sensu-plugins-aws 3.2.1 → 4.0.0

data/bin/check-instances-count.rb

@@ -63,7 +63,19 @@ class CheckInstanceCount < Sensu::Plugin::Check::CLI
          default: 25
 
   def instance_count
-    AWS::AutoScaling.new.groups[config[:groupname]].auto_scaling_instances.map(&:lifecycle_state).count('InService').to_i
+    client = Aws::AutoScaling::Client.new
+    resp = client.describe_auto_scaling_groups(
+      auto_scaling_group_names: [config[:groupname]]
+    ).to_h
+    instances = []
+    resp[:auto_scaling_groups].each do |g|
+      g[:instances].each do |i|
+        if i[:lifecycle_state] == 'InService' && i[:health_status] == 'Healthy'
+          instances << i[:instance_id]
+        end
+      end
+    end
+    instances.length
   rescue => e
     critical "There was an error reaching AWS - #{e.message}"
   end

data/bin/check-rds-events.rb

@@ -41,7 +41,7 @@
 #
 
 require 'sensu-plugin/check/cli'
-require 'aws-sdk-v1'
+require 'aws-sdk'
 
 class CheckRDSEvents < Sensu::Plugin::Check::CLI
   option :aws_access_key,
@@ -74,10 +74,7 @@ class CheckRDSEvents < Sensu::Plugin::Check::CLI
   end
 
   def rds_regions
-    # This is for SDK v2
-    # Aws.partition('aws').regions.map(&:name)
-
-    AWS::RDS.regions.map(&:name)
+    Aws.partition('aws').regions.map(&:name)
   end
 
   def run
@@ -102,7 +99,7 @@ class CheckRDSEvents < Sensu::Plugin::Check::CLI
     end
 
     aws_regions.each do |r|
-      rds = AWS::RDS::Client.new aws_config.merge!(region: r)
+      rds = Aws::RDS::Client.new aws_config.merge!(region: r)
 
       begin
         if !config[:db_instance_id].nil? && !config[:db_instance_id].empty?

data/bin/check-rds.rb

@@ -86,6 +86,11 @@ class CheckRDS < Sensu::Plugin::Check::CLI
          long:        '--db-instance-id NAME',
          description: 'DB instance identifier'
 
+  option :db_cluster_id,
+         short:       '-l N',
+         long:        '--db-cluster-id NAME',
+         description: 'DB cluster identifier'
+
   option :end_time,
          short:       '-t T',
          long:        '--end-time TIME',
@@ -96,7 +101,7 @@ class CheckRDS < Sensu::Plugin::Check::CLI
   option :period,
          short:       '-p N',
          long:        '--period SECONDS',
-         default:     60,
+         default:     180,
          proc:        proc(&:to_i),
          description: 'CloudWatch metric statistics period'
 
@@ -154,6 +159,12 @@ class CheckRDS < Sensu::Plugin::Check::CLI
     db
   end
 
+  def find_db_cluster_writer(id)
+    wr = rds.describe_db_clusters(db_cluster_identifier: id).db_clusters[0].db_cluster_members.detect(&:is_cluster_writer).db_instance_identifier
+    unknown 'DB cluster not found.' if cl.nil?
+    wr
+  end
+
   def cloud_watch_metric(metric_name, unit)
     cloud_watch.get_metric_statistics(
       namespace: 'AWS/RDS',
@@ -183,11 +194,6 @@ class CheckRDS < Sensu::Plugin::Check::CLI
     end
   end
 
