From 104a3abe51806da49a260a45b51477b67d62cee8 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Thu, 11 Apr 2024 16:03:45 +0200 Subject: [PATCH 01/31] test --- alarm_creator/actions.py | 8 ++++---- lambda_cw_alarm_creator.tf | 1 + variables.tf | 5 +++++ 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/alarm_creator/actions.py b/alarm_creator/actions.py index d5d211b..d0d739e 100644 --- a/alarm_creator/actions.py +++ b/alarm_creator/actions.py @@ -1,4 +1,4 @@ -import boto3, json +import boto3, json, os from pip import main @@ -10,9 +10,9 @@ ecsclient = boto3.client("ecs") # Load json file containing the alarms -with open('./alarms.json') as alarms_file: - alarms = json.load(alarms_file) - +# with open(os.environ['ALARM']) as alarms_file: +# alarms = json.load(alarms_file) +alarms = json.load(os.environ['ALARMS']) # Alarm creator def AWS_Alarms(): for service in alarms: diff --git a/lambda_cw_alarm_creator.tf b/lambda_cw_alarm_creator.tf index 7dbe04e..ccc5203 100644 --- a/lambda_cw_alarm_creator.tf +++ b/lambda_cw_alarm_creator.tf @@ -19,6 +19,7 @@ module "lambda_cw_alarm_creator" { environment_variables = { SNS_ARN = "${aws_sns_topic.notification_receiver.arn}" + ALARMS = jsonencode(var.alarms) } sqs_dlq_arn = var.sqs_dlq_arn diff --git a/variables.tf b/variables.tf index 1b3d0c8..7d16f65 100644 --- a/variables.tf +++ b/variables.tf @@ -29,3 +29,8 @@ variable "monitoring_account_configuration" { sqs_account = number }) } + +variable "alarms" { + description = "json alarms file" + type = map +} From 9efa53972e0f26b013ddbbaf60c1e5be65c5e391 Mon Sep 17 00:00:00 2001 From: Jeroen Penders <84851337+Jerpen80@users.noreply.github.com> Date: Thu, 11 Apr 2024 16:20:13 +0200 Subject: [PATCH 02/31] Update variables.tf --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 7d16f65..cb78ebb 100644 --- a/variables.tf +++ b/variables.tf @@ -32,5 +32,5 @@ variable "monitoring_account_configuration" { variable "alarms" { description = "json alarms file" - type = map + } From 5c661a51eea2ee554d0ca36630d9c91eec449425 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Thu, 11 Apr 2024 16:50:00 +0200 Subject: [PATCH 03/31] test2 --- alarm_creator/actions.py | 4 ++-- lambda_cw_alarm_creator.tf | 1 - 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/alarm_creator/actions.py b/alarm_creator/actions.py index d0d739e..0594a5a 100644 --- a/alarm_creator/actions.py +++ b/alarm_creator/actions.py @@ -1,4 +1,4 @@ -import boto3, json, os +import boto3, json from pip import main @@ -12,7 +12,7 @@ # Load json file containing the alarms # with open(os.environ['ALARM']) as alarms_file: # alarms = json.load(alarms_file) -alarms = json.load(os.environ['ALARMS']) +alarms = json.load("${var.alarms}") # Alarm creator def AWS_Alarms(): for service in alarms: diff --git a/lambda_cw_alarm_creator.tf b/lambda_cw_alarm_creator.tf index ccc5203..7dbe04e 100644 --- a/lambda_cw_alarm_creator.tf +++ b/lambda_cw_alarm_creator.tf @@ -19,7 +19,6 @@ module "lambda_cw_alarm_creator" { environment_variables = { SNS_ARN = "${aws_sns_topic.notification_receiver.arn}" - ALARMS = jsonencode(var.alarms) } sqs_dlq_arn = var.sqs_dlq_arn From 63a232a952ff55e6e0e86a8877f1ee86274c5068 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 11:06:31 +0200 Subject: [PATCH 04/31] test3 --- alarm_creator/actions.py | 6 +++--- alarms_s3.tf | 34 ++++++++++++++++++++++++++++++++++ variables.tf | 6 +++++- 3 files changed, 42 insertions(+), 4 deletions(-) create mode 100644 alarms_s3.tf diff --git a/alarm_creator/actions.py b/alarm_creator/actions.py index 0594a5a..d5d211b 100644 --- a/alarm_creator/actions.py +++ b/alarm_creator/actions.py @@ -10,9 +10,9 @@ ecsclient = boto3.client("ecs") # Load json file containing the alarms -# with open(os.environ['ALARM']) as alarms_file: -# alarms = json.load(alarms_file) -alarms = json.load("${var.alarms}") +with open('./alarms.json') as alarms_file: + alarms = json.load(alarms_file) + # Alarm creator def AWS_Alarms(): for service in alarms: diff --git a/alarms_s3.tf b/alarms_s3.tf new file mode 100644 index 0000000..3162e52 --- /dev/null +++ b/alarms_s3.tf @@ -0,0 +1,34 @@ +resource "aws_s3_bucket" "alarm_bucket" { + #bucket_prefix = "alarm-creator-alarms" + bucket_prefix = var.alarm_bucket_name + force_destroy = true + +} + +resource "aws_s3_bucket_acl" "alarms_bucket_acl" { + bucket = aws_s3_bucket.alarm_bucket.id + acl = "private" +} + +resource "aws_s3_bucket_policy" "alarm_bucket_policy" { + bucket = aws_s3_bucket.alarm_bucket.id + policy = data.aws_iam_policy_document.alarm_bucket_policy_doc.json +} + +data "aws_iam_policy_document" "alarm_bucket_policy_doc" { + statement { + principals { + type = "AWS" + identifiers = "*" + } + actions = ["s3:GetObject"] + resources = "*" + + } +} + +resource "aws_s3_object" "alarms_file" { + bucket = aws_s3_bucket.alarm_bucket.id + key = "alarms.json" + content = var.alarm_file +} diff --git a/variables.tf b/variables.tf index cb78ebb..955571e 100644 --- a/variables.tf +++ b/variables.tf @@ -30,7 +30,11 @@ variable "monitoring_account_configuration" { }) } -variable "alarms" { +variable "alarm_file" { description = "json alarms file" } +variable "alarm_bucket_name" { + description = "prefix for alarm bucket name" + +} From 0e1740083acc4757f280c59cee4e51758f7c7e07 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 11:15:31 +0200 Subject: [PATCH 05/31] test4 --- alarms_s3.tf | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/alarms_s3.tf b/alarms_s3.tf index 3162e52..e2326a7 100644 --- a/alarms_s3.tf +++ b/alarms_s3.tf @@ -19,10 +19,10 @@ data "aws_iam_policy_document" "alarm_bucket_policy_doc" { statement { principals { type = "AWS" - identifiers = "*" + identifiers = ["*"] } actions = ["s3:GetObject"] - resources = "*" + resources = ["*"] } } From bb98b123e780a72bb7c1f0aafbc552222b85606d Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 11:48:56 +0200 Subject: [PATCH 06/31] test5 --- alarm_creator/actions.py | 20 +++++++++++++++++--- lambda_cw_alarm_creator.tf | 1 + 2 files changed, 18 insertions(+), 3 deletions(-) diff --git a/alarm_creator/actions.py b/alarm_creator/actions.py index d5d211b..2ce2d21 100644 --- a/alarm_creator/actions.py +++ b/alarm_creator/actions.py @@ -1,4 +1,4 @@ -import boto3, json +import boto3, json, os from pip import main @@ -8,10 +8,24 @@ rds = boto3.client("rds") ec2client = boto3.client("ec2") ecsclient = boto3.client("ecs") +s3client = boto3.client("s3") + +alarm_bucket = os.environ["BUCKET_NAME"] + +def get_alarms(): + alarm_data = s3client.get_object( + Bucket=alarm_bucket, + Key='alarms.json' + + ) + alarms = alarm_data.get('Body') + return alarms + +alarms = json.load(get_alarms()) # Load json file containing the alarms -with open('./alarms.json') as alarms_file: - alarms = json.load(alarms_file) +# with open('./alarms.json') as alarms_file: +# alarms = json.load(alarms_file) # Alarm creator def AWS_Alarms(): diff --git a/lambda_cw_alarm_creator.tf b/lambda_cw_alarm_creator.tf index 7dbe04e..975c98b 100644 --- a/lambda_cw_alarm_creator.tf +++ b/lambda_cw_alarm_creator.tf @@ -19,6 +19,7 @@ module "lambda_cw_alarm_creator" { environment_variables = { SNS_ARN = "${aws_sns_topic.notification_receiver.arn}" + BUCKET_NAME = "${aws_s3_bucket.alarm_bucket.name}" } sqs_dlq_arn = var.sqs_dlq_arn From fe40b1dc4edd158bf0adef761d33eeca70628e3c Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 11:54:05 +0200 Subject: [PATCH 07/31] test6 --- lambda_cw_alarm_creator.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lambda_cw_alarm_creator.tf b/lambda_cw_alarm_creator.tf index 975c98b..4ea1193 100644 --- a/lambda_cw_alarm_creator.tf +++ b/lambda_cw_alarm_creator.tf @@ -19,7 +19,7 @@ module "lambda_cw_alarm_creator" { environment_variables = { SNS_ARN = "${aws_sns_topic.notification_receiver.arn}" - BUCKET_NAME = "${aws_s3_bucket.alarm_bucket.name}" + BUCKET_NAME = "${aws_s3_bucket.alarm_bucket.id}" } sqs_dlq_arn = var.sqs_dlq_arn From 07eadc1028165a4facac13f230184401d8a767cf Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 12:02:44 +0200 Subject: [PATCH 08/31] test7 --- alarms_s3.tf | 5 ----- 1 file changed, 5 deletions(-) diff --git a/alarms_s3.tf b/alarms_s3.tf index e2326a7..6f40289 100644 --- a/alarms_s3.tf +++ b/alarms_s3.tf @@ -5,11 +5,6 @@ resource "aws_s3_bucket" "alarm_bucket" { } -resource "aws_s3_bucket_acl" "alarms_bucket_acl" { - bucket = aws_s3_bucket.alarm_bucket.id - acl = "private" -} - resource "aws_s3_bucket_policy" "alarm_bucket_policy" { bucket = aws_s3_bucket.alarm_bucket.id policy = data.aws_iam_policy_document.alarm_bucket_policy_doc.json From 9872af0e6bfa5022dcabd9a77e979f7b9bddc8f0 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 12:11:30 +0200 Subject: [PATCH 09/31] test8 --- alarms_s3.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/alarms_s3.tf b/alarms_s3.tf index 6f40289..ba987f1 100644 --- a/alarms_s3.tf +++ b/alarms_s3.tf @@ -17,7 +17,7 @@ data "aws_iam_policy_document" "alarm_bucket_policy_doc" { identifiers = ["*"] } actions = ["s3:GetObject"] - resources = ["*"] + resources = [aws_s3_bucket.alarm_bucket.arn, "${awsaws_s3_bucket.alarm_bucket.arn}/*",] } } From e35f5b0ef1a568921d79296e80d78d8399519a41 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 12:13:22 +0200 Subject: [PATCH 10/31] test9 --- alarms_s3.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/alarms_s3.tf b/alarms_s3.tf index ba987f1..dc79ad9 100644 --- a/alarms_s3.tf +++ b/alarms_s3.tf @@ -17,7 +17,7 @@ data "aws_iam_policy_document" "alarm_bucket_policy_doc" { identifiers = ["*"] } actions = ["s3:GetObject"] - resources = [aws_s3_bucket.alarm_bucket.arn, "${awsaws_s3_bucket.alarm_bucket.arn}/*",] + resources = [aws_s3_bucket.alarm_bucket.arn, "${aws_s3_bucket.alarm_bucket.arn}/*",] } } From 964587dd043f1ead3f0e5d742b25cfa9126ee91f Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 12:24:11 +0200 Subject: [PATCH 11/31] bucket policies --- alarms_s3.tf | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/alarms_s3.tf b/alarms_s3.tf index dc79ad9..4525b46 100644 --- a/alarms_s3.tf +++ b/alarms_s3.tf @@ -22,6 +22,23 @@ data "aws_iam_policy_document" "alarm_bucket_policy_doc" { } } +resource "aws_s3_bucket_ownership_controls" "this" { + bucket = aws_s3_bucket.alarm_bucket.id + + rule { + object_ownership = "BucketOwnerPreferred" + } +} + +resource "aws_s3_bucket_public_access_block" "this" { + bucket = aws_s3_bucket.alarm_bucket.id + + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true +} + resource "aws_s3_object" "alarms_file" { bucket = aws_s3_bucket.alarm_bucket.id key = "alarms.json" From 20f3f65f1359c2d83217510bfe2482a85adf4cdf Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 12:56:15 +0200 Subject: [PATCH 12/31] bucket policies --- alarms_s3.