Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
});
// Create rule to trigger this manually
new events.Rule(this, "manual_run", {
ruleName: "cloudmapper_manual_run",
eventPattern: {source: ['cloudmapper']},
description: "Allows CloudMapper auditing to be manually started",
targets: [new targets.EcsTask({
cluster: cluster,
taskDefinition: taskDefinition,
subnetSelection: {subnetType: ec2.SubnetType.PUBLIC}
})]
});
// Create alarm for any errors
const error_alarm = new cloudwatch.Alarm(this, "error_alarm", {
metric: new cloudwatch.Metric({
namespace: 'cloudmapper',
metricName: "errors",
statistic: "Sum"
}),
threshold: 0,
evaluationPeriods: 1,
datapointsToAlarm: 1,
treatMissingData: cloudwatch.TreatMissingData.NOT_BREACHING,
alarmDescription: "Detect errors",
alarmName: "cloudmapper_errors"
});
// Create SNS for alarms to be sent to
const sns_topic = new sns.Topic(this, 'cloudmapper_alarm', {
displayName: 'cloudmapper_alarm'
'arn:aws:s3:::'+config['output_s3_bucket']+"/*"
],
actions: [
"s3:GetBucketLocation",
"s3:GetObject",
"s3:ListBucket",
"s3:ListBucketMultipartUploads",
"s3:ListMultipartUploadParts",
"s3:AbortMultipartUpload",
"s3:CreateBucket",
"s3:PutObject"
]
}));
// Create alarm for any errors
const error_alarm = new cloudwatch.Alarm(this, "error_alarm", {
metric: new cloudwatch.Metric({
namespace: 'cloudtrail_partitioner',
metricName: "errors",
statistic: "Sum"
}),
threshold: 0,
evaluationPeriods: 1,
datapointsToAlarm: 1,
treatMissingData: cloudwatch.TreatMissingData.NOT_BREACHING,
alarmDescription: "Detect errors",
alarmName: "cloudtrail_partitioner_errors"
});
// Create SNS for alarms to be sent to
const sns_topic = new sns.Topic(this, 'cloudtrail_partitioner_alarm', {
displayName: 'cloudtrail_partitioner_alarm'
adjustmentType,
cooldown: props.cooldown,
metricAggregationType: aggregationTypeFromMetric(props.metric),
minAdjustmentMagnitude: props.minAdjustmentMagnitude,
scalingTarget: props.scalingTarget,
});
for (let i = alarms.upperAlarmIntervalIndex; i < intervals.length; i++) {
this.upperAction.addAdjustment({
adjustment: intervals[i].change!,
lowerBound: intervals[i].lower - threshold,
upperBound: i !== intervals.length - 1 ? intervals[i].upper - threshold : undefined, // Extend last interval to +infinity
});
}
this.upperAlarm = new cloudwatch.Alarm(this, 'UpperAlarm', {
// Recommended by AutoScaling
metric: props.metric,
period: cdk.Duration.minutes(1), // Recommended by AutoScaling
alarmDescription: 'Upper threshold scaling alarm',
comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
evaluationPeriods: 1,
threshold,
});
this.upperAlarm.addAlarmAction(new StepScalingAlarmAction(this.upperAction));
}
}
}
adjustmentType: props.adjustmentType,
cooldown: props.cooldown,
metricAggregationType: aggregationTypeFromMetric(props.metric),
minAdjustmentMagnitude: props.minAdjustmentMagnitude,
autoScalingGroup: props.autoScalingGroup,
});
for (let i = alarms.lowerAlarmIntervalIndex; i >= 0; i--) {
this.lowerAction.addAdjustment({
adjustment: intervals[i].change!,
