sensu-plugins-aws 0.0.1.alpha.2

data/bin/check-rds.rb

@@ -0,0 +1,251 @@
+#! /usr/bin/env ruby
+#
+# check-rds
+#
+# DESCRIPTION:
+#   Check RDS instance statuses by RDS and CloudWatch API.
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   Critical if DB instance "sensu-admin-db" is not on ap-northeast-1a
+#   check-rds -i sensu-admin-db --availability-zone-critical ap-northeast-1a
+#
+#   Warning if CPUUtilization is over 80%, critical if over 90%
+#   check-rds -i sensu-admin-db --cpu-warning-over 80 --cpu-critical-over 90
+#
+#   Critical if CPUUtilization is over 90%, maximum of last one hour
+#   check-rds -i sensu-admin-db --cpu-critical-over 90 --statistics maximum --period 3600
+#
+#   Warning if memory usage is over 80%, maximum of last 2 hour
+#   specifying "minimum" is intended actually since memory usage is calculated from CloudWatch "FreeableMemory" metric.
+#   check-rds -i sensu-admin-db --memory-warning-over 80 --statistics minimum --period 7200
+#
+#   Disk usage, same as memory
+#   check-rds -i sensu-admin-db --disk-warning-over 80 --period 7200
+#
+#   You can check multiple metrics simultaneously. Highest severity will be reported
+#   check-rds -i sensu-admin-db --cpu-warning-over 80 --cpu-critical-over 90 --memory-warning-over 60 --memory-critical-over 80
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright 2014 github.com/y13i
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'rubygems' if RUBY_VERSION < '1.9.0'
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+require 'time'
+
+class CheckRDS < Sensu::Plugin::Check::CLI
+  option :access_key_id,
+         short:       '-k N',
+         long:        '--access-key-id ID',
+         description: 'AWS access key ID',
+         default: ENV['AWS_ACCESS_KEY_ID']
+
+  option :secret_access_key,
+         short:       '-s N',
+         long:        '--secret-access-key KEY',
+         description: 'AWS secret access key',
+         default: ENV['AWS_SECRET_ACCESS_KEY']
+
+  option :region,
+         short:       '-r R',
+         long:        '--region REGION',
+         description: 'AWS region',
+         description: 'AWS Region (such as eu-west-1).',
+         default: 'us-east-1'
+
+  option :db_instance_id,
+         short:       '-i N',
+         long:        '--db-instance-id NAME',
+         description: 'DB instance identifier'
+
+  option :end_time,
+         short:       '-t T',
+         long:        '--end-time TIME',
+         default:     Time.now,
+         proc:        proc { |a| Time.parse a },
+         description: 'CloudWatch metric statistics end time'
+
+  option :period,
+         short:       '-p N',
+         long:        '--period SECONDS',
+         default:     60,
+         proc:        proc(&:to_i),
+         description: 'CloudWatch metric statistics period'
+
+  option :statistics,
+         short:       '-S N',
+         long:        '--statistics NAME',
+         default:     :average,
+         proc:        proc { |a| a.downcase.intern },
+         description: 'CloudWatch statistics method'
+
+  %w(warning critical).each do |severity|
+    option :"availability_zone_#{severity}",
+           long:        "--availability-zone-#{severity} AZ",
+           description: "Trigger a #{severity} if availability zone is different than given argument"
+
+    %w(cpu memory disk).each do |item|
+      option :"#{item}_#{severity}_over",
+             long:        "--#{item}-#{severity}-over N",
+             proc:        proc(&:to_f),
+             description: "Trigger a #{severity} if #{item} usage is over a percentage"
+    end
+  end
+
+  def aws_config
+    hash = {}
+    hash.update access_key_id: config[:access_key_id], secret_access_key: config[:secret_access_key] if config[:access_key_id] && config[:secret_access_key]
+    hash.update region: config[:region] if config[:region]
+    hash
+  end
+
+  def rds
+    @rds ||= AWS::RDS.new aws_config
+  end
+
+  def cloud_watch
+    @cloud_watch ||= AWS::CloudWatch.new aws_config
+  end
+
+  def find_db_instance(id)
+    db = rds.instances[id]
+    fail unless db.exists?
+    db
+  rescue
+    unknown 'DB instance not found.'
+  end
+
+  def cloud_watch_metric(metric_name)
+    cloud_watch.metrics.with_namespace('AWS/RDS').with_metric_name(metric_name).with_dimensions(name: 'DBInstanceIdentifier', value: @db_instance.id).first
+  end
+
+  def statistics_options
+    {
+      start_time: config[:end_time] - config[:period],
