diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 5277321..712572f 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -16,4 +16,4 @@ repos:
- id: trailing-whitespace
- id: detect-aws-credentials
- id: check-json
- - id: pretty-format-json
\ No newline at end of file
+ # - id: pretty-format-json
diff --git a/README.md b/README.md
index f1b0095..bee6280 100644
--- a/README.md
+++ b/README.md
@@ -15,10 +15,10 @@ The file contains the alarms per service.
In the example below you see the EC2 service that contains the CPU Utilization alarm. This will create the CPU Utilization alarm for every EC2 instance.
```
"EC2" : { <- Service
- "CPUUtilization": { <- Alarmname
- "AlarmThresholds" : {
+ "CPUUtilization": { <- Alarmname
+ "AlarmThresholds" : {
"priority": ["P1", "P2", "P3"], <- for every priority there needs to be a threshold and vice versa
- "alarm_threshold": ["90", "80", "75"]
+ "alarm_threshold": ["90", "80", "75"]
},
"ComparisonOperator" : "GreaterThanThreshold",
"Description" : { <- Description is used for naming the alarm in cloudwatch
@@ -76,6 +76,7 @@ module "observability_sender" {
| Name | Version |
|------|---------|
+| [archive](#provider\_archive) | n/a |
| [aws](#provider\_aws) | > 4.3.0 |
## Modules
@@ -84,7 +85,7 @@ module "observability_sender" {
|------|--------|---------|
| [iam\_role\_lambda\_cw\_alarm\_creator](#module\_iam\_role\_lambda\_cw\_alarm\_creator) | git@github.com:TechNative-B-V/modules-aws.git//identity_and_access_management/iam_role | v1.1.7 |
| [iam\_role\_lambda\_payload\_forwarder](#module\_iam\_role\_lambda\_payload\_forwarder) | git@github.com:TechNative-B-V/modules-aws.git//identity_and_access_management/iam_role | v1.1.7 |
-| [lambda\_cw\_alarm\_creator](#module\_lambda\_cw\_alarm\_creator) | git@github.com:TechNative-B-V/modules-aws.git//lambda | v1.1.7 |
+| [lambda\_cw\_alarm\_creator](#module\_lambda\_cw\_alarm\_creator) | git@github.com:wearetechnative/terraform-aws-lambda.git | 13eda5f9e8ae40e51f66a45837cd41a6b35af988 |
| [lambda\_payload\_forwarder](#module\_lambda\_payload\_forwarder) | git@github.com:TechNative-B-V/modules-aws.git//lambda | v1.1.7 |
## Resources
@@ -98,20 +99,25 @@ module "observability_sender" {
| [aws_cloudwatch_event_target.lambda_target](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
| [aws_cloudwatch_event_target.this](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/cloudwatch_event_target) | resource |
| [aws_kms_grant.give_lambda_role_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/kms_grant) | resource |
+| [aws_lambda_layer_version.custom_actions](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_layer_version) | resource |
| [aws_lambda_permission.allow_eventbridge](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
| [aws_lambda_permission.allow_eventbridge_instance_terminate_rule](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
| [aws_lambda_permission.payload_forwarder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/lambda_permission) | resource |
| [aws_sns_topic.notification_receiver](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic) | resource |
| [aws_sns_topic_policy.allow_lambda_sns_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_policy) | resource |
| [aws_sns_topic_subscription.lambda_eventbridge_forwarder](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/resources/sns_topic_subscription) | resource |
+| [archive_file.custom_action](https://registry.terraform.io/providers/hashicorp/archive/latest/docs/data-sources/file) | data source |
| [aws_caller_identity.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/caller_identity) | data source |
| [aws_iam_policy_document.cloudwatch_alarms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.eventbus](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.kms](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.lambda_cw_alarm_creator_dlq_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.lambda_ec2_read_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.lambda_ecs_read_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.lambda_elasticache_read_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.lambda_monitoring_account_sqs_access_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.lambda_payload_forwarder_dlq_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