lowerBound: i !== 0 ? intervals[i].lower - threshold : undefined, // Extend last interval to -infinity
upperBound: intervals[i].upper - threshold,
});
}
this.lowerAlarm = new cloudwatch.Alarm(this, 'LowerAlarm', {
// Recommended by AutoScaling
metric: props.metric,
period: cdk.Duration.minutes(1), // Recommended by AutoScaling
alarmDescription: 'Lower threshold scaling alarm',
comparisonOperator: cloudwatch.ComparisonOperator.LESS_THAN_OR_EQUAL_TO_THRESHOLD,
evaluationPeriods: 1,
threshold,
});
this.lowerAlarm.addAlarmAction(new StepScalingAlarmAction(this.lowerAction));
}
if (alarms.upperAlarmIntervalIndex !== undefined) {
const threshold = intervals[alarms.upperAlarmIntervalIndex].lower;
this.upperAction = new StepScalingAction(this, 'UpperPolicy', {
adjustmentType: props.adjustmentType,
adjustmentType,
cooldown: props.cooldown,
metricAggregationType: aggregationTypeFromMetric(props.metric),
minAdjustmentMagnitude: props.minAdjustmentMagnitude,
scalingTarget: props.scalingTarget,
});
for (let i = alarms.lowerAlarmIntervalIndex; i >= 0; i--) {
this.lowerAction.addAdjustment({
adjustment: intervals[i].change!,
lowerBound: i !== 0 ? intervals[i].lower - threshold : undefined, // Extend last interval to -infinity
upperBound: intervals[i].upper - threshold,
});
}
this.lowerAlarm = new cloudwatch.Alarm(this, 'LowerAlarm', {
// Recommended by AutoScaling
metric: props.metric,
period: cdk.Duration.minutes(1), // Recommended by AutoScaling
alarmDescription: 'Lower threshold scaling alarm',
comparisonOperator: cloudwatch.ComparisonOperator.LESS_THAN_OR_EQUAL_TO_THRESHOLD,
evaluationPeriods: 1,
threshold,
});
this.lowerAlarm.addAlarmAction(new StepScalingAlarmAction(this.lowerAction));
}
if (alarms.upperAlarmIntervalIndex !== undefined) {
const threshold = intervals[alarms.upperAlarmIntervalIndex].lower;
this.upperAction = new StepScalingAction(this, 'UpperPolicy', {
adjustmentType,
interval: cdk.Duration.seconds(5),
healthyHttpCodes: '200',
healthyThresholdCount: 2,
unhealthyThresholdCount: 3,
timeout: cdk.Duration.seconds(4)
}
});
// Alarms: monitor 500s and unhealthy hosts on target groups
new Alarm(this, 'TargetGroupUnhealthyHosts', {
metric: tg1.metricUnhealthyHostCount(),
threshold: 1,
evaluationPeriods: 2,
});
new Alarm(this, 'TargetGroup5xx', {
metric: tg1.metricHttpCodeTarget(HttpCodeTarget.TARGET_5XX_COUNT),
threshold: 1,
evaluationPeriods: 1,
period: cdk.Duration.minutes(1)
});
new Alarm(this, 'TargetGroup2UnhealthyHosts', {
metric: tg2.metricUnhealthyHostCount(),
threshold: 1,
evaluationPeriods: 2,
});
new Alarm(this, 'TargetGroup25xx', {
metric: tg2.metricHttpCodeTarget(HttpCodeTarget.TARGET_5XX_COUNT),
threshold: 1,
evaluationPeriods: 1,
});
new Alarm(this, 'TargetGroup5xx', {
metric: tg1.metricHttpCodeTarget(HttpCodeTarget.TARGET_5XX_COUNT),
threshold: 1,
evaluationPeriods: 1,
period: cdk.Duration.minutes(1)
});
new Alarm(this, 'TargetGroup2UnhealthyHosts', {
metric: tg2.metricUnhealthyHostCount(),
threshold: 1,
evaluationPeriods: 2,
});
new Alarm(this, 'TargetGroup25xx', {
metric: tg2.metricHttpCodeTarget(HttpCodeTarget.TARGET_5XX_COUNT),