+      end_time:   config[:end_time],
+      statistics: [config[:statistics].to_s.capitalize],
+      period:     config[:period]
+    }
+  end
+
+  def latest_value(metric, unit)
+    values = metric.statistics(statistics_options.merge unit: unit).datapoints.sort_by { |datapoint| datapoint[:timestamp] }
+
+    # handle time periods that are too small to return usable values
+    values.empty? ? unknown('Requested time period did not return values from Cloudwatch. Try increasing your time period.') : values.last[config[:statistics]]
+  end
+
+  def flag_alert(severity, message)
+    @severities[severity] = true
+    @message += message
+  end
+
+  def memory_total_bytes(instance_class)
+    memory_total_gigabytes = {
+      'db.t1.micro'    => 0.615,
+      'db.m1.small'    => 1.7,
+      'db.m3.medium'   => 3.75,
+      'db.m3.large'    => 7.5,
+      'db.m3.xlarge'   => 15.0,
+      'db.m3.2xlarge'  => 30.0,
+      'db.r3.large'    => 15.0,
+      'db.r3.xlarge'   => 30.5,
+      'db.r3.2xlarge'  => 61.0,
+      'db.r3.4xlarge'  => 122.0,
+      'db.r3.8xlarge'  => 244.0,
+      'db.m2.xlarge'   => 17.1,
+      'db.m2.2xlarge'  => 34.2,
+      'db.m2.4xlarge'  => 68.4,
+      'db.cr1.8xlarge' => 244.0,
+      'db.m1.medium'   => 3.75,
+      'db.m1.large'    => 7.5,
+      'db.m1.xlarge'   => 15.0,
+      'db.t2.micro' => 1,
+      'db.t2.small' => 2,
+      'db.t2.medium' => 4
+    }
+
+    memory_total_gigabytes.fetch(instance_class) * 1024**3
+  end
+
+  def check_az(severity, expected_az)
+    return if @db_instance.availability_zone_name == expected_az
+    flag_alert severity, "; AZ is #{@db_instance.availability_zone_name} (expected #{expected_az})"
+  end
+
+  def check_cpu(severity, expected_lower_than)
+    @cpu_metric       ||= cloud_watch_metric 'CPUUtilization'
+    @cpu_metric_value ||= latest_value @cpu_metric, 'Percent'
+    return if @cpu_metric_value < expected_lower_than
+    flag_alert severity, "; CPUUtilization is #{sprintf '%.2f', @cpu_metric_value}% (expected lower than #{expected_lower_than}%)"
+  end
+
+  def check_memory(severity, expected_lower_than)
+    @memory_metric           ||= cloud_watch_metric 'FreeableMemory'
+    @memory_metric_value     ||= latest_value @memory_metric, 'Bytes'
+    @memory_total_bytes      ||= memory_total_bytes @db_instance.db_instance_class
+    @memory_usage_bytes      ||= @memory_total_bytes - @memory_metric_value
+    @memory_usage_percentage ||= @memory_usage_bytes / @memory_total_bytes * 100
+    return if @memory_usage_percentage < expected_lower_than
+    flag_alert severity, "; Memory usage is #{sprintf '%.2f', @memory_usage_percentage}% (expected lower than #{expected_lower_than}%)"
+  end
+
+  def check_disk(severity, expected_lower_than)
+    @disk_metric           ||= cloud_watch_metric 'FreeStorageSpace'
+    @disk_metric_value     ||= latest_value @disk_metric, 'Bytes'
+    @disk_total_bytes      ||= @db_instance.allocated_storage * 1024**3
+    @disk_usage_bytes      ||= @disk_total_bytes - @disk_metric_value
+    @disk_usage_percentage ||= @disk_usage_bytes / @disk_total_bytes * 100
+    return if @disk_usage_percentage < expected_lower_than
+    flag_alert severity, "; Disk usage is #{sprintf '%.2f', @disk_usage_percentage}% (expected lower than #{expected_lower_than}%)"
+  end
+
+  def run
+    if config[:db_instance_id].nil? || config[:db_instance_id].empty?
+      unknown 'No DB instance provided.  See help for usage details'
+    end
+
+    @db_instance  = find_db_instance config[:db_instance_id]
+    @message      = "#{config[:db_instance_id]}: "
+    @severities   = {
+      critical: false,
+      warning:  false
+    }
+
+    @severities.keys.each do |severity|
+      check_az severity, config[:"availability_zone_#{severity}"] if config[:"availability_zone_#{severity}"]
+
+      %w(cpu memory disk).each do |item|
+        send "check_#{item}", severity, config[:"#{item}_#{severity}_over"] if config[:"#{item}_#{severity}_over"]
+      end
+    end
+
+    if %w(cpu memory disk).any? { |item| %w(warning critical).any? { |severity| config[:"#{item}_#{severity}_over"] } }
+      @message += "(#{config[:statistics].to_s.capitalize} within #{config[:period]}s "
+      @message += "between #{config[:end_time] - config[:period]} to #{config[:end_time]})"
+    end
+
+    if @severities[:critical]
+      critical @message
+    elsif @severities[:warning]
+      warning @message
+    else
+      ok @message
+    end
+  end
+end