+| [aws_iam_policy_document.lambda_rds_read_access](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_iam_policy_document.sns_topic_policy](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/iam_policy_document) | data source |
| [aws_partition.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/partition) | data source |
| [aws_region.current](https://registry.terraform.io/providers/hashicorp/aws/latest/docs/data-sources/region) | data source |
@@ -123,6 +129,7 @@ module "observability_sender" {
| [eventbridge\_rules](#input\_eventbridge\_rules) | EventBridge rule settings. | map(object({
description : string
state : string
event_pattern : string
})
) | `{}` | no |
| [kms\_key\_arn](#input\_kms\_key\_arn) | ARN of the KMS key. | `string` | n/a | yes |
| [monitoring\_account\_configuration](#input\_monitoring\_account\_configuration) | Configuration settings of the monitoring account. | object({
sqs_name = string
sqs_region = string
sqs_account = number
}) | n/a | yes |
+| [source\_directory\_location](#input\_source\_directory\_location) | Source Directory location for the custom alarm creator actions.py. | `string` | `null` | no |
| [sqs\_dlq\_arn](#input\_sqs\_dlq\_arn) | ARN of the Dead Letter Queue. | `string` | n/a | yes |
## Outputs
diff --git a/alarm_creator/actions.py b/alarm_creator/actions.py
index d5d211b..c5e873b 100644
--- a/alarm_creator/actions.py
+++ b/alarm_creator/actions.py
@@ -1,81 +1,122 @@
-import boto3, json
+import boto3, json, subprocess, os
from pip import main
+# environment_variables
+custom_alert_action = os.environ['CUSTOM_ALERT_ACTION']
+
# Create boto3 clients
CWclient = boto3.client("cloudwatch")
ec2 = boto3.resource("ec2")
rds = boto3.client("rds")
ec2client = boto3.client("ec2")
ecsclient = boto3.client("ecs")
+elasticlient = boto3.client("elasticache")
+
+# Create Lambda layer create if statement to choose which one depending on which variable is enabled.
-# Load json file containing the alarms
-with open('./alarms.json') as alarms_file:
- alarms = json.load(alarms_file)
+
+# Load json file containing the alarms, checks if it needs to use a custom alarms json or default json.
+if custom_alert_action == "true":
+ with open('/opt/custom_alarms.json') as alarms_file:
+ alarms = json.load(alarms_file)
+else:
+ with open('./alarms.json') as alarms_file:
+ alarms = json.load(alarms_file)
# Alarm creator
def AWS_Alarms():
for service in alarms:
- # Fill instances variable with Running instances per service
+ dimensionlist = []
+ # instances = None
+ #Fill instances variable with Running instances per service
if service == "EC2":
instances = GetRunningInstances()
elif service == "RDS":
instances = GetRunningDBInstances()
- elif service == "ECS":
- instances = GetRunningClusters()
- for alarm in alarms[service]:
+ elif service == "CWAgent":
+ instances = GetRunningInstances()
+ # elif service == "ECS":
+ # instances = GetRunningClusters()
+ # elif service == "ElastiCache":
+ # instances = GetRunningCacheClusters()
+ for alarm in alarms[service]:
# Query the namespaces in CloudWatch Metrics
- response = CWclient.list_metrics(Namespace=f"{alarms[service][alarm]['Namespace']}", RecentlyActive='PT3H',)
+ response = CWclient.list_metrics(Namespace=f"{alarms[service][alarm]['Namespace']}", RecentlyActive='PT3H')
+
for metrics in response["Metrics"]:
- # Check if any of the found metricnames are equal to metric names in alarms file
+ # Check if any of the found metric names are equal to metric names in alarms file
if metrics["MetricName"] == alarms[service][alarm]['MetricName']:
- for dimensions in metrics["Dimensions"]:
- if dimensions["Name"] == alarms[service][alarm]['Dimensions']:
- for priority, threshold in zip(alarms[service][alarm]['AlarmThresholds']["priority"], alarms[service][alarm]['AlarmThresholds']["alarm_threshold"]):
-
- # To make alarmnames pretty, 'MB/GB' is used instead of 1000000/1000000000 bytes, needs to be in bytes for actual threshold
- if alarms[service][alarm]['Description']['ThresholdUnit'] == "GB":
- cw_threshold = int(threshold) * 1000000000
- elif alarms[service][alarm]['Description']['ThresholdUnit'] == "MB":
- cw_threshold = int(threshold) * 1000000
- else:
- cw_threshold = int(threshold)
-
- # Handling dimensions
- instanceDimensions = {
- "Name": f"{dimensions['Name']}",