-  def flag_alert(severity, message)
-    @severities[severity] = true
-    @message += message
-  end
-
   def memory_total_bytes(instance_class)
     memory_total_gigabytes = {
       'db.cr1.8xlarge' => 244.0,
@@ -224,84 +230,118 @@ class CheckRDS < Sensu::Plugin::Check::CLI
 
   def check_az(severity, expected_az)
     return if @db_instance.availability_zone == expected_az
-    flag_alert severity, "; AZ is #{@db_instance.availability_zone} (expected #{expected_az})"
+    @severities[severity] = true
+    "; AZ is #{@db_instance.availability_zone} (expected #{expected_az})"
   end
 
   def check_cpu(severity, expected_lower_than)
-    @cpu_metric ||= cloud_watch_metric 'CPUUtilization', 'Percent'
-    @cpu_metric_value ||= latest_value @cpu_metric
-    return if @cpu_metric_value < expected_lower_than
-    flag_alert severity, "; CPUUtilization is #{sprintf '%.2f', @cpu_metric_value}% (expected lower than #{expected_lower_than}%)"
+    cpu_metric ||= cloud_watch_metric 'CPUUtilization', 'Percent'
+    cpu_metric_value ||= latest_value cpu_metric
+    return if cpu_metric_value < expected_lower_than
+    @severities[severity] = true
+    "; CPUUtilization is #{sprintf '%.2f', cpu_metric_value}% (expected lower than #{expected_lower_than}%)"
   end
 
   def check_memory(severity, expected_lower_than)
-    @memory_metric ||= cloud_watch_metric 'FreeableMemory', 'Bytes'
-    @memory_metric_value ||= latest_value @memory_metric
-    @memory_total_bytes ||= memory_total_bytes @db_instance.db_instance_class
-    @memory_usage_bytes ||= @memory_total_bytes - @memory_metric_value
-    @memory_usage_percentage ||= @memory_usage_bytes / @memory_total_bytes * 100
-    return if @memory_usage_percentage < expected_lower_than
-    flag_alert severity, "; Memory usage is #{sprintf '%.2f', @memory_usage_percentage}% (expected lower than #{expected_lower_than}%)"
+    memory_metric ||= cloud_watch_metric 'FreeableMemory', 'Bytes'
+    memory_metric_value ||= latest_value memory_metric
+    memory_total_bytes ||= memory_total_bytes @db_instance.db_instance_class
+    memory_usage_bytes ||= memory_total_bytes - memory_metric_value
+    memory_usage_percentage ||= memory_usage_bytes / memory_total_bytes * 100
+    return if memory_usage_percentage < expected_lower_than
+    @severities[severity] = true
+    "; Memory usage is #{sprintf '%.2f', memory_usage_percentage}% (expected lower than #{expected_lower_than}%)"
   end
 
   def check_disk(severity, expected_lower_than)
-    @disk_metric ||= cloud_watch_metric 'FreeStorageSpace', 'Bytes'
-    @disk_metric_value ||= latest_value @disk_metric
-    @disk_total_bytes ||= @db_instance.allocated_storage * 1024**3
-    @disk_usage_bytes ||= @disk_total_bytes - @disk_metric_value
-    @disk_usage_percentage ||= @disk_usage_bytes / @disk_total_bytes * 100
-    return if @disk_usage_percentage < expected_lower_than
-    flag_alert severity, "; Disk usage is #{sprintf '%.2f', @disk_usage_percentage}% (expected lower than #{expected_lower_than}%)"
+    disk_metric ||= cloud_watch_metric 'FreeStorageSpace', 'Bytes'
+    disk_metric_value ||= latest_value disk_metric
+    disk_total_bytes ||= @db_instance.allocated_storage * 1024**3
+    disk_usage_bytes ||= disk_total_bytes - disk_metric_value
+    disk_usage_percentage ||= disk_usage_bytes / disk_total_bytes * 100
+    return if disk_usage_percentage < expected_lower_than
+    @severities[severity] = true
+    "; Disk usage is #{sprintf '%.2f', disk_usage_percentage}% (expected lower than #{expected_lower_than}%)"
   end
 
   def check_connections(severity, expected_lower_than)
-    @connections_metric ||= cloud_watch_metric 'DatabaseConnections', 'Count'
-    @connections_metric_value ||= latest_value @connections_metric
-    return if @connections_metric_value < expected_lower_than
-    flag_alert severity, "; DatabaseConnections are #{sprintf '%d', @connections_metric_value} (expected lower than #{expected_lower_than})"
+    connections_metric ||= cloud_watch_metric 'DatabaseConnections', 'Count'
+    connections_metric_value ||= latest_value connections_metric
+    return if connections_metric_value < expected_lower_than
+    @severities[severity] = true
+    "; DatabaseConnections are #{sprintf '%d', connections_metric_value} (expected lower than #{expected_lower_than})"
   end
 