data/bin/check-redshift-events.rb

@@ -0,0 +1,120 @@
+#! /usr/bin/env ruby
+#
+# check-redshift-events
+#
+# DESCRIPTION:
+#   This plugin checks amazon redshift clusters for maintenance events
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#
+#   check for instances in maint in us-east-1:
+#   ./check-redshift-events.rb -a ${your access key} -s ${your secret access key} -r us-east-1
+#
+#   check for maint events on a single instance in us-east-1 (skip others):
+#   ./check-redshift-events.rb -a ${your access key} -s ${your secret access key} -r us-east-1 -i ${your cluster name}
+#
+#   check for maint events on multiple instance in us-east-1 (skip others):
+#   ./check-redshift-events.rb -a ${your access key} -s ${your secret access key} -r us-east-1 -i ${cluster1,cluster2,cluster3}
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright (c) 2014, Tim Smith, tim@cozy.co
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+
+class CheckRedshiftEvents < Sensu::Plugin::Check::CLI
+  option :aws_access_key,
+         short: '-a AWS_ACCESS_KEY',
+         long: '--aws-access-key AWS_ACCESS_KEY',
+         description: "AWS Access Key. Either set ENV['AWS_ACCESS_KEY_ID'] or provide it as an option",
+         default: ENV['AWS_ACCESS_KEY_ID']
+
+  option :aws_secret_access_key,
+         short: '-s AWS_SECRET_ACCESS_KEY',
+         long: '--aws-secret-access-key AWS_SECRET_ACCESS_KEY',
+         description: "AWS Secret Access Key. Either set ENV['AWS_SECRET_ACCESS_KEY'] or provide it as an option",
+         default: ENV['AWS_SECRET_ACCESS_KEY']
+
+  option :aws_region,
+         short: '-r AWS_REGION',
+         long: '--aws-region REGION',
+         description: 'AWS Region (such as eu-west-1).',
+         default: 'us-east-1'
+
+  option :instances,
+         short: '-i INSTANCES',
+         long: '--instances INSTANCES',
+         description: 'Comma separated list of instances to check. Defaults to all clusters in the region',
+         proc: proc { |a| a.split(',') },
+         default: []
+
+  # setup a redshift connection using aws-sdk
+  def redshift
+    @redshift ||= AWS::Redshift::Client.new(
+      access_key_id: config[:aws_access_key],
+      secret_access_key: config[:aws_secret_access_key],
+      region: config[:aws_region])
+  end
+
+  # fetch all clusters in the region from AWS
+  def all_clusters
+    @clusters ||= redshift.describe_clusters[:clusters].map { |c| c[:cluster_identifier] }
+  end
+
+  # throw unknown message if the user passed us a missing instance
+  def check_missing_instances(instances)
+    missing_instances = instances.select { |i| !all_clusters.include?(i) }
+    unknown("Passed instance(s): #{missing_instances.join(',')} not found") unless missing_instances.empty?
+  end
+
+  # return an array of clusters that are in maintenance
+  def clusters_in_maint(clusters)
+    maint_clusters = []
+
+    # fetch the last 2 hours of events for each cluster
+    clusters.each do |cluster_name|
+      events_record = redshift.describe_events(start_time: (Time.now - 7200).iso8601, source_type: 'cluster', source_identifier: cluster_name)
+
+      next if events_record[:events].empty?
+
+      # if the last event is a start maint event then the cluster is still in maint
+      maint_clusters.push(cluster_name) if events_record[:events][-1][:event_id] == 'REDSHIFT-EVENT-2003'
+    end
+    maint_clusters
+  end
+
+  def run
+    begin
+      # make sure passed instances exist and only check those instances
+      unless config[:instances].empty?
+        check_missing_instances(config[:instances])
+        all_clusters.select! { |c| config[:instances].include?(c) }
+      end
+
+      maint_clusters = clusters_in_maint(all_clusters)
+    rescue => e
+      unknown "An error occurred processing AWS Redshift API: #{e.message}"
+    end
+
+    if maint_clusters.empty?
+      ok
+    else
+      critical("Clusters in maintenance: #{maint_clusters.join(',')}")
+    end
+  end
+end

