -f "{name:tag-value,values:[infrastructure]}"
+#   ./check-ec2-filter.rb -w 10 -c 5 -o less -f "{name:tag-value,values:[infrastructure]} {name:instance-state-name,values:[running]}"
+#
+# NOTES:
+#
+# LICENSE:
+#   Justin McCarty
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+require 'sensu-plugins-aws/filter'
+
+class EC2Filter < Sensu::Plugin::Check::CLI
+  include Filter
+  option :aws_access_key,
+         short: '-a AWS_ACCESS_KEY',
+         long: '--aws-access-key AWS_ACCESS_KEY',
+         description: "AWS Access Key. Either set ENV['AWS_ACCESS_KEY'] or provide it as an option",
+         default: ENV['AWS_ACCESS_KEY']
+
+  option :aws_secret_access_key,
+         short: '-k AWS_SECRET_KEY',
+         long: '--aws-secret-access-key AWS_SECRET_KEY',
+         description: "AWS Secret Access Key. Either set ENV['AWS_SECRET_KEY'] or provide it as an option",
+         default: ENV['AWS_SECRET_KEY']
+
+  option :aws_region,
+         short: '-r AWS_REGION',
+         long: '--aws-region REGION',
+         description: 'AWS Region (defaults to us-east-1).',
+         default: 'us-east-1'
+
+  option :name,
+         description: 'Filter naming scheme, text to prepend to metric',
+         short: '-n NAME',
+         long: '--name NAME',
+         default: ''
+
+  option :filter,
+         short: '-f FILTER',
+         long: '--filter FILTER',
+         description: 'String representation of the filter to apply',
+         default: '{}'
+
+  option :warning,
+         description: 'Warning threshold for filter',
+         short: '-w COUNT',
+         long: '--warning COUNT'
+
+  option :critical,
+         description: 'Critical threshold for filter',
+         short: '-c COUNT',
+         long: '--critical COUNT'
+
+  option :exclude_tags,
+         short: '-e {<tag-key>:[VAL1, VAL2]} {<tag-key>:[VAL1, VAL2] }',
+         long: '--exclude_tags {<tag-key>:[VAL1, VAL2] } {<tag-key>:[VAL1, VAL2] }',
+         description: 'Tag Values to exclude by. Values treated as regex. Any matching value will result in exclusion.',
+         default: '{}'
+
+  option :compare,
+         description: 'Comparision operator for threshold: equal, not, greater, less',
+         short: '-o OPERATION',
+         long: '--operator OPERATION',
+         default: 'equal'
+
+  option :detailed_message,
+         short: '-d',
+         long: '--detailed-message',
+         boolean: true,
+         default: false
+
+  option :min_running_secs,
+         long: '--min-running-secs SECONDS',
+         default: nil
+
+  def aws_config
+    { access_key_id: config[:aws_access_key],
+      secret_access_key: config[:aws_secret_access_key],
+      region: config[:aws_region] }
+  end
+
+  def convert_operator
+    op = ->(c, t) { c == t }
+
+    if config[:compare] == 'greater'
+      op = ->(c, t) { c > t }
+    elsif config[:compare] == 'less'
+      op = ->(c, t) { c < t }
+    elsif config[:compare] == 'not'
+      op = ->(c, t) { c != t }
+    end
+
+    op
+  end
+
+  def run
+    filter_list = config[:exclude_tags].split(/}\s?{/).map do |x|
+      x.gsub(/[{}]/, '')
+    end
+    filter_list = filter_list.map do |y|
+      _, h2, h3 = y.split(/(.*):(.*)/)
+      { h2 => h3 }
+    end.reduce(:merge)
+    filter_list.delete(nil)
+    filter_list.each { |x, y| filter_list[x] = y.strip.gsub(/[\[\]]/, '') }
+
+    client = Aws::EC2::Client.new aws_config
+
+    filter = Filter.parse(config[:filter])
+
+    options = if filter.empty?
+                {}
+              else
+                { filters: filter }
+              end
+
+    data = client.describe_instances(options)
+
+    aws_instances = Set.new
+    data.reservations.each do |r|
+      r.instances.each do |i|
+        aws_instances << {
+          id: i[:instance_id],
+          launch_time: i.launch_time,
+          tags: i.tags
+        }
+      end
+    end
+
+    aws_instances.delete_if do |instance|
+      instance[:tags].any? do |key|
+        filter_list.keys.include?(key.key) && filter_list[key.key].split(',').any? do |v|
+          key.value.match(/#{v.strip}/)
+        end
+      end
+    end
+
+    unless config[:min_running_secs].nil?
+      aws_instances.delete_if do |instance|
+        (Time.now.utc - instance[:launch_time]).to_i < config[:min_running_secs].to_i
+      end
+    end
+
+    count = aws_instances.count
+    op = convert_operator
+    message = "Current count: #{count}"
+    message += " - #{aws_instances.collect { |x| x[:id] }.join(',')}" if config[:detailed_message] && count > 0
+
+    unless config[:critical].nil?
