alerting/module.yml at master · cfn-modules/alerting · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
---
# Copyright 2018 widdix GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
#     http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
AWSTemplateFormatVersion: '2010-09-09'
Description: 'cfn-modules: Alerting'
# cfn-modules:implements(ExposeArn)
Parameters:
  Email:
    Description: 'Optional email address that will receive alerts'
    Type: String
    Default: ''
  HttpEndpoint:
    Description: 'Optional HTTP endpoint that will receive alerts via POST requests'
    Type: String
    Default: ''
  HttpsEndpoint:
    Description: 'Optional HTTPS endpoint that will receive alerts via POST requests (e.g., marbot.io - a chatbot for AWS monitoring in Slack and Microsoft Teams)'
    Type: String
    Default: ''
  FallbackEmail:
    Description: 'Optional email address that will receive alerts if alerts can not be delivered'
    Type: String
    Default: ''
Conditions:
  HasEmail: !Not [!Equals [!Ref Email, '']]
  HasHttpEndpoint: !Not [!Equals [!Ref HttpEndpoint, '']]
  HasHttpsEndpoint: !Not [!Equals [!Ref HttpsEndpoint, '']]
  HasFallbackEmail: !Not [!Equals [!Ref FallbackEmail, '']]
Resources:
  Topic:
    Type: 'AWS::SNS::Topic'
    Properties: {}
  TopicPolicy:
    Type: 'AWS::SNS::TopicPolicy'
    Properties:
      PolicyDocument:
        Id: Id1
        Version: '2012-10-17'
        Statement:
        - Sid: Sid1
          Effect: Allow
          Principal:
            Service:
            - 'events.amazonaws.com' # Allow CloudWatch Events
            - 'budgets.amazonaws.com' # Allow Budget Notifications
            - 'rds.amazonaws.com' # Allow RDS Events
            - 's3.amazonaws.com' # Allow S3 Event Notifications
            - 'backup.amazonaws.com' # Allow Backup Events
          Action: 'sns:Publish'
          Resource: !Ref Topic
        - Sid: Sid2
          Effect: Allow
          Principal:
            AWS: '*' # Allow CloudWatch Alarms, ElastiCache Notifications, Elastic Beanstalk Notifications, Auto Scaling Notification
          Action: 'sns:Publish'
          Resource: !Ref Topic
          Condition:
            StringEquals:
              'AWS:SourceOwner': !Ref 'AWS::AccountId'
        - Sid: Sid3
          Effect: Allow
          Principal:
            Service: 'ses.amazonaws.com' # Allow SES Notifications & Events
          Action: 'sns:Publish'
          Resource: !Ref Topic
          Condition:
            StringEquals:
              'AWS:Referer': !Ref 'AWS::AccountId'
      Topics:
      - !Ref Topic
  FallbackTopic:
    Type: 'AWS::SNS::Topic'
    Properties: {}
  NumberOfNotificationsFailedTooHighAlarm:
    Type: 'AWS::CloudWatch::Alarm'
    Properties:
      AlarmDescription: 'Alerts could not be delivered'
      Namespace: 'AWS/SNS'
      MetricName: NumberOfNotificationsFailed
      Statistic: Sum
      Period: 60
      EvaluationPeriods: 1
      ComparisonOperator: GreaterThanThreshold
      Threshold: 0
      AlarmActions:
      - !Ref FallbackTopic
      Dimensions:
      - Name: TopicName
        Value: !GetAtt Topic.TopicName
      TreatMissingData: notBreaching
  EmailSubscription:
    Condition: HasEmail
    Type: 'AWS::SNS::Subscription'
    Properties:
      Endpoint: !Ref Email
      Protocol: email
      TopicArn: !Ref Topic
  HttpEndpointSubscription:
    Condition: HasHttpEndpoint
    Type: 'AWS::SNS::Subscription'
    Properties:
      DeliveryPolicy:
        healthyRetryPolicy:
          minDelayTarget: 1
          maxDelayTarget: 60
          numRetries: 100
          numNoDelayRetries: 0
          backoffFunction: exponential
        throttlePolicy:
          maxReceivesPerSecond: 1
      Endpoint: !Ref HttpEndpoint
      Protocol: http
      TopicArn: !Ref Topic
  HttpsEndpointSubscription:
    Condition: HasHttpsEndpoint
    Type: 'AWS::SNS::Subscription'
    Properties:
      DeliveryPolicy:
        healthyRetryPolicy:
          minDelayTarget: 1
          maxDelayTarget: 60
          numRetries: 100
          numNoDelayRetries: 0
          backoffFunction: exponential
        throttlePolicy:
          maxReceivesPerSecond: 1
      Endpoint: !Ref HttpsEndpoint
      Protocol: https
      TopicArn: !Ref Topic
  FallbackEmailSubscription:
    Condition: HasFallbackEmail
    Type: 'AWS::SNS::Subscription'
    Properties:
      Endpoint: !Ref FallbackEmail
      Protocol: email
      TopicArn: !Ref FallbackTopic
Outputs:
  ModuleId:
    Value: 'alerting'
  ModuleVersion:
    Value: '1.2.2'
  StackName:
    Value: !Ref 'AWS::StackName'
  Arn:
    Value: !Ref Topic
    Export:
      Name: !Sub '${AWS::StackName}-Arn'