data/bin/check-ses-limit.rb

@@ -0,0 +1,91 @@
+#! /usr/bin/env ruby
+#
+# check-ses-limit
+#
+# DESCRIPTION:
+#   Gets your SES sending limit and issues a warn and critical based on percentages
+#   you supply for your daily sending limit
+#   Checks how close you are getting in percentages to your 24 hour ses sending limit
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   #YELLOW
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright (c) 2014, Joel <jjshoe@gmail.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'rubygems' if RUBY_VERSION < '1.9.0'
+require 'sensu-plugin/check/cli'
+require 'aws/ses'
+
+class CheckSESLimit < Sensu::Plugin::Check::CLI
+  option :aws_access_key,
+         short: '-a AWS_ACCESS_KEY',
+         long: '--aws-access-key AWS_ACCESS_KEY',
+         description: "AWS Access Key. Either set ENV['AWS_ACCESS_KEY_ID'] or provide it as an option",
+         required: true
+
+  option :aws_secret_access_key,
+         short: '-s AWS_SECRET_ACCESS_KEY',
+         long: '--aws-secret-access-key AWS_SECRET_ACCESS_KEY',
+         description: "AWS Secret Access Key. Either set ENV['AWS_SECRET_ACCESS_KEY'] or provide it as an option",
+         required: true
+
+  option :warn_percent,
+         short: '-W WARN_PERCENT',
+         long: '--warn_perc WARN_PERCENT',
+         description: 'Warn when the percentage of mail sent is at or above this number',
+         default: 75,
+         proc: proc(&:to_i)
+
+  option :crit_percent,
+         short: '-C CRIT_PERCENT',
+         long: '--crit_perc CRIT_PERCENT',
+         description: 'Critical when the percentage of mail sent is at or above this number',
+         default: 90,
+         proc: proc(&:to_i)
+
+  def aws_config
+    hash = {}
+    hash.update access_key_id: config[:aws_access_key], secret_access_key: config[:aws_secret_access_key]\
+      if config[:aws_access_key] && config[:aws_secret_access_key]
+    hash
+  end
+
+  def run
+    begin
+      ses = AWS::SES::Base.new aws_config
+
+      response = ses.quota
+    rescue AWS::SES::ResponseError => e
+      critical "An issue occured while communicating with the AWS SES API: #{e.message}"
+    end
+
+    unless response.empty?
+      percent = (response.sent_last_24_hours.to_i / response.max_24_hour_send.to_i) * 100
+      message = "SES sending limit is at #{percent}%"
+
+      if config[:crit_percent] > 0 && config[:crit_percent] <= percent
+        critical message
+      elsif config[:warn_percent] > 0 && config[:warn_percent] <= percent
+        warning message
+      else
+        ok message
+      end
+    end
+  end
+end