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/alarms_s3.tf b/alarms_s3.tf index 4525b46..40c795e 100644 --- a/alarms_s3.tf +++ b/alarms_s3.tf @@ -33,10 +33,10 @@ resource "aws_s3_bucket_ownership_controls" "this" { resource "aws_s3_bucket_public_access_block" "this" { bucket = aws_s3_bucket.alarm_bucket.id - block_public_acls = true - block_public_policy = true - ignore_public_acls = true - restrict_public_buckets = true + block_public_acls = false + block_public_policy = false + ignore_public_acls = false + restrict_public_buckets = false } resource "aws_s3_object" "alarms_file" { From 8cd740cf8e03b602d752d46fca11642e7e4c30b5 Mon Sep 17 00:00:00 2001 From: Jeroen Penders <84851337+Jerpen80@users.noreply.github.com> Date: Fri, 12 Apr 2024 13:08:32 +0200 Subject: [PATCH 13/31] Update variables.tf with description how to pass file --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 955571e..83aa957 100644 --- a/variables.tf +++ b/variables.tf @@ -31,7 +31,7 @@ variable "monitoring_account_configuration" { } variable "alarm_file" { - description = "json alarms file" + description = "json alarms file (exaple: file("./alarms.json")" } variable "alarm_bucket_name" { From 44fcfa09db43ee422166eb052f72511d715600fc Mon Sep 17 00:00:00 2001 From: Jeroen Penders <84851337+Jerpen80@users.noreply.github.com> Date: Fri, 12 Apr 2024 13:31:17 +0200 Subject: [PATCH 14/31] Update variables.tf --- variables.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/variables.tf b/variables.tf index 83aa957..853e988 100644 --- a/variables.tf +++ b/variables.tf @@ -31,7 +31,7 @@ variable "monitoring_account_configuration" { } variable "alarm_file" { - description = "json alarms file (exaple: file("./alarms.json")" + description = "json alarms file (exaple: file('./alarms.json')" } variable "alarm_bucket_name" { From 29fba5faa31a0691e31fa52d119b476f80d53eea Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 14:44:05 +0200 Subject: [PATCH 15/31] added default alarmsfile --- alarm_creator/actions.py | 5 ++--- alarm_creator/alarms.json => alarms.json | 0 variables.tf | 3 ++- 3 files changed, 4 insertions(+), 4 deletions(-) rename alarm_creator/alarms.json => alarms.json (100%) diff --git a/alarm_creator/actions.py b/alarm_creator/actions.py index 2ce2d21..14967a2 100644 --- a/alarm_creator/actions.py +++ b/alarm_creator/actions.py @@ -12,16 +12,15 @@ alarm_bucket = os.environ["BUCKET_NAME"] -def get_alarms(): +def get_alarm_params(): alarm_data = s3client.get_object( Bucket=alarm_bucket, Key='alarms.json' - ) alarms = alarm_data.get('Body') return alarms -alarms = json.load(get_alarms()) +alarms = json.load(get_alarm_params()) # Load json file containing the alarms # with open('./alarms.json') as alarms_file: diff --git a/alarm_creator/alarms.json b/alarms.json similarity index 100% rename from alarm_creator/alarms.json rename to alarms.json diff --git a/variables.tf b/variables.tf index 853e988..5e81698 100644 --- a/variables.tf +++ b/variables.tf @@ -31,7 +31,8 @@ variable "monitoring_account_configuration" { } variable "alarm_file" { - description = "json alarms file (exaple: file('./alarms.json')" + description = "json alarms file" + default = file("./alarms.json") } variable "alarm_bucket_name" { From 16fae619a6ab25df639f00112742f94c2f26b800 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 14:52:55 +0200 Subject: [PATCH 16/31] fixed bug --- alarms_s3.tf | 2 +- variables.tf | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/alarms_s3.tf b/alarms_s3.tf index 40c795e..ec36101 100644 --- a/alarms_s3.tf +++ b/alarms_s3.tf @@ -42,5 +42,5 @@ resource "aws_s3_bucket_public_access_block" "this" { resource "aws_s3_object" "alarms_file" { bucket = aws_s3_bucket.alarm_bucket.id key = "alarms.json" - content = var.alarm_file + content = var.alarm_file == null ? file("./alarms.json") : var.alarm_file } diff --git a/variables.tf b/variables.tf index 5e81698..dcef1e7 100644 --- a/variables.tf +++ b/variables.tf @@ -32,7 +32,7 @@ variable "monitoring_account_configuration" { variable "alarm_file" { description = "json alarms file" - default = file("./alarms.json") + default = null } variable "alarm_bucket_name" { From 79f96dd70ba1c7266c3bf921c811b5547b95e21d Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 15:13:57 +0200 Subject: [PATCH 17/31] s3 putbucketpolicy issue --- alarms_s3.tf | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/alarms_s3.tf b/alarms_s3.tf index ec36101..54a59d3 100644 --- a/alarms_s3.tf +++ b/alarms_s3.tf @@ -10,13 +10,15 @@ resource "aws_s3_bucket_policy" "alarm_bucket_policy" { policy = data.aws_iam_policy_document.alarm_bucket_policy_doc.json } +data "aws_caller_identity" "current" {} + data "aws_iam_policy_document" "alarm_bucket_policy_doc" { statement { principals { type = "AWS" - identifiers = ["*"] + identifiers = [data.aws_caller_identity.current.account_id] } - actions = ["s3:GetObject"] + actions = ["s3:GetObject","s3:PutBucketPolicy"] resources = [aws_s3_bucket.alarm_bucket.arn, "${aws_s3_bucket.alarm_bucket.arn}/*",] } From c47adf24e4684e58838ee2c80ed7a9c9e5dacac1 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 15:16:31 +0200 Subject: [PATCH 18/31] added dependency --- alarms_s3.tf | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/alarms_s3.tf b/alarms_s3.tf index 54a59d3..70dab5d 100644 --- a/alarms_s3.tf +++ b/alarms_s3.tf @@ -2,12 +2,14 @@ resource "aws_s3_bucket" "alarm_bucket" { #bucket_prefix = "alarm-creator-alarms" bucket_prefix = var.alarm_bucket_name force_destroy = true - } resource "aws_s3_bucket_policy" "alarm_bucket_policy" { bucket = aws_s3_bucket.alarm_bucket.id policy = data.aws_iam_policy_document.alarm_bucket_policy_doc.json + depends_on = [ + aws_s3_bucket_public_access_block.this + ] } data "aws_caller_identity" "current" {} From 6f2246f72ddad77f8661b5cd4422f11f3558ef7f Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 15:18:33 +0200 Subject: [PATCH 19/31] removed duplicate data block --- alarms_s3.tf | 2 -- 1 file changed, 2 deletions(-) diff --git a/alarms_s3.tf b/alarms_s3.tf index 70dab5d..96fe974 100644 --- a/alarms_s3.tf +++ b/alarms_s3.tf @@ -12,8 +12,6 @@ resource "aws_s3_bucket_policy" "alarm_bucket_policy" { ] } -data "aws_caller_identity" "current" {} - data "aws_iam_policy_document" "alarm_bucket_policy_doc" { statement { principals { From 0625b4855bb8ab151d885d82db7467f44cb530de Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 15:22:01 +0200 Subject: [PATCH 20/31] open bucket policy --- alarms_s3.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/alarms_s3.tf b/alarms_s3.tf index 96fe974..a615ca4 100644 --- a/alarms_s3.tf +++ b/alarms_s3.tf @@ -16,7 +16,7 @@ data "aws_iam_policy_document" "alarm_bucket_policy_doc" { statement { principals { type = "AWS" - identifiers = [data.aws_caller_identity.current.account_id] + identifiers = ["*"] } actions = ["s3:GetObject","s3:PutBucketPolicy"] resources = [aws_s3_bucket.alarm_bucket.arn, "${aws_s3_bucket.alarm_bucket.arn}/*",] From eb82ea47f4c8c17f2e358f40c6da7c56c472dfee Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 15:32:03 +0200 Subject: [PATCH 21/31] added lambda s3 permissions --- lambda_cw_alarm_creator_role.tf | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/lambda_cw_alarm_creator_role.tf b/lambda_cw_alarm_creator_role.tf index 180b51a..22a644c 100644 --- a/lambda_cw_alarm_creator_role.tf +++ b/lambda_cw_alarm_creator_role.tf @@ -14,6 +14,7 @@ module "iam_role_lambda_cw_alarm_creator" { "lambda_ec2_read_access" : jsondecode(data.aws_iam_policy_document.lambda_ec2_read_access.json) "lambda_rds_read_access" : jsondecode(data.aws_iam_policy_document.lambda_rds_read_access.json) "lambda_ecs_read_access" : jsondecode(data.aws_iam_policy_document.lambda_ecs_read_access.json) + "lambda_s3_read_access" : jsondecode(data.aws_iam_policy_document.lambda_s3_read_access.json) } trust_relationship = { @@ -93,6 +94,16 @@ data "aws_iam_policy_document" "lambda_ecs_read_access" { } } +data "aws_iam_policy_document" "lambda_s3_read_access" { + statement { + sid = "AllowS3Access" + + actions = ["s3:Get*"] + + resources = ["*"] + } +} + # The Lambda role needs to access KMS key in order to access SNS topic. resource "aws_kms_grant" "give_lambda_role_access" { name = "lambda-role-kms-grant-access" From e1f620ace70b3d3a53b4f81ecddf5552b17304e8 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 15:39:17 +0200 Subject: [PATCH 22/31] removed public access --- alarms_s3.tf | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/alarms_s3.tf b/alarms_s3.tf index a615ca4..0701da3 100644 --- a/alarms_s3.tf +++ b/alarms_s3.tf @@ -35,10 +35,10 @@ resource "aws_s3_bucket_ownership_controls" "this" { resource "aws_s3_bucket_public_access_block" "this" { bucket = aws_s3_bucket.alarm_bucket.id - block_public_acls = false - block_public_policy = false - ignore_public_acls = false - restrict_public_buckets = false + block_public_acls = true + block_public_policy = true + ignore_public_acls = true + restrict_public_buckets = true } resource "aws_s3_object" "alarms_file" { From fe0abe5913c34ddaff4ddcca162cce91c2009111 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 15:47:43 +0200 Subject: [PATCH 23/31] added default bucketname --- variables.tf | 1 + 1 file changed, 1 insertion(+) diff --git a/variables.tf b/variables.tf index dcef1e7..9cae768 100644 --- a/variables.tf +++ b/variables.tf @@ -37,5 +37,6 @@ variable "alarm_file" { } variable "alarm_bucket_name" { description = "prefix for alarm bucket name" + default = "alarm-creator-alarm-parameters-" } From 04b41b136b5df22c21f68a689014eff758e85501 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Fri, 12 Apr 2024 17:26:17 +0200 Subject: [PATCH 24/31] fiddling with bucket access permissions --- alarms_s3.tf | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/alarms_s3.tf b/alarms_s3.tf index 0701da3..6d67bd8 100644 --- a/alarms_s3.tf +++ b/alarms_s3.tf @@ -12,15 +12,28 @@ resource "aws_s3_bucket_policy" "alarm_bucket_policy" { ] } +resource "aws_s3_bucket_acl" "bucket_access" { + bucket = aws_s3_bucket.alarm_bucket.id + acl = "private" + depends_on = [aws_s3_bucket_ownership_controls.this] +} + data "aws_iam_policy_document" "alarm_bucket_policy_doc" { statement { principals { type = "AWS" identifiers = ["*"] } - actions = ["s3:GetObject","s3:PutBucketPolicy"] + actions = ["s3:GetObject"] + resources = [aws_s3_bucket.alarm_bucket.arn, "${aws_s3_bucket.alarm_bucket.arn}/*",] + } + statement { + principals { + type = "AWS" + identifiers = [data.aws_caller_identity.current.account_id] + } + actions = ["s3:PutBucketPolicy"] resources = [aws_s3_bucket.alarm_bucket.arn, "${aws_s3_bucket.alarm_bucket.arn}/*",] - } } @@ -36,7 +49,7 @@ resource "aws_s3_bucket_public_access_block" "this" { bucket = aws_s3_bucket.alarm_bucket.id block_public_acls = true - block_public_policy = true + block_public_policy = false ignore_public_acls = true restrict_public_buckets = true } From 96f5a05d907116aef596150de88f07d6bb86c7b2 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Thu, 2 May 2024 12:47:20 +0200 Subject: [PATCH 25/31] Added lambda trigger for s3 upload --- alarms_s3.tf | 19 ++++++++++++++++++- alarms.json => default_alarms.json | 0 2 files changed, 18 insertions(+), 1 deletion(-) rename alarms.json => default_alarms.json (100%) diff --git a/alarms_s3.tf b/alarms_s3.tf index 6d67bd8..21dcfdc 100644 --- a/alarms_s3.tf +++ b/alarms_s3.tf @@ -57,5 +57,22 @@ resource "aws_s3_bucket_public_access_block" "this" { resource "aws_s3_object" "alarms_file" { bucket = aws_s3_bucket.alarm_bucket.id key = "alarms.json" - content = var.alarm_file == null ? file("./alarms.json") : var.alarm_file + content = var.alarm_file == null ? file("./default_alarms.json") : var.alarm_file } + +resource "aws_s3_bucket_notification" "lambdatrigger" { + bucket = aws_s3_bucket.alarm_bucket.id + lambda_function { + lambda_function_arn = module.lambda_cw_alarm_creator.lambda_function_arn + events = ["s3:ObjectCreated:*"] + } + depends_on = [ aws_lambda_permission.allow_s3_trigger ] +} + +resource "aws_lambda_permission" "allow_s3_trigger" { + statement_id = "AllowExecutionFromS3Bucket" + action = "lambda:InvokeFunction" + function_name = module.lambda_cw_alarm_creator.lambda_function_arn + principal = "s3.amazonaws.com" + source_arn = aws_s3_bucket.alarm_bucket.arn +} \ No newline at end of file diff --git a/alarms.json b/default_alarms.json similarity index 100% rename from alarms.json rename to default_alarms.json From b1d33b53bb128206d1e8b6c48b1833a4efaf02a6 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Thu, 2 May 2024 12:50:55 +0200 Subject: [PATCH 26/31] removed global vars to avoid caching --- alarm_creator/actions.py | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/alarm_creator/actions.py b/alarm_creator/actions.py index 14967a2..c67d1e1 100644 --- a/alarm_creator/actions.py +++ b/alarm_creator/actions.py @@ -17,17 +17,13 @@ def get_alarm_params(): Bucket=alarm_bucket, Key='alarms.json' ) - alarms = alarm_data.get('Body') + alarm_params = alarm_data.get('Body') + alarms = json.load(alarm_params) return alarms -alarms = json.load(get_alarm_params()) - -# Load json file containing the alarms -# with open('./alarms.json') as alarms_file: -# alarms = json.load(alarms_file) - # Alarm creator def AWS_Alarms(): + alarms = get_alarm_params() for service in alarms: # Fill instances variable with Running instances per service From 646198d0b355153315d5b8b1c936068181fe14a5 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Thu, 2 May 2024 16:13:23 +0200 Subject: [PATCH 27/31] replacing obsolte alarms --- alarm_creator/actions.py | 15 ++++++++++----- alarm_creator/lambda_function.py | 4 ++-- 2 files changed, 12 insertions(+), 7 deletions(-) diff --git a/alarm_creator/actions.py b/alarm_creator/actions.py index c67d1e1..6ebe7bb 100644 --- a/alarm_creator/actions.py +++ b/alarm_creator/actions.py @@ -23,9 +23,10 @@ def get_alarm_params(): # Alarm creator def AWS_Alarms(): + thresholds = [] alarms = get_alarm_params() for service in alarms: - + # Fill instances variable with Running instances per service if service == "EC2": instances = GetRunningInstances() @@ -34,7 +35,7 @@ def AWS_Alarms(): elif service == "ECS": instances = GetRunningClusters() for alarm in alarms[service]: - + # Query the namespaces in CloudWatch Metrics response = CWclient.list_metrics(Namespace=f"{alarms[service][alarm]['Namespace']}", RecentlyActive='PT3H',) for metrics in response["Metrics"]: @@ -44,7 +45,7 @@ def AWS_Alarms(): for dimensions in metrics["Dimensions"]: if dimensions["Name"] == alarms[service][alarm]['Dimensions']: for priority, threshold in zip(alarms[service][alarm]['AlarmThresholds']["priority"], alarms[service][alarm]['AlarmThresholds']["alarm_threshold"]): - + thresholds.append(threshold) # To make alarmnames pretty, 'MB/GB' is used instead of 1000000/1000000000 bytes, needs to be in bytes for actual threshold if alarms[service][alarm]['Description']['ThresholdUnit'] == "GB": cw_threshold = int(threshold) * 1000000000 @@ -66,7 +67,7 @@ def AWS_Alarms(): except KeyError: # dimensionlist = [] dimensionlist.insert(0, instanceDimensions) - + for instance in instances: # Create alarms @@ -85,6 +86,7 @@ def AWS_Alarms(): Dimensions=dimensionlist, Tags=[{"Key": "CreatedbyLambda", "Value": "True"}], ) + return thresholds def GetRunningInstances(): get_running_instances = ec2client.describe_instances( @@ -118,7 +120,7 @@ def GetRunningClusters(): return RunningClusterNames -def DeleteAlarms(): +def DeleteAlarms(thresholds): get_alarm_info = CWclient.describe_alarms() RunningInstances = GetRunningInstances() RunningRDSInstances = GetRunningDBInstances() @@ -139,3 +141,6 @@ def DeleteAlarms(): elif len(cluster_name) == 1: if cluster_name[0]["Value"] not in RunningClusters: CWclient.delete_alarms(AlarmNames=[metricalarm["AlarmName"]]) + elif metricalarm["Threshold"] not in thresholds: + CWclient.delete_alarms(AlarmNames=[metricalarm["AlarmName"]]) + diff --git a/alarm_creator/lambda_function.py b/alarm_creator/lambda_function.py index 7e10423..469aa57 100644 --- a/alarm_creator/lambda_function.py +++ b/alarm_creator/lambda_function.py @@ -19,9 +19,9 @@ def lambda_handler(event, context): try: print("{}: AWS_Alarms()".format(datetime.datetime.now())) - AWS_Alarms() + thresholds = AWS_Alarms() print("{}: DeleteAlarms()".format(datetime.datetime.now())) - DeleteAlarms() + DeleteAlarms(thresholds) print("{}: Finished()".format(datetime.datetime.now())) except Exception as exp: exception_type, exception_value, exception_traceback = sys.exc_info() From a192f101fcb5d42556ad3572e2793446faadb463 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Mon, 6 May 2024 12:43:21 +0200 Subject: [PATCH 28/31] remove all non autosclaing alarms then create alarms --- alarm_creator/actions.py | 13 +++++++------ alarm_creator/lambda_function.py | 4 ++-- 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/alarm_creator/actions.py b/alarm_creator/actions.py index 6ebe7bb..6a16f32 100644 --- a/alarm_creator/actions.py +++ b/alarm_creator/actions.py @@ -23,7 +23,11 @@ def get_alarm_params(): # Alarm creator def AWS_Alarms(): - thresholds = [] + # Delete old alarms + for metricalarm in CWclient.describe_alarms()["MetricAlarms"]: + if metricalarm["AlarmDescription"] != "Autoscaling_alarm": + CWclient.delete_alarms(AlarmNames=[metricalarm["AlarmName"]]) + alarms = get_alarm_params() for service in alarms: @@ -45,7 +49,7 @@ def AWS_Alarms(): for dimensions in metrics["Dimensions"]: if dimensions["Name"] == alarms[service][alarm]['Dimensions']: for priority, threshold in zip(alarms[service][alarm]['AlarmThresholds']["priority"], alarms[service][alarm]['AlarmThresholds']["alarm_threshold"]): - thresholds.append(threshold) + # To make alarmnames pretty, 'MB/GB' is used instead of 1000000/1000000000 bytes, needs to be in bytes for actual threshold if alarms[service][alarm]['Description']['ThresholdUnit'] == "GB": cw_threshold = int(threshold) * 1000000000 @@ -86,7 +90,6 @@ def AWS_Alarms(): Dimensions=dimensionlist, Tags=[{"Key": "CreatedbyLambda", "Value": "True"}], ) - return thresholds def GetRunningInstances(): get_running_instances = ec2client.describe_instances( @@ -141,6 +144,4 @@ def DeleteAlarms(thresholds): elif len(cluster_name) == 1: if cluster_name[0]["Value"] not in RunningClusters: CWclient.delete_alarms(AlarmNames=[metricalarm["AlarmName"]]) - elif metricalarm["Threshold"] not in thresholds: - CWclient.delete_alarms(AlarmNames=[metricalarm["AlarmName"]]) - + diff --git a/alarm_creator/lambda_function.py b/alarm_creator/lambda_function.py index 469aa57..7e10423 100644 --- a/alarm_creator/lambda_function.py +++ b/alarm_creator/lambda_function.py @@ -19,9 +19,9 @@ def lambda_handler(event, context): try: print("{}: AWS_Alarms()".format(datetime.datetime.now())) - thresholds = AWS_Alarms() + AWS_Alarms() print("{}: DeleteAlarms()".format(datetime.datetime.now())) - DeleteAlarms(thresholds) + DeleteAlarms() print("{}: Finished()".format(datetime.datetime.now())) except Exception as exp: exception_type, exception_value, exception_traceback = sys.exc_info() From 57e33d790ac9cdfb161db3c8016f24cedb0c9dc3 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Thu, 15 Aug 2024 09:03:07 +0200 Subject: [PATCH 29/31] fixed dimensions --- alarm_creator/actions.py | 134 +++++++++++++++++++++------------------ default_alarms.json | 6 +- 2 files changed, 74 insertions(+), 66 deletions(-) diff --git a/alarm_creator/actions.py b/alarm_creator/actions.py index 6a16f32..4bb1014 100644 --- a/alarm_creator/actions.py +++ b/alarm_creator/actions.py @@ -1,14 +1,13 @@ import boto3, json, os -from pip import main - # Create boto3 clients CWclient = boto3.client("cloudwatch") ec2 = boto3.resource("ec2") rds = boto3.client("rds") ec2client = boto3.client("ec2") ecsclient = boto3.client("ecs") -s3client = boto3.client("s3") +s3client = boto3.client("s3") +elasticlient = boto3.client("elasticache") alarm_bucket = os.environ["BUCKET_NAME"] @@ -23,14 +22,10 @@ def get_alarm_params(): # Alarm creator def AWS_Alarms(): - # Delete old alarms - for metricalarm in CWclient.describe_alarms()["MetricAlarms"]: - if metricalarm["AlarmDescription"] != "Autoscaling_alarm": - CWclient.delete_alarms(AlarmNames=[metricalarm["AlarmName"]]) - + # Load alarms parameters alarms = get_alarm_params() + for service in alarms: - # Fill instances variable with Running instances per service if service == "EC2": instances = GetRunningInstances() @@ -38,68 +33,74 @@ def AWS_Alarms(): instances = GetRunningDBInstances() elif service == "ECS": instances = GetRunningClusters() - for alarm in alarms[service]: + elif service == "Elasticache": # Handle Redis/ElastiCache clusters + instances = GetRunningElasticacheClusters() + elif service == "CWAgent": + instances = GetRunningInstances() + + for alarm in alarms[service]: # Query the namespaces in CloudWatch Metrics - response = CWclient.list_metrics(Namespace=f"{alarms[service][alarm]['Namespace']}", RecentlyActive='PT3H',) + response = CWclient.list_metrics(Namespace=f"{alarms[service][alarm]['Namespace']}", RecentlyActive='PT3H') for metrics in response["Metrics"]: - - # Check if any of the found metricnames are equal to metric names in alarms file + # Check if any of the found metric names are equal to metric names in alarms file if metrics["MetricName"] == alarms[service][alarm]['MetricName']: - for dimensions in metrics["Dimensions"]: - if dimensions["Name"] == alarms[service][alarm]['Dimensions']: - for priority, threshold in zip(alarms[service][alarm]['AlarmThresholds']["priority"], alarms[service][alarm]['AlarmThresholds']["alarm_threshold"]): - - # To