- "Value": f"{dimensions['Value']}"
+ for priority, threshold in zip(alarms[service][alarm]['AlarmThresholds']["priority"], alarms[service][alarm]['AlarmThresholds']["alarm_threshold"]):
+ # Convert thresholds to bytes if needed
+ if alarms[service][alarm]['Description']['ThresholdUnit'] == "GB":
+ cw_threshold = int(threshold) * 1000000000
+ elif alarms[service][alarm]['Description']['ThresholdUnit'] == "MB":
+ cw_threshold = int(threshold) * 1000000
+ else:
+ cw_threshold = int(threshold)
+
+ # Handling dimensions
+ for instance in instances:
+
+ instanceDimensions = {
+ "Name": f"{alarms[service][alarm]['Dimensions']}",
+ "Value": instance
+ }
+
+ #Add any additional disk-related dimensions if present
+ if 'ExtraDimensions' in alarms[service][alarm]:
+ dimensionlist.extend(alarms[service][alarm]['ExtraDimensions'])
+
+ for dimension in dimensionlist:
+ if dimension["Name"] == "path" and dimension["Value"] == "/":
+ # Query the namespaces in CloudWatch Metrics
+ # Find the correct device dimension for the root volume
+ response_2 = CWclient.list_metrics(Namespace=f"{alarms[service][alarm]['Namespace']}", RecentlyActive='PT3H',
+ Dimensions=[instanceDimensions, {'Name': 'path', 'Value': '/'}]
+ )
+
+ for metrics in response_2["Metrics"]:
+ for dimension in metrics["Dimensions"]:
+ if dimension['Name'] == "device":
+
+ dimensionlist = [
+ instanceDimensions,
+ {
+ "Name": "device",
+ "Value": f"{dimension['Value']}"
}
- dimensionlist = []
- # For disk alarms there are more dimensions than other alarms
- try:
- for item in alarms[service][alarm]['DiskDimensions']:
- dimensionlist.append(item)
- except KeyError: #
- dimensionlist = []
- dimensionlist.insert(0, instanceDimensions)
-
- for instance in instances:
-
- # Create alarms
- CWclient.put_metric_alarm(
- AlarmName=f"{instance}-{alarm} {alarms[service][alarm]['Description']['Operatorsymbol']} {threshold} {alarms[service][alarm]['Description']['ThresholdUnit']}",
- ComparisonOperator=alarms[service][alarm]['ComparisonOperator'],
- EvaluationPeriods=alarms[service][alarm]['EvaluationPeriods'],
- MetricName=alarms[service][alarm]['MetricName'],
- Namespace=alarms[service][alarm]['Namespace'],
- Period=alarms[service][alarm]['Period'],
- Statistic=alarms[service][alarm]['Statistic'],
- Threshold=cw_threshold,
- ActionsEnabled=True,
- TreatMissingData=alarms[service][alarm]['TreatMissingData'],
- AlarmDescription=f"{priority}",
- Dimensions=dimensionlist,
- Tags=[{"Key": "CreatedbyLambda", "Value": "True"}],
- )
+ ]
+ dimensionlist.extend(alarms[service][alarm]['ExtraDimensions'])
+ else:
+ continue
+ else:
+ #Clean up dimensionlist if not extra dimensions are present and only add the instance dimension
+ dimensionlist = []
+ dimensionlist = [instanceDimensions]
+
+
+ # Create the alarms
+ CWclient.put_metric_alarm(
+ AlarmName=f"{instance}-{alarm} {alarms[service][alarm]['Description']['Operatorsymbol']} {threshold} {alarms[service][alarm]['Description']['ThresholdUnit']}",
+ ComparisonOperator=alarms[service][alarm]['ComparisonOperator'],
+ EvaluationPeriods=alarms[service][alarm]['EvaluationPeriods'],
+ MetricName=alarms[service][alarm]['MetricName'],
+ Namespace=alarms[service][alarm]['Namespace'],
+ Period=alarms[service][alarm]['Period'],
+ Statistic=alarms[service][alarm]['Statistic'],
+ Threshold=cw_threshold,
+ ActionsEnabled=True,
+ TreatMissingData=alarms[service][alarm]['TreatMissingData'],
+ AlarmDescription=f"{priority}",
+ Dimensions=dimensionlist,
+ Tags=[{"Key": "CreatedbyLambda", "Value": "True"}],
+ )
+
+
def GetRunningInstances():
get_running_instances = ec2client.describe_instances(
@@ -109,18 +150,26 @@ def GetRunningClusters():
return RunningClusterNames
+def GetRunningCacheClusters():
+ get_running_cacheclusters = elasticlient.describe_cache_clusters()
+ RunningCacheClusters = []
+ for cachecluster in get_running_cacheclusters["CacheClusters"]:
+ RunningCacheClusters.append(cachecluster['CacheClusterId'])
+
+ return RunningCacheClusters
+
def DeleteAlarms():
get_alarm_info = CWclient.describe_alarms()
RunningInstances = GetRunningInstances()
RunningRDSInstances = GetRunningDBInstances()
RunningClusters = GetRunningClusters()
-
+
# collect alarm metrics and compare alarm metric instanceId with instance id's in array. if the state reason is breaching and instance does not exist delete alarm.