data/bin/check-sqs-messages.rb

@@ -0,0 +1,107 @@
+#! /usr/bin/env ruby
+#
+# check-sqs-messages
+#
+# DESCRIPTION:
+#   This plugin checks the number of messages in an Amazon Web Services SQS queue.
+#
+# OUTPUT:
+#   plain-text
+#
+# PLATFORMS:
+#   Linux
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   #YELLOW
+#
+#
+# NOTES:
+#
+# LICENSE:
+#   Copyright (c) 2013, Justin Lambert <jlambert@letsevenup.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+#
+
+require 'rubygems' if RUBY_VERSION < '1.9.0'
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+
+class SQSMsgs < Sensu::Plugin::Check::CLI
+  option :aws_access_key,
+         short: '-a AWS_ACCESS_KEY',
+         long: '--aws-access-key AWS_ACCESS_KEY',
+         description: "AWS Access Key. Either set ENV['AWS_ACCESS_KEY_ID'] or provide it as an option",
+         required: true
+
+  option :aws_secret_access_key,
+         short: '-s AWS_SECRET_ACCESS_KEY',
+         long: '--aws-secret-access-key AWS_SECRET_ACCESS_KEY',
+         description: "AWS Secret Access Key. Either set ENV['AWS_SECRET_ACCESS_KEY'] or provide it as an option",
+         required: true
+
+  option :aws_region,
+         description: 'AWS Region (such as us-east-1)',
+         short: '-r AWS_REGION',
+         long: '--aws-region AWS_REGION',
+         default: 'us-east-1'
+
+  option :queue,
+         short: '-q SQS_QUEUE',
+         long: '--queue SQS_QUEUE',
+         description: 'The name of the SQS you want to check the number of messages for',
+         required: true
+
+  option :warn_over,
+         short: '-w WARN_OVER',
+         long: '--warnnum WARN_OVER',
+         description: 'Number of messages in the queue considered to be a warning',
+         default: -1,
+         proc: proc(&:to_i)
+
+  option :crit_over,
+         short: '-c CRIT_OVER',
+         long: '--critnum CRIT_OVER',
+         description: 'Number of messages in the queue considered to be critical',
+         default: -1,
+         proc: proc(&:to_i)
+
+  option :warn_under,
+         short: '-W WARN_UNDER',
+         long: '--warnunder WARN_UNDER',
+         description: 'Minimum number of messages in the queue considered to be a warning',
+         default: -1,
+         proc: proc(&:to_i)
+
+  option :crit_under,
+         short: '-C CRIT_UNDER',
+         long: '--critunder CRIT_UNDER',
+         description: 'Minimum number of messages in the queue considered to be critical',
+         default: -1,
+         proc: proc(&:to_i)
+
+  def aws_config
+    hash = {}
+    hash.update access_key_id: config[:aws_access_key], secret_access_key: config[:aws_secret_access_key]\
+      if config[:aws_access_key] && config[:aws_secret_access_key]
+    hash
+  end
+
+  def run
+    AWS.config aws_config
+    sqs = AWS::SQS.new
+    messages = sqs.queues.named(config[:queue]).approximate_number_of_messages
+
+    if (config[:crit_under] >= 0 && messages < config[:crit_under]) || (config[:crit_over] >= 0 && messages > config[:crit_over])
+      critical "#{messages} message(s) in #{config[:queue]} queue"
+    elsif (config[:warn_under] >= 0 && messages < config[:warn_under]) || (config[:warn_over] >= 0 && messages > config[:warn_over])
+      warning "#{messages} message(s) in #{config[:queue]} queue"
+    else
+      ok "#{messages} messages in #{config[:queue]} queue"
+    end
+  end
+end

data/bin/check_vpc_vpn.py

@@ -0,0 +1,42 @@
+#!/usr/bin/python
+
+# #RED
+import argparse
+import boto.ec2
+from boto.vpc import VPCConnection
+import sys
+
+
+def main():
+    try:
+        conn = boto.vpc.VPCConnection(aws_access_key_id=args.aws_access_key_id, aws_secret_access_key=args.aws_secret_access_key, region=boto.ec2.get_region(args.region))
+    except:
+        print "UNKNOWN: Unable to connect to reqion %s" % args.region
+        sys.exit(3)
+
+    errors = []
+    for vpn_connection in conn.get_all_vpn_connections():
+        for tunnel in vpn_connection.tunnels:
+            if tunnel.status != 'UP':
+                errors.append("[gateway: %s connection: %s tunnel: %s status: %s]" % (vpn_connection.vpn_gateway_id, vpn_connection.id, tunnel.outside_ip_address, tunnel.status))
+
+    if len(errors) > 1:
+        print 'CRITICAL: ' + ' '.join(errors)
+        sys.exit(2)
+    elif len(errors) > 0:
+        print 'WARN: ' + ' '.join(errors)
+        sys.exit(1)
+    else:
+        print 'OK'
+        sys.exit(0)
+
+if __name__ == "__main__":
+    parser = argparse.ArgumentParser(description='Check status of all existing AWS VPC VPN Tunnels')
+
+    parser.add_argument('-a', '--aws-access-key-id', required=True, dest='aws_access_key_id', help='AWS Access Key')
+    parser.add_argument('-s', '--aws-secret-access-key', required=True, dest='aws_secret_access_key', help='AWS Secret Access Key')
+    parser.add_argument('-r', '--region', required=True, dest='region', help='AWS Region')
+
+    args = parser.parse_args()
+
+    main()