+      if op.call count, config[:critical].to_i
+        critical message
+      end
+    end
+
+    unless config[:warning].nil?
+      if op.call count, config[:warning].to_i
+        warning message
+      end
+    end
+
+    ok message
+  rescue StandardError => e
+    puts "Error: exception: #{e}"
+    critical
+  end
+end

data/bin/check-ec2-network.rb

@@ -0,0 +1,133 @@
+#! /usr/bin/env ruby
+#
+# check-ec2-network
+#
+# DESCRIPTION:
+#   Check EC2 Network Metrics by CloudWatch API.
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   ./check-ec2-network.rb -r ${you_region} -i ${your_instance_id} --warning-over 1000000 --critical-over 1500000
+#   ./check-ec2-network.rb -r ${you_region} -i ${your_instance_id} -d NetworkIn --warning-over 1000000 --critical-over 1500000
+#   ./check-ec2-network.rb -r ${you_region} -i ${your_instance_id} -d NetworkOut --warning-over 1000000 --critical-over 1500000
+#
+# NOTES:
+#
+# LICENSE:
+#   Yohei Kawahara <inokara@gmail.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+
+class CheckEc2Network < Sensu::Plugin::Check::CLI
+  option :aws_access_key,
+         short:       '-a AWS_ACCESS_KEY',
+         long:        '--aws-access-key AWS_ACCESS_KEY',
+         description: "AWS Access Key. Either set ENV['AWS_ACCESS_KEY'] or provide it as an option",
+         default:     ENV['AWS_ACCESS_KEY']
+
+  option :aws_secret_access_key,
+         short:       '-k AWS_SECRET_KEY',
+         long:        '--aws-secret-access-key AWS_SECRET_KEY',
+         description: "AWS Secret Access Key. Either set ENV['AWS_SECRET_KEY'] or provide it as an option",
+         default:     ENV['AWS_SECRET_KEY']
+
+  option :aws_region,
+         short:       '-r AWS_REGION',
+         long:        '--aws-region REGION',
+         description: 'AWS Region (defaults to us-east-1).',
+         default:     'us-east-1'
+
+  option :instance_id,
+         short:       '-i instance-id',
+         long:        '--instance-id instance-ids',
+         description: 'EC2 Instance ID to check.'
+
+  option :end_time,
+         short:       '-t T',
+         long:        '--end-time TIME',
+         default:     Time.now,
+         description: 'CloudWatch metric statistics end time'
+
+  option :period,
+         short:       '-p N',
+         long:        '--period SECONDS',
+         default:     60,
+         description: 'CloudWatch metric statistics period'
+
+  option :direction,
+         short:       '-d NetworkIn or NetworkOut',
+         long:        '--direction NetworkIn or NetworkOut',
+         default:     'NetworkIn',
+         description: 'Select NetworkIn or NetworkOut'
+
+  %w[warning critical].each do |severity|
+    option :"#{severity}_over",
+           long:        "--#{severity}-over COUNT",
+           description: "Trigger a #{severity} if network traffice is over specified Bytes"
+  end
+
+  def aws_config
+    { access_key_id: config[:aws_access_key],
+      secret_access_key: config[:aws_secret_access_key],
+      region: config[:aws_region] }
+  end
+
+  def ec2
+    @ec2 ||= Aws::EC2::Client.new aws_config
+  end
+
+  def cloud_watch
+    @cloud_watch ||= Aws::CloudWatch::Client.new aws_config
+  end
+
+  def network_metric(instance)
+    cloud_watch.get_metric_statistics(
+      namespace: 'AWS/EC2',
+      metric_name: config[:direction].to_s,
+      dimensions: [
+        {
+          name: 'InstanceId',
+          value: instance
+        }
+      ],
+      start_time: config[:end_time] - 300,
+      end_time: config[:end_time],
+      statistics: ['Average'],
+      period: config[:period],
+      unit: 'Bytes'
+    )
+  end
+
+  def latest_value(value)
+    value.datapoints[0][:average].to_f unless value.datapoints[0].nil?
+  end
+
+  def check_metric(instance)
+    metric = network_metric instance
+    latest_value metric unless metric.nil?
+  end
+
+  def run
+    metric_value = check_metric config[:instance_id]
+    if !metric_value.nil? && metric_value > config[:critical_over].to_f
+      critical "#{config[:direction]} at #{metric_value} Bytes"
+    elsif !metric_value.nil? && metric_value > config[:warning_over].to_f
+      warning "#{config[:direction]} at #{metric_value} Bytes"
+    else
+      ok "#{config[:direction]} at #{metric_value} Bytes"
+    end
+  end
+end