for metricalarm in get_alarm_info["MetricAlarms"]:
instance_id = list(filter(lambda x: x["Name"] == "InstanceId", metricalarm["Dimensions"]))
rds_instance_name = list(filter(lambda x: x["Name"] == "DBInstanceIdentifier", metricalarm["Dimensions"]))
cluster_name = list(filter(lambda x: x["Name"] == "ClusterName", metricalarm["Dimensions"]))
-
+
if len(instance_id) == 1:
if instance_id[0]["Value"] not in RunningInstances:
CWclient.delete_alarms(AlarmNames=[metricalarm["AlarmName"]])
diff --git a/alarm_creator/alarms.json b/alarm_creator/alarms.json
index f5108ec..9b1047d 100644
--- a/alarm_creator/alarms.json
+++ b/alarm_creator/alarms.json
@@ -3,7 +3,7 @@
"CPUUtilization": {
"AlarmThresholds" : {
"priority": ["P1", "P2", "P3"],
- "alarm_threshold": ["90", "80", "75"]
+ "alarm_threshold": ["90", "80", "75"]
},
"ComparisonOperator" : "GreaterThanThreshold",
"Description" : {
@@ -20,16 +20,16 @@
}
},
- "CWAgent" : {
+ "CWAgent" : {
"mem_used_percent": {
"AlarmThresholds" : {
"priority": ["P1", "P2", "P3"],
- "alarm_threshold": ["90", "80", "75"]
+ "alarm_threshold": ["90", "80", "75"]
},
"ComparisonOperator" : "GreaterThanThreshold",
"Description" : {
"Operatorsymbol" : ">",
- "ThresholdUnit" : "%"
+ "ThresholdUnit" : "%"
},
"EvaluationPeriods" : 2,
"MetricName" : "mem_used_percent",
@@ -43,12 +43,12 @@
"disk_used_percent_root": {
"AlarmThresholds" : {
"priority": ["P1", "P2", "P3"],
- "alarm_threshold": ["90", "80", "75"]
+ "alarm_threshold": ["90", "80", "75"]
},
"ComparisonOperator" : "GreaterThanThreshold",
"Description" : {
"Operatorsymbol" : ">",
- "ThresholdUnit" : "%"
+ "ThresholdUnit" : "%"
},
"EvaluationPeriods" : 2,
"MetricName" : "disk_used_percent",
@@ -57,16 +57,12 @@
"Statistic" : "Average",
"TreatMissingData" : "breaching",
"Dimensions" : "InstanceId",
- "DiskDimensions": [
+ "ExtraDimensions": [
{
"Name": "path",
"Value": "/"
},
{
- "Name": "device",
- "Value": "nvme0n1p1"
- },
- {
"Name": "fstype",
"Value": "ext4"
}
@@ -76,12 +72,12 @@
"disk_used_percent_sys_fs": {
"AlarmThresholds" : {
"priority": ["P1", "P2", "P3"],
- "alarm_threshold": ["90", "80", "75"]
+ "alarm_threshold": ["90", "80", "75"]