threshold: 1,
evaluationPeriods: 1,
period: cdk.Duration.minutes(1)
});
// Roles
new Role(this, 'ServiceTaskDefExecutionRole', {
assumedBy: new ServicePrincipal('ecs-tasks.amazonaws.com'),
managedPolicies: [ ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonECSTaskExecutionRolePolicy') ]
});
new Role(this, 'ServiceTaskDefTaskRole', {
assumedBy: new ServicePrincipal('ecs-tasks.amazonaws.com'),
});
adjustmentType: props.adjustmentType,
cooldown: props.cooldown,
metricAggregationType: aggregationTypeFromMetric(props.metric),
minAdjustmentMagnitude: props.minAdjustmentMagnitude,
autoScalingGroup: props.autoScalingGroup,
});
for (let i = alarms.upperAlarmIntervalIndex; i < intervals.length; i++) {
this.upperAction.addAdjustment({
adjustment: intervals[i].change!,
lowerBound: intervals[i].lower - threshold,
upperBound: i !== intervals.length - 1 ? intervals[i].upper - threshold : undefined, // Extend last interval to +infinity
});
}
this.upperAlarm = new cloudwatch.Alarm(this, 'UpperAlarm', {
// Recommended by AutoScaling
metric: props.metric,
period: cdk.Duration.minutes(1), // Recommended by AutoScaling
alarmDescription: 'Upper threshold scaling alarm',
comparisonOperator: cloudwatch.ComparisonOperator.GREATER_THAN_OR_EQUAL_TO_THRESHOLD,
evaluationPeriods: 1,
threshold,
});
this.upperAlarm.addAlarmAction(new StepScalingAlarmAction(this.upperAction));
}
}
}
return { targetType: TargetType.IP };
}
})()
],
deregistrationDelay: cdk.Duration.seconds(30),
healthCheck: {
interval: cdk.Duration.seconds(5),
healthyHttpCodes: '200',
healthyThresholdCount: 2,
unhealthyThresholdCount: 3,
timeout: cdk.Duration.seconds(4)
}
});
// Alarms: monitor 500s and unhealthy hosts on target groups
new Alarm(this, 'TargetGroupUnhealthyHosts', {
metric: tg1.metricUnhealthyHostCount(),
threshold: 1,
evaluationPeriods: 2,
});
new Alarm(this, 'TargetGroup5xx', {
metric: tg1.metricHttpCodeTarget(HttpCodeTarget.TARGET_5XX_COUNT),
threshold: 1,
evaluationPeriods: 1,
period: cdk.Duration.minutes(1)
});
new Alarm(this, 'TargetGroup2UnhealthyHosts', {
metric: tg2.metricUnhealthyHostCount(),
threshold: 1,
evaluationPeriods: 2,
// Alarms: monitor 500s and unhealthy hosts on target groups
new Alarm(this, 'TargetGroupUnhealthyHosts', {
metric: tg1.metricUnhealthyHostCount(),
threshold: 1,
evaluationPeriods: 2,
});
new Alarm(this, 'TargetGroup5xx', {
metric: tg1.metricHttpCodeTarget(HttpCodeTarget.TARGET_5XX_COUNT),
threshold: 1,
evaluationPeriods: 1,
period: cdk.Duration.minutes(1)
});
new Alarm(this, 'TargetGroup2UnhealthyHosts', {
metric: tg2.metricUnhealthyHostCount(),
threshold: 1,
evaluationPeriods: 2,
});
new Alarm(this, 'TargetGroup25xx', {
metric: tg2.metricHttpCodeTarget(HttpCodeTarget.TARGET_5XX_COUNT),
threshold: 1,
evaluationPeriods: 1,
period: cdk.Duration.minutes(1)
});
// Roles
new Role(this, 'ServiceTaskDefExecutionRole', {
assumedBy: new ServicePrincipal('ecs-tasks.amazonaws.com'),
managedPolicies: [ ManagedPolicy.fromAwsManagedPolicyName('service-role/AmazonECSTaskExecutionRolePolicy') ]