make alarmnames pretty, 'MB/GB' is used instead of 1000000/1000000000 bytes, needs to be in bytes for actual threshold - if alarms[service][alarm]['Description']['ThresholdUnit'] == "GB": - cw_threshold = int(threshold) * 1000000000 - elif alarms[service][alarm]['Description']['ThresholdUnit'] == "MB": - cw_threshold = int(threshold) * 1000000 - else: - cw_threshold = int(threshold) - - # Handling dimensions - instanceDimensions = { - "Name": f"{dimensions['Name']}", - "Value": f"{dimensions['Value']}" - } - dimensionlist = [] - # For disk alarms there are more dimensions than other alarms - try: - for item in alarms[service][alarm]['DiskDimensions']: - dimensionlist.append(item) - except KeyError: # - dimensionlist = [] - dimensionlist.insert(0, instanceDimensions) - - for instance in instances: - - # Create alarms - CWclient.put_metric_alarm( - AlarmName=f"{instance}-{alarm} {alarms[service][alarm]['Description']['Operatorsymbol']} {threshold} {alarms[service][alarm]['Description']['ThresholdUnit']}", - ComparisonOperator=alarms[service][alarm]['ComparisonOperator'], - EvaluationPeriods=alarms[service][alarm]['EvaluationPeriods'], - MetricName=alarms[service][alarm]['MetricName'], - Namespace=alarms[service][alarm]['Namespace'], - Period=alarms[service][alarm]['Period'], - Statistic=alarms[service][alarm]['Statistic'], - Threshold=cw_threshold, - ActionsEnabled=True, - TreatMissingData=alarms[service][alarm]['TreatMissingData'], - AlarmDescription=f"{priority}", - Dimensions=dimensionlist, - Tags=[{"Key": "CreatedbyLambda", "Value": "True"}], - ) + for priority, threshold in zip(alarms[service][alarm]['AlarmThresholds']["priority"], alarms[service][alarm]['AlarmThresholds']["alarm_threshold"]): + # Convert thresholds to bytes if needed + if alarms[service][alarm]['Description']['ThresholdUnit'] == "GB": + cw_threshold = int(threshold) * 1000000000 + elif alarms[service][alarm]['Description']['ThresholdUnit'] == "MB": + cw_threshold = int(threshold) * 1000000 + else: + cw_threshold = int(threshold) + + # Handling dimensions + for instance in instances: + # Correctly set the dimension value to match the current instance + # if service == "Elasticache": + # instanceDimensions = { + # "Name": "CacheClusterId", + # "Value": instance + # } + # else: + instanceDimensions = { + "Name": f"{alarms[service][alarm]['Dimensions']}", + "Value": instance + } + + # Initialize the dimension list + dimensionlist = [instanceDimensions] + + # Add any additional disk-related dimensions if present + if 'ExtraDimensions' in alarms[service][alarm]: + dimensionlist.extend(alarms[service][alarm]['ExtraDimensions']) + + # Create the alarms + CWclient.put_metric_alarm( + AlarmName=f"{instance}-{alarm} {alarms[service][alarm]['Description']['Operatorsymbol']} {threshold} {alarms[service][alarm]['Description']['ThresholdUnit']}", + ComparisonOperator=alarms[service][alarm]['ComparisonOperator'], + EvaluationPeriods=alarms[service][alarm]['EvaluationPeriods'], + MetricName=alarms[service][alarm]['MetricName'], + Namespace=alarms[service][alarm]['Namespace'], + Period=alarms[service][alarm]['Period'], + Statistic=alarms[service][alarm]['Statistic'], + Threshold=cw_threshold, + ActionsEnabled=True, + TreatMissingData=alarms[service][alarm]['TreatMissingData'], + AlarmDescription=f"{priority}", + Dimensions=dimensionlist, + Tags=[{"Key": "CreatedbyLambda", "Value": "True"}], + ) def GetRunningInstances(): get_running_instances = ec2client.describe_instances( Filters=[{"Name": "instance-state-name", "Values": ["running"]}] ) - # instantiate empty array to store instance-id's + # Instantiate empty array to store instance-id's RunningInstances = [] - # create an array with a list of instance names + # Create an array with a list of instance names for reservations in get_running_instances["Reservations"]: for instance in reservations["Instances"]: RunningInstances.append(instance["InstanceId"]) @@ -123,13 +124,21 @@ def GetRunningClusters(): return RunningClusterNames -def DeleteAlarms(thresholds): +def GetRunningElasticacheClusters(): + get_running_clusters = elasticlient.describe_cache_clusters(ShowCacheNodeInfo=True) + RunningElasticacheClusters = [] + for cluster in get_running_clusters['CacheClusters']: + RunningElasticacheClusters.append(cluster['CacheClusterId']) + return RunningElasticacheClusters + +def DeleteAlarms(): get_alarm_info = CWclient.describe_alarms() RunningInstances = GetRunningInstances() RunningRDSInstances = GetRunningDBInstances() RunningClusters = GetRunningClusters() - # collect alarm metrics and compare alarm metric instanceId with instance id's in array. if the state reason is breaching and instance does not exist delete alarm. + # Collect alarm metrics and compare alarm metric instanceId with instance id's in array. + # If the state reason is breaching and instance does not exist, delete alarm. for metricalarm in get_alarm_info["MetricAlarms"]: instance_id = list(filter(lambda x: x["Name"] == "InstanceId", metricalarm["Dimensions"])) rds_instance_name = list(filter(lambda x: x["Name"] == "DBInstanceIdentifier", metricalarm["Dimensions"])) @@ -143,5 +152,4 @@ def DeleteAlarms(thresholds): CWclient.delete_alarms(AlarmNames=[metricalarm["AlarmName"]]) elif len(cluster_name) == 1: if cluster_name[0]["Value"] not in RunningClusters: - CWclient.delete_alarms(AlarmNames=[metricalarm["AlarmName"]]) - + CWclient.delete_alarms(AlarmNames=[metricalarm["AlarmName"]]) \ No newline at end of file diff --git a/default_alarms.json b/default_alarms.json index f5108ec..22ffc4c 100644 --- a/default_alarms.json +++ b/default_alarms.json @@ -57,7 +57,7 @@ "Statistic" : "Average", "TreatMissingData" : "breaching", "Dimensions" : "InstanceId", - "DiskDimensions": [ + "ExtraDimensions": [ { "Name": "path", "Value": "/" @@ -90,7 +90,7 @@ "Statistic" : "Average", "TreatMissingData" : "breaching", "Dimensions" : "InstanceId", - "DiskDimensions": [ + "ExtraDimensions": [ { "Name": "path", "Value": "/sys/fs/cgroup" @@ -123,7 +123,7 @@ "Statistic" : "Average", "TreatMissingData" : "breaching", "Dimensions" : "InstanceId", - "DiskDimensions": [ + "ExtraDimensions": [ { "Name": "path", "Value": "/dev" From 4fc635c9e2cef30d9d793318b353ff185bfcb760 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Thu, 15 Aug 2024 09:32:37 +0200 Subject: [PATCH 30/31] added elasticache permissions --- lambda_cw_alarm_creator_role.tf | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/lambda_cw_alarm_creator_role.tf b/lambda_cw_alarm_creator_role.tf index 22a644c..926fbe2 100644 --- a/lambda_cw_alarm_creator_role.tf +++ b/lambda_cw_alarm_creator_role.tf @@ -15,6 +15,7 @@ module "iam_role_lambda_cw_alarm_creator" { "lambda_rds_read_access" : jsondecode(data.aws_iam_policy_document.lambda_rds_read_access.json) "lambda_ecs_read_access" : jsondecode(data.aws_iam_policy_document.lambda_ecs_read_access.json) "lambda_s3_read_access" : jsondecode(data.aws_iam_policy_document.lambda_s3_read_access.json) + "lambda_elasticache_read_access" : jsondecode(data.aws_iam_policy_document.lambda_elasticache_read_access.json) } trust_relationship = { @@ -104,6 +105,16 @@ data "aws_iam_policy_document" "lambda_s3_read_access" { } } +data "aws_iam_policy_document" "lambda_elasticache_read_access" { + statement { + sid = "AllowLambdaElasticacheAccess" + + actions = ["elasticache:Describe*"] + + resources = ["*"] + } +} + # The Lambda role needs to access KMS key in order to access SNS topic. resource "aws_kms_grant" "give_lambda_role_access" { name = "lambda-role-kms-grant-access" From 0bf227716a08bc1edc93eff014121ccbfe9fd6e4 Mon Sep 17 00:00:00 2001 From: jerpen80 Date: Thu, 15 Aug 2024 10:08:26 +0200 Subject: [PATCH 31/31] added elasticache alarms --- alarm_creator/actions.py | 30 +++++++++++++++--------------- 1 file changed, 15 insertions(+), 15 deletions(-) diff --git a/alarm_creator/actions.py b/alarm_creator/actions.py index 4bb1014..554bfd0 100644 --- a/alarm_creator/actions.py +++ b/alarm_creator/actions.py @@ -33,8 +33,8 @@ def AWS_Alarms(): instances = GetRunningDBInstances() elif service == "ECS": instances = GetRunningClusters() - elif service == "Elasticache": # Handle Redis/ElastiCache clusters - instances = GetRunningElasticacheClusters() + elif service == "ElastiCache": + instances = GetRunningCacheClusters() elif service == "CWAgent": instances = GetRunningInstances() @@ -56,13 +56,7 @@ def AWS_Alarms(): # Handling dimensions for instance in instances: - # Correctly set the dimension value to match the current instance - # if service == "Elasticache": - # instanceDimensions = { - # "Name": "CacheClusterId", - # "Value": instance - # } - # else: + instanceDimensions = { "Name": f"{alarms[service][alarm]['Dimensions']}", "Value": instance @@ -124,18 +118,20 @@ def GetRunningClusters(): return RunningClusterNames -def GetRunningElasticacheClusters(): - get_running_clusters = elasticlient.describe_cache_clusters(ShowCacheNodeInfo=True) - RunningElasticacheClusters = [] - for cluster in get_running_clusters['CacheClusters']: - RunningElasticacheClusters.append(cluster['CacheClusterId']) - return RunningElasticacheClusters +def GetRunningCacheClusters(): + get_running_cacheclusters = elasticlient.describe_cache_clusters() + RunningCacheClusters = [] + for cachecluster in get_running_cacheclusters["CacheClusters"]: + RunningCacheClusters.append(cachecluster['CacheClusterId']) + + return RunningCacheClusters def DeleteAlarms(): get_alarm_info = CWclient.describe_alarms() RunningInstances = GetRunningInstances() RunningRDSInstances = GetRunningDBInstances() RunningClusters = GetRunningClusters() + RunningCacheClusters = GetRunningCacheClusters() # Collect alarm metrics and compare alarm metric instanceId with instance id's in array. # If the state reason is breaching and instance does not exist, delete alarm. @@ -143,6 +139,7 @@ def DeleteAlarms(): instance_id = list(filter(lambda x: x["Name"] == "InstanceId", metricalarm["Dimensions"])) rds_instance_name = list(filter(lambda x: x["Name"] == "DBInstanceIdentifier", metricalarm["Dimensions"])) cluster_name = list(filter(lambda x: x["Name"] == "ClusterName", metricalarm["Dimensions"])) + cache_cluster_name = list(filter(lambda x: x["Name"] == "CacheClusterId", metricalarm["Dimensions"])) if len(instance_id) == 1: if instance_id[0]["Value"] not in RunningInstances: @@ -152,4 +149,7 @@ def DeleteAlarms(): CWclient.delete_alarms(AlarmNames=[metricalarm["AlarmName"]]) elif len(cluster_name) == 1: if cluster_name[0]["Value"] not in RunningClusters: + CWclient.delete_alarms(AlarmNames=[metricalarm["AlarmName"]]) + elif len(cache_cluster_name) == 1: + if cache_cluster_name[0]["Value"] not in RunningCacheClusters: CWclient.delete_alarms(AlarmNames=[metricalarm["AlarmName"]]) \ No newline at end of file