},
"ComparisonOperator" : "GreaterThanThreshold",
"Description" : {
"Operatorsymbol" : ">",
- "ThresholdUnit" : "%"
+ "ThresholdUnit" : "%"
},
"EvaluationPeriods" : 2,
"MetricName" : "disk_used_percent",
@@ -90,7 +86,7 @@
"Statistic" : "Average",
"TreatMissingData" : "breaching",
"Dimensions" : "InstanceId",
- "DiskDimensions": [
+ "ExtraDimensions": [
{
"Name": "path",
"Value": "/sys/fs/cgroup"
@@ -109,12 +105,12 @@
"disk_used_percent_dev": {
"AlarmThresholds" : {
"priority": ["P1", "P2", "P3"],
- "alarm_threshold": ["90", "80", "75"]
+ "alarm_threshold": ["90", "80", "75"]
},
"ComparisonOperator" : "GreaterThanThreshold",
"Description" : {
"Operatorsymbol" : ">",
- "ThresholdUnit" : "%"
+ "ThresholdUnit" : "%"
},
"EvaluationPeriods" : 2,
"MetricName" : "disk_used_percent",
@@ -123,7 +119,7 @@
"Statistic" : "Average",
"TreatMissingData" : "breaching",
"Dimensions" : "InstanceId",
- "DiskDimensions": [
+ "ExtraDimensions": [
{
"Name": "path",
"Value": "/dev"
@@ -139,13 +135,13 @@
]
}
},
-
+
"RDS" : {
"FreeStorageSpace": {
"AlarmThresholds" : {
"priority": ["P1", "P2", "P3"],
- "alarm_threshold": ["2", "3", "4"]
+ "alarm_threshold": ["2", "3", "4"]
},
"ComparisonOperator" : "LessThanOrEqualToThreshold",
"Description" : {
@@ -158,13 +154,13 @@
"Period" : 300,
"Statistic" : "Minimum",
"TreatMissingData" : "breaching",
- "Dimensions" : "DBInstanceIdentifier"
+ "Dimensions" : "DBInstanceIdentifier"
},
-
+
"SwapUsage" : {
"AlarmThresholds" : {
"priority": ["P1", "P2", "P3"],
- "alarm_threshold": ["512", "400", "300"]
+ "alarm_threshold": ["512", "400", "300"]
},
"ComparisonOperator" : "GreaterThanThreshold",
"Description" : {
@@ -183,7 +179,7 @@
"FreeableMemory" : {
"AlarmThresholds" : {
"priority": ["P1", "P2", "P3"],
- "alarm_threshold": ["20", "50", "100"]
+ "alarm_threshold": ["20", "50", "100"]
},
"ComparisonOperator" : "LessThanThreshold",
"Description" : {
@@ -204,7 +200,7 @@
"TaskCount" : {
"AlarmThresholds" : {
"priority": ["P1"],
- "alarm_threshold": ["1"]
+ "alarm_threshold": ["1"]
},
"ComparisonOperator" : "LessThanThreshold",
"Description" : {
@@ -220,5 +216,5 @@
"Dimensions" : "ClusterName"
