terrafying-components 2.1.0 → 2.2.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0f7daf4d56be1749a0505aa8b99cf01170a2dc98d4460ce1a071e4956798ae00
-  data.tar.gz: 98309d3622147a3cd4b9f89e9d548cd09fc88003d79faa5c1c37f5a20d5c5672
+  metadata.gz: 4c81c09c0e80313520196667c51e90d2341d085b7e1811ca355db7788d2584e3
+  data.tar.gz: baa1f3a03f45384b9563605849336af96fa0b529052fa5fbec55f31e63d27017
 SHA512:
-  metadata.gz: b91ab228e8faa8d2166516faf4e0c263c0aef5ba5476d62572352ce1733cb95e3369724039ccc540e7183c947cef1d1266418948095ad3522d7147e79f132e98
-  data.tar.gz: d0e852429b7ec2bef6ab2fe7a5670d17fe00c2a51b9f8a87cda2b01a01103048c1175046c9646a8cafb0cf4e6c2548e2703791ce5a943e8325f2c5f8a8e5d86f
+  metadata.gz: 53189ee367e6cd7ebcbac7abb10228c2dc66b106ee87ace03dba1c52efa2292ea8c8db9cf63aa3b5e865af27c6044407b83cc2dec295b2b960eba8e20a1a96f6
+  data.tar.gz: 965e49137abe71f08b6d593004b7aa92b65e73551a97844be3e111af7456daf6df33da0e5b156bb8984d16c9e0f0cac433aaacd6ce669f88eaa02be53498329a

data/lib/terrafying/components/letsencrypt.rb

@@ -47,7 +47,16 @@ module Terrafying
           curve: 'P384',
           rsa_bits: '3072',
           use_external_dns: false,
-          renewing: false
+          renewing: false,
+          renew_alert_options: {
+            protocol: nil,
+            endpoint: nil,
+            endpoint_auto_confirms: false,
+            confirmation_timeout_in_minutes: 1,
+            raw_message_delivery: false,
+            filter_policy: nil,
+            delivery_policy: nil
+          }
         }.merge(options)
 
         @name = name
@@ -56,9 +65,11 @@ module Terrafying
         @acme_provider = @acme_providers[options[:provider]]
         @use_external_dns = options[:use_external_dns]
         @renewing = options[:renewing]
+        @renew_alert_options = options[:renew_alert_options]
         @prefix_path = [@prefix, @name].reject(&:empty?).join("/")
 
         renew() if @renewing
+        renew_alert() if @renew_alert_options[:endpoint] != nil
 
         provider :tls, {}
 
@@ -324,7 +335,7 @@ module Terrafying
               )
             }
 
-        lamda_function = resource :aws_lambda_function, "#{@name}_lambda", {
+        lambda_function = resource :aws_lambda_function, "#{@name}_lambda", {
           function_name: "#{@name}_lambda",
           s3_bucket: "uswitch-certbot-lambda",
           s3_key: "certbot-lambda.zip",
@@ -355,20 +366,59 @@ module Terrafying
 
         resource :aws_cloudwatch_event_target, "#{@name}_lambda_event_target", {
           rule: event_rule["name"],
-          target_id: lamda_function["id"],
-          arn: lamda_function["arn"]
+          target_id: lambda_function["id"],
+          arn: lambda_function["arn"]
         }
 
         resource :aws_lambda_permission, "allow_cloudwatch_to_invoke_#{@name}_lambda", {
           statement_id: "AllowExecutionFromCloudWatch",
           action: "lambda:InvokeFunction",
-          function_name: lamda_function["function_name"],
+          function_name: lambda_function["function_name"],
           principal: "events.amazonaws.com",
           source_arn: event_rule["arn"]
         }
         self
       end
 
+      def renew_alert
+        topic = resource :aws_sns_topic, "#{@name}_lambda_cloudwatch_topic", {
+                 name: "#{@name}_lambda_cloudwatch_topic"
+        }
+
+        alarm = resource :aws_cloudwatch_metric_alarm, "#{@name}_lambda_failure_alarm", {
+                 alarm_name: "#{@name}-lambda-failure-alarm",
+                 comparison_operator: "GreaterThanOrEqualToThreshold",
+                 evaluation_periods: "1",
+                 period: "300",
+                 metric_name: "Errors",
+                 namespace: "AWS/Lambda",
+                 threshold: 1,
+                 alarm_description: "Alert generated if the #{@name} certbot lambda fails execution",
+                 actions_enabled: true,
+                 dimensions: {
+                           FunctionName: "${aws_lambda_function.#{@name}_lambda.function_name}"
+                         },
+                 alarm_actions: [
+                           "${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}"
+                         ],
+                 ok_actions: [
+                          "${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}"
+                        ]
+        }
+
+        subscription = resource :aws_sns_topic_subscription, "#{@name}_lambda_cloudwatch_subscription", {
+                 topic_arn: "${aws_sns_topic.#{@name}_lambda_cloudwatch_topic.arn}",
+                 protocol: @renew_alert_options[:protocol],
+                 endpoint: @renew_alert_options[:endpoint],
+                 endpoint_auto_confirms: @renew_alert_options[:endpoint_auto_confirms],
+                 confirmation_timeout_in_minutes: @renew_alert_options[:confirmation_timeout_in_minutes],
+                 raw_message_delivery: @renew_alert_options[:raw_message_delivery],
+                 filter_policy: @renew_alert_options[:filter_policy],
+                 delivery_policy: @renew_alert_options[:delivery_policy]
+        }
+        self
+      end
+
       def generate_alpha_num()
         result = @name.split("").each do |ch|
           alpha_num = ch.upcase.ord - 'A'.ord

data/lib/terrafying/components/version.rb

@@ -2,6 +2,6 @@
 
 module Terrafying
   module Components
-    VERSION = '2.1.0'
+    VERSION = '2.2.0'
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: terrafying-components
 version: !ruby/object:Gem::Version
-  version: 2.1.0
+  version: 2.2.0
 platform: ruby
 authors:
 - uSwitch Limited