Skip to content

Commit

Permalink
ACM Support (#115)
Browse files Browse the repository at this point in the history
* Initial add of ACM resource

* Add alarms & event subs for ACM

* Bump version to 0.11.5

* Add default generation of specifed event subs

* Bump version to 0.11.6
  • Loading branch information
tarunmenon95 authored Oct 17, 2023
1 parent af2be86 commit 144780c
Show file tree
Hide file tree
Showing 7 changed files with 70 additions and 3 deletions.
2 changes: 1 addition & 1 deletion README.md
Original file line number Diff line number Diff line change
Expand Up @@ -22,7 +22,7 @@ CfnGuardian is a AWS monitoring tool with a few capabilities:
- tls version checking

**Supported AWS Resources**

- ACM Certificates
- AmazonMq(RabbitMQ and ActiveMQ)
- ApiGateway
- Application Targetgroups
Expand Down
1 change: 1 addition & 0 deletions docs/resources.md
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,7 @@ Resources:
| Resource Group | Require Keys |
| --------------------------- | ---------------- |
| Acm | Id |
| ApiGateway | Id |
| AmazonMQBroker | Id |
| AutoScalingGroup | Id |
Expand Down
19 changes: 18 additions & 1 deletion lib/cfnguardian/compile.rb
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
require 'cfnguardian/stacks/main'
require 'cfnguardian/models/composite'
require 'cfnguardian/resources/base'
require 'cfnguardian/resources/acm'
require 'cfnguardian/resources/apigateway'
require 'cfnguardian/resources/application_targetgroup'
require 'cfnguardian/resources/amazonmq_broker'
Expand Down Expand Up @@ -139,6 +140,9 @@ def get_resources
@cost += resource_class.get_cost
end
end

# Add default event subscriptions
@resources.concat generate_default_event_subscriptions()

@maintenance_groups.each do |maintenance_group,resource_groups|
resource_groups.each do |group, alarms|
Expand Down Expand Up @@ -251,6 +255,19 @@ def genrate_template_config(parameters)

File.write("out/template-config.guardian.json", template.to_json)
end


def generate_default_event_subscriptions()
# List of Classes which default events should be deployed
default_resource_classes = ['CfnGuardian::Resource::Acm']
default_event_subscriptions = []

default_resource_classes.each do |resource_class|
resource_instance = Kernel.const_get(resource_class).new({"Id"=>resource_class}) # Dummy ID
default_event_subscriptions.concat(resource_instance.default_event_subscriptions())
end

return default_event_subscriptions
end

end
end
9 changes: 9 additions & 0 deletions lib/cfnguardian/models/alarm.rb
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,15 @@ def metric_name=(metric_name)
end
end

class AcmAlarm < BaseAlarm
def initialize(resource)
super(resource)
@group = 'Acm'
@namespace = 'AWS/CertificateManager'
@dimensions = { CertificateArn: { "Fn::Sub" => "arn:aws:acm:${AWS::Region}:${AWS::AccountId}:certificate/#{resource['Id']}"}}
end
end

class ApiGatewayAlarm < BaseAlarm
def initialize(resource)
super(resource)
Expand Down
1 change: 1 addition & 0 deletions lib/cfnguardian/models/event_subscription.rb
Original file line number Diff line number Diff line change
Expand Up @@ -95,6 +95,7 @@ def initialize(resource)
end
end

class AcmEventSubscription < BaseEventSubscription; end
class ApiGatewayEventSubscription < BaseEventSubscription; end
class ApplicationTargetGroupEventSubscription < BaseEventSubscription; end
class AmazonMQBrokerEventSubscription < BaseEventSubscription; end
Expand Down
39 changes: 39 additions & 0 deletions lib/cfnguardian/resources/acm.rb
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
module CfnGuardian::Resource
class Acm < Base

def default_alarms
alarm = CfnGuardian::Models::AcmAlarm.new(@resource)
alarm.name = 'CertificateExpiry'
alarm.metric_name = 'DaysToExpiry'
alarm.statistic = 'Average'
alarm.threshold = 30
alarm.comparison_operator = 'LessThanThreshold'
alarm.evaluation_periods = 1
alarm.period = 86400
@alarms.push(alarm)
end

def default_event_subscriptions()
event_subscription = CfnGuardian::Models::AcmEventSubscription.new(@resource)
event_subscription.name = 'AcmCertificateNearExpiry'
event_subscription.detail_type = 'ACM Certificate Approaching Expiration'
event_subscription.source = 'aws.acm'
event_subscription.detail = {
'DaysToExpiry' => [31]
}
@event_subscriptions.push(event_subscription)

event_subscription = CfnGuardian::Models::AcmEventSubscription.new(@resource)
event_subscription.name = 'AcmCertificateExpired'
event_subscription.detail_type = 'ACM Certificate Expired'
event_subscription.source = 'aws.acm'
@event_subscriptions.push(event_subscription)

event_subscription = CfnGuardian::Models::AcmEventSubscription.new(@resource)
event_subscription.name = 'AcmRenewalActionRequired'
event_subscription.detail_type = 'ACM Certificate Renewal Action Required'
event_subscription.source = 'aws.acm'
@event_subscriptions.push(event_subscription)
end
end
end
2 changes: 1 addition & 1 deletion lib/cfnguardian/version.rb
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
module CfnGuardian
VERSION = "0.11.5"
VERSION = "0.11.6"
CHANGE_SET_VERSION = VERSION.gsub('.', '-').freeze
end

0 comments on commit 144780c

Please sign in to comment.