   def check_iops(severity, expected_lower_than)
-    @read_iops_metric ||= cloud_watch_metric 'ReadIOPS', 'Count/Second'
-    @read_iops_metric_value ||= latest_value @read_iops_metric
-    @write_iops_metric ||= cloud_watch_metric 'WriteIOPS', 'Count/Second'
-    @write_iops_metric_value ||= latest_value @write_iops_metric
-    @iops_metric_value ||= @read_iops_metric_value + @write_iops_metric_value
-    return if @iops_metric_value < expected_lower_than
-    flag_alert severity, "; IOPS are #{sprintf '%d', @iops_metric_value} (expected lower than #{expected_lower_than})"
+    read_iops_metric ||= cloud_watch_metric 'ReadIOPS', 'Count/Second'
+    read_iops_metric_value ||= latest_value read_iops_metric
+    write_iops_metric ||= cloud_watch_metric 'WriteIOPS', 'Count/Second'
+    write_iops_metric_value ||= latest_value write_iops_metric
+    iops_metric_value ||= read_iops_metric_value + write_iops_metric_value
+    return if iops_metric_value < expected_lower_than
+    @severities[severity] = true
+    "; IOPS are #{sprintf '%d', iops_metric_value} (expected lower than #{expected_lower_than})"
   end
 
   def run
+    instances = []
+    if config[:db_cluster_id]
+      db_cluster_writer_id = find_db_cluster_writer(db_cluster_id)
+      instances << find_db_instance(db_cluster_writer_id)
+    end
+
     if config[:db_instance_id].nil? || config[:db_instance_id].empty?
-      unknown 'No DB instance provided.  See help for usage details'
+      rds.describe_db_instances[:db_instances].map { |db| instances << db }
+    else
+      instances << find_db_instance(config[:db_instance_id])
+    end
+
+    messages = ''
+    severities = {
+      critical: false,
+      warning:  false
+    }
+    instances.each do |instance|
+      @db_instance = instance
+      result = collect(instance)
+      if result[1][:critical]
+        messages += result[0]
+        severities[:critical] = true
+      elsif result[1][:warning]
+        severities[:warning] = true
+        messages += result[0]
+      end
     end
 
-    @db_instance  = find_db_instance config[:db_instance_id]
-    @message      = "#{config[:db_instance_id]}: "
-    @severities   = {
+    if severities[:critical]
+      critical messages
+    elsif severities[:warning]
+      warning messages
+    else
+      ok messages
+    end
+  end
+
+  def collect(instance)
+    message = "\n#{instance[:db_instance_identifier]}: "
+    @severities = {
       critical: false,
       warning:  false
     }
 
     @severities.keys.each do |severity|
-      check_az severity, config[:"availability_zone_#{severity}"] if config[:"availability_zone_#{severity}"]
+      message += check_az severity, config[:"availability_zone_#{severity}"], instance if config[:"availability_zone_#{severity}"]
 
       %w(cpu memory disk connections iops).each do |item|
-        send "check_#{item}", severity, config[:"#{item}_#{severity}_over"] if config[:"#{item}_#{severity}_over"]
+        result = send "check_#{item}", severity, config[:"#{item}_#{severity}_over"] if config[:"#{item}_#{severity}_over"]
+        message += result unless result.nil?
       end
     end
 
     if %w(cpu memory disk connections iops).any? { |item| %w(warning critical).any? { |severity| config[:"#{item}_#{severity}_over"] } }
-      @message += "(#{config[:statistics].to_s.capitalize} within #{config[:period]}s "
-      @message += "between #{config[:end_time] - config[:period]} to #{config[:end_time]})"
-    end
-
-    if @severities[:critical]
-      critical @message
-    elsif @severities[:warning]
-      warning @message
-    else
-      ok @message
+      message += "(#{config[:statistics].to_s.capitalize} within #{config[:period]}s "
+      message += "between #{config[:end_time] - config[:period]} to #{config[:end_time]})"
     end
+    [message, @severities]
   end
 end