}
}
-
+
}
diff --git a/lambda_cw_alarm_creator.tf b/lambda_cw_alarm_creator.tf
index 7dbe04e..11079b0 100644
--- a/lambda_cw_alarm_creator.tf
+++ b/lambda_cw_alarm_creator.tf
@@ -1,6 +1,7 @@
module "lambda_cw_alarm_creator" {
# Pinned to a tag but needs to be updated once we add an official release tag.
- source = "git@github.com:TechNative-B-V/modules-aws.git//lambda?ref=v1.1.7"
+ #source = "git@github.com:TechNative-B-V/modules-aws.git//lambda?ref=v1.1.7"
+ source = "git@github.com:wearetechnative/terraform-aws-lambda.git?ref=13eda5f9e8ae40e51f66a45837cd41a6b35af988"
name = local.lambda_cw_alarm_name
@@ -17,13 +18,31 @@ module "lambda_cw_alarm_creator" {
source_directory_location = "${path.module}/alarm_creator/"
source_file_name = null
+ layers = var.source_directory_location != null ? [aws_lambda_layer_version.custom_actions[0].arn] : null
+
environment_variables = {
- SNS_ARN = "${aws_sns_topic.notification_receiver.arn}"
+ SNS_ARN = "${aws_sns_topic.notification_receiver.arn}"
+ CUSTOM_ALERT_ACTION = var.source_directory_location != null ? true : false
}
sqs_dlq_arn = var.sqs_dlq_arn
}
+# Create Lambda layer to host custom_alarms.json
+
+resource "aws_lambda_layer_version" "custom_actions" {
+ count = var.source_directory_location != null ? 1 : 0
+
+ layer_name = "alarm_creator_custom_alert_actions"
+ description = "Contains a customer specific custom_alarms.json used for the alarm_creator"
+
+ filename = data.archive_file.custom_action[0].output_path
+
+ source_code_hash = data.archive_file.custom_action[0].output_base64sha256
+
+ compatible_runtimes = ["python3.9"]
+}
+
# Cron job event rule directly tied to lambda function.
resource "aws_cloudwatch_event_rule" "refresh_alarms" {
name = "refresh-cloudwatch-alarms-rule"
diff --git a/lambda_cw_alarm_creator_role.tf b/lambda_cw_alarm_creator_role.tf
index 180b51a..b59f284 100644
--- a/lambda_cw_alarm_creator_role.tf
+++ b/lambda_cw_alarm_creator_role.tf
@@ -14,6 +14,7 @@ module "iam_role_lambda_cw_alarm_creator" {
"lambda_ec2_read_access" : jsondecode(data.aws_iam_policy_document.lambda_ec2_read_access.json)
"lambda_rds_read_access" : jsondecode(data.aws_iam_policy_document.lambda_rds_read_access.json)
"lambda_ecs_read_access" : jsondecode(data.aws_iam_policy_document.lambda_ecs_read_access.json)
+ "lambda_elasticache_read_access" : jsondecode(data.aws_iam_policy_document.lambda_elasticache_read_access.json)
}
trust_relationship = {
@@ -93,6 +94,17 @@ data "aws_iam_policy_document" "lambda_ecs_read_access" {
}
}
+data "aws_iam_policy_document" "lambda_elasticache_read_access" {
+ statement {
+ sid = "AllowLambdaElasticacheAccess"
+
+ actions = ["elasticache:Describe*"]
+
+ resources = ["*"]
+ }
+}
+
+
# The Lambda role needs to access KMS key in order to access SNS topic.
resource "aws_kms_grant" "give_lambda_role_access" {
name = "lambda-role-kms-grant-access"
diff --git a/locals.tf b/locals.tf
index 4cf796c..a6cd365 100644
--- a/locals.tf
+++ b/locals.tf
@@ -12,9 +12,9 @@ locals {
"event_pattern" : jsonencode({
"source" : ["aws.cloudwatch"],
"detail-type" : ["CloudWatch Alarm State Change"],
- "detail": {
- "configuration": {
- "description": [ { "anything-but": "Autoscaling_alarm" } ]
+ "detail" : {
+ "configuration" : {
+ "description" : [{ "anything-but" : "Autoscaling_alarm" }]
}
}
})
diff --git a/variables.tf b/variables.tf
index 1b3d0c8..5f5bd19 100644
--- a/variables.tf
+++ b/variables.tf
@@ -29,3 +29,9 @@ variable "monitoring_account_configuration" {
sqs_account = number
})
}
+
+variable "source_directory_location" {
+ description = "Source Directory location for the custom alarm creator actions.py."
+ type = string
+ default = null
+}
diff --git a/zip.tf b/zip.tf
new file mode 100644
index 0000000..c4b0094
--- /dev/null
+++ b/zip.tf
@@ -0,0 +1,10 @@
+# stolen from https://github.com/hashicorp/terraform/issues/8344
+
+data "archive_file" "custom_action" {
+ count = var.source_directory_location != null ? 1 : 0
+
+ type = "zip"
+ source_dir = var.source_directory_location
+ output_path = "${path.module}/lambda_function_custom_actions.zip" # include name to prevent overwrite when module is reused
+ output_file_mode = "0666" # cross platform consistent output
+}