data/bin/check-route53-domain-expiration.rb

@@ -0,0 +1,79 @@
+#!/usr/bin/env ruby
+#
+# check-route53-domain-expiration
+#
+# DESCRIPTION:
+#   Alert when Route53 registered domains are close to expiration
+#
+# OUTPUT:
+#   plain-text
+#
+# DEPENDENCIES:
+#   gem: aws-sdk
+#   gem: sensu-plugin
+#
+# USAGE:
+#   check-route53-domain-expiration.rb
+#
+# LICENSE:
+#   Eric Heydrick <eheydrick@gmail.com>
+#   Released under the same terms as Sensu (the MIT license); see LICENSE
+#   for details.
+
+require 'sensu-plugins-aws'
+require 'sensu-plugin/check/cli'
+require 'aws-sdk'
+
+class CheckRoute53DomainExpiration < Sensu::Plugin::Check::CLI
+  include Common
+
+  option :aws_region,
+         short: '-r AWS_REGION',
+         long: '--aws-region REGION',
+         description: 'AWS Region (defaults to us-east-1).',
+         default: 'us-east-1'
+
+  option :warn,
+         short: '-w WARN',
+         long: '--warning WARN',
+         description: 'Warn if domain expires in less than this many days (default: 30)',
+         default: 30,
+         proc: proc(&:to_i)
+
+  option :crit,
+         short: '-c CRITICAL',
+         long: '--critical CRITICAL',
+         description: 'Critical if domain expires in less than this many days (default: 7)',
+         default: 7,
+         proc: proc(&:to_i)
+
+  def run
+    warn_domains = {}
+    crit_domains = {}
+
+    r53 = Aws::Route53Domains::Client.new(aws_config)
+    begin
+      domains = r53.list_domains.domains
+      domains.each do |domain|
+        expiration = DateTime.parse(domain.expiry.to_s)
+        days_until_expiration = (expiration - DateTime.now).to_i
+        if days_until_expiration <= config[:crit]
+          crit_domains[domain] = days_until_expiration
+        elsif days_until_expiration <= config[:warn]
+          warn_domains[domain] = days_until_expiration
+        end
+      end
+
+      if !crit_domains.empty?
+        critical "Domains are expiring in less than #{config[:crit]} days: " + crit_domains.map { |d, v| "#{d.domain_name} (in #{v} days)" }.join(', ')
+      elsif !warn_domains.empty?
+        warning "Domains are expiring in less than #{config[:warn]} days: " + warn_domains.map { |d, v| "#{d.domain_name} (in #{v} days)" }.join(', ')
+      else
+        ok 'No domains are expiring soon'
+      end
+
+    rescue => e
+      unknown "An error occurred communicating with the Route53 API: #{e.message}"
+    end
+  end
+end

data/bin/check-s3-object.rb

@@ -1,6 +1,6 @@
 #! /usr/bin/env ruby
 #
-# check-s3-bucket
+# check-s3-object
 #
 # DESCRIPTION:
 #   This plugin checks if a file exists in a bucket and/or is not too old.
@@ -31,7 +31,7 @@
 require 'sensu-plugin/check/cli'
 require 'aws-sdk'
 
-class CheckS3Bucket < Sensu::Plugin::Check::CLI
+class CheckS3Object < Sensu::Plugin::Check::CLI
   option :aws_access_key,
          short: '-a AWS_ACCESS_KEY',
          long: '--aws-access-key AWS_ACCESS_KEY',
@@ -67,13 +67,6 @@ class CheckS3Bucket < Sensu::Plugin::Check::CLI
          description: 'The name of key in the bucket',
          required: true
 
-  option :ok_zero_size,
-         description: 'OK if file has zero size',
-         short: '-z',
-         long: '--ok-zero-size',
-         boolean: true,
-         default: false
-
   option :warning_age,
          description: 'Warn if mtime greater than provided age in seconds',
          short: '-w SECONDS',
@@ -84,17 +77,58 @@ class CheckS3Bucket < Sensu::Plugin::Check::CLI
          short: '-c SECONDS',
          long: '--critical SECONDS'
 
+  option :ok_zero_size,
+         description: 'OK if file has zero size',
+         short: '-z',
+         long: '--ok-zero-size',
+         boolean: true,
+         default: false
+
+  option :warning_size,
+         description: 'Warning threshold for size',
+         long: '--warning-size COUNT'
+
+  option :critical_size,
+         description: 'Critical threshold for size',
+         long: '--critical-size COUNT'
+
+  option :compare_size,
+         description: 'Comparision operator for threshold: equal, not, greater, less',
+         short: '-o OPERATION',
+         long: '--operator-size OPERATION',
+         default: 'equal'
+
   def aws_config
     { access_key_id: config[:aws_access_key],
       secret_access_key: config[:aws_secret_access_key],
       region: config[:aws_region] }
   end
 
-  def run_check(type, age)
-    to_check = config["#{type}_age".to_sym].to_i
-    if to_check > 0 && age >= to_check # rubocop:disable GuardClause
-      send(type, "S3 object #{config[:key_name]} is #{age - to_check} seconds past (bucket #{config[:bucket_name]})")
+  def operator
+    op = lambda do |type, a, b|
+      case type
+      when 'age'
+        a > b
+      when 'size'
+        if config[:compare_size] == 'greater'
+          a > b
+        elsif config[:compare_size] == 'less'
+          a < b
+        elsif config[:compare_size] == 'not'
+          a != b
+        end
+      else
+        a == b
+      end
     end
+    op
+  end
+
+  def run_check(type, level, value, msg)
+    key = "#{level}_#{type}".to_sym
+    return if config[key].nil?
+    to_check = config[key].to_i
+    send(level, msg % [config[:key_name], value, config[:bucket_name]]) if operator.call type, value, to_check
   end
 
   def run
@@ -107,21 +141,26 @@ class CheckS3Bucket < Sensu::Plugin::Check::CLI
     s3 = Aws::S3::Client.new(aws_config.merge!(region: config[:aws_region]))
     begin
       output = s3.head_object(bucket: config[:bucket_name], key: config[:key_name])
+      age = Time.now.to_i - output[:last_modified].to_i
+      size = output[:content_length]
 
-      if output[:content_length] == 0 && !config[:ok_zero_size]
-        critical "S3 object #{config[:key_name]} has zero size (bucket #{config[:bucket_name]})"
+      [:critical, :warning].each do |level|
+        run_check('age', level, age, 'S3 object %s is %s seconds old (bucket %s)')
       end
 
-      if config[:warning_age] || config[:critical_age]
-        age = Time.now.to_i - output[:last_modified].to_i
-        run_check(:critical, age) || run_check(:warning, age) || ok("S3 object #{config[:key_name]} is #{age} seconds old (bucket #{config[:bucket_name]})")
+      if size == 0
+        critical "S3 object #{config[:key_name]} is empty (bucket #{config[:bucket_name]})" unless config[:ok_zero_size]
       else
-        ok("S3 object #{config[:key_name]} exists (bucket #{config[:bucket_name]})")
+        [:critical, :warning].each do |level|
+          run_check('size', level, size, 'S3 %s object\'size : %s octets (bucket %s)')
+        end
       end
+
+      ok("S3 object #{config[:key_name]} exists in bucket #{config[:bucket_name]}")
     rescue Aws::S3::Errors::NotFound => _
       critical "S3 object #{config[:key_name]} not found in bucket #{config[:bucket_name]}"
     rescue => e
-      critical "S3 object #{config[:key_name]} in bucket #{config[:bucket_name]} - #{e.message}"
+      critical "S3 object #{config[:key_name]} in bucket #{config[:bucket_name]} - #{e.message} - #{e.backtrace}"
     end
   end
 end