From 47259b3a159f527aec5d3bddccb6c81abd7a1903 Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Wed, 5 Jun 2024 16:41:52 +0530 Subject: [PATCH 01/34] Integrated latest SAM app version with AWSO --- aws-observability-terraform/source-module/main.tf | 8 ++++---- .../apps/autoenable/auto_enable.template.yaml | 6 +++--- .../permissioncheck.nested.template.test.yaml | 4 ++-- .../permissioncheck.nested.template.yaml | 4 ++-- 4 files changed, 11 insertions(+), 11 deletions(-) diff --git a/aws-observability-terraform/source-module/main.tf b/aws-observability-terraform/source-module/main.tf index 223ad972..b6aa36af 100644 --- a/aws-observability-terraform/source-module/main.tf +++ b/aws-observability-terraform/source-module/main.tf @@ -98,7 +98,7 @@ module "elb_module" { } auto_enable_access_logs = var.auto_enable_access_logs - app_semantic_version = "1.0.7" + app_semantic_version = "1.0.10" auto_enable_access_logs_options = { filter = "'Type': 'application'|'type': 'application'" remove_on_delete_stack = true @@ -142,7 +142,7 @@ module "classic_lb_module" { } } auto_enable_access_logs = var.auto_enable_classic_lb_access_logs - app_semantic_version = "1.0.7" + app_semantic_version = "1.0.10" auto_enable_access_logs_options = { bucket_prefix = local.auto_classic_lb_path_exp auto_enable_logging = "ELB" @@ -234,7 +234,7 @@ module "cloudwatch_logs_lambda_log_forwarder_module" { } auto_enable_logs_subscription = var.auto_enable_logs_subscription - app_semantic_version = "1.0.9" + app_semantic_version = "1.0.11" auto_enable_logs_subscription_options = { filter = var.auto_enable_logs_subscription_options.filter } @@ -263,7 +263,7 @@ module "kinesis_firehose_for_logs_module" { } auto_enable_logs_subscription = var.auto_enable_logs_subscription - app_semantic_version = "1.0.9" + app_semantic_version = "1.0.11" auto_enable_logs_subscription_options = { filter = var.auto_enable_logs_subscription_options.filter } diff --git a/aws-observability/apps/autoenable/auto_enable.template.yaml b/aws-observability/apps/autoenable/auto_enable.template.yaml index 1649a1b8..8c168015 100644 --- a/aws-observability/apps/autoenable/auto_enable.template.yaml +++ b/aws-observability/apps/autoenable/auto_enable.template.yaml @@ -124,7 +124,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable - SemanticVersion: 1.0.7 + SemanticVersion: 1.0.10 Parameters: BucketName: !Ref ALBS3LogsBucketName BucketPrefix: "elasticloadbalancing" @@ -139,7 +139,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable - SemanticVersion: 1.0.7 + SemanticVersion: 1.0.10 Parameters: BucketName: !Ref ELBS3LogsBucketName BucketPrefix: !Ref ELBS3LogsBucketPrefix @@ -154,7 +154,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-loggroup-connector - SemanticVersion: 1.0.9 + SemanticVersion: 1.0.11 Parameters: DestinationArnType: !Ref AutoSubscribeDestinationARNType DestinationArnValue: !Ref AutoSubscribeDestinationARN diff --git a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml index 8cd84410..93483cfd 100644 --- a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml +++ b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml @@ -537,7 +537,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable - SemanticVersion: 1.0.7 + SemanticVersion: 1.0.10 Parameters: BucketName: !Ref CommonS3Bucket BucketPrefix: "elasticloadbalancing" @@ -672,7 +672,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-loggroup-connector - SemanticVersion: 1.0.7 + SemanticVersion: 1.0.11 Parameters: DestinationArnType: "Lambda" DestinationArnValue: !GetAtt CloudWatchEventFunction.Outputs.SumoCWLogsLambdaArn diff --git a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml index b31ade30..ea78aae4 100644 --- a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml +++ b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml @@ -535,7 +535,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable - SemanticVersion: 1.0.7 + SemanticVersion: 1.0.10 Parameters: BucketName: !Ref CommonS3Bucket BucketPrefix: "elasticloadbalancing" @@ -670,7 +670,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-loggroup-connector - SemanticVersion: 1.0.9 + SemanticVersion: 1.0.11 Parameters: DestinationArnType: "Lambda" DestinationArnValue: !GetAtt CloudWatchEventFunction.Outputs.SumoCWLogsLambdaArn From 809e2825b9f579bde47a404d3dadadd0787787e7 Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Wed, 5 Jun 2024 17:57:53 +0530 Subject: [PATCH 02/34] CKV_TF_2 skipped --- .github/workflows/tf-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/tf-test.yml b/.github/workflows/tf-test.yml index 8b9d1b54..f57ee65f 100644 --- a/.github/workflows/tf-test.yml +++ b/.github/workflows/tf-test.yml @@ -44,4 +44,4 @@ jobs: output_format: cli output_bc_ids: false download_external_modules: true - skip_check: CKV_AWS_26,CKV_AWS_35,CKV_AWS_67,CKV_AWS_36,CKV_AWS_252,CKV_AWS_158,CKV_AWS_338,CKV_AWS_117,CKV_AWS_115,CKV_AWS_173,CKV_AWS_50,CKV_AWS_241,CKV_AWS_240,CKV2_AWS_6,CKV2_AWS_62,CKV_AWS_144,CKV_AWS_18,CKV_AWS_21,CKV_AWS_145,CKV_TF_1,CKV_AWS_27,CKV_AWS_124,CKV2_AWS_10,CKV_AWS_272,CKV2_AWS_61 + skip_check: CKV_AWS_18,CKV_AWS_21,CKV_AWS_26,CKV_AWS_27,CKV_AWS_35,CKV_AWS_36,CKV_AWS_50,CKV_AWS_67,CKV_AWS_115,CKV_AWS_117,CKV_AWS_124,CKV_AWS_144,CKV_AWS_145,CKV_AWS_158,CKV_AWS_173,CKV_AWS_240,CKV_AWS_241,CKV_AWS_252,CKV_AWS_272,CKV_AWS_338,CKV2_AWS_6,CKV2_AWS_10,CKV2_AWS_61,CKV2_AWS_62,CKV_TF_1,CKV_TF_2 From 659a1f00394fb0dab5cab50d78957d911064162a Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Wed, 5 Jun 2024 17:59:40 +0530 Subject: [PATCH 03/34] CKV Sorted list for CF --- .github/workflows/cf-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cf-test.yml b/.github/workflows/cf-test.yml index 7cead0bc..73deeab1 100644 --- a/.github/workflows/cf-test.yml +++ b/.github/workflows/cf-test.yml @@ -30,7 +30,7 @@ jobs: framework: cloudformation output_format: cli output_bc_ids: false - skip_check: CKV_AWS_26,CKV_AWS_116,CKV_AWS_117,CKV_AWS_115,CKV_AWS_108,CKV_AWS_173,CKV_AWS_18,CKV_AWS_21,CKV_AWS_109,CKV_AWS_67,CKV_AWS_36,CKV_AWS_35,CKV_AWS_111,CKV_AWS_54,CKV_AWS_56,CKV_AWS_55,CKV_AWS_53 + skip_check: CKV_AWS_18,CKV_AWS_21,CKV_AWS_26,CKV_AWS_35,CKV_AWS_36,CKV_AWS_53,CKV_AWS_54,CKV_AWS_55,CKV_AWS_56,CKV_AWS_67,CKV_AWS_108,CKV_AWS_109,CKV_AWS_111,CKV_AWS_115,CKV_AWS_116,CKV_AWS_117,CKV_AWS_173 CFSecurityChecksCFNNAG: name: "Security Checks (cfn-nag)" From be74e4f064ff7c819fe40cc4bc93f8a91cc05eed Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Mon, 10 Jun 2024 18:46:00 +0530 Subject: [PATCH 04/34] Moved fields into common template from individual child templates --- .../apps/alb/alb_app.template.yaml | 10 -- .../apigateway/api_gateway_app.template.yaml | 23 --- .../apps/common/resources.template.yaml | 165 ++++++++++++++++++ .../apps/dynamodb/dynamodb_app.template.yaml | 10 -- .../ec2metrics/ec2_metrics_app.template.yaml | 10 -- .../apps/ecs/ecs_app.template.yaml | 10 -- .../elasticache/elasticache_app.template.yaml | 10 -- .../apps/elb/elb_app.template.yaml | 9 - .../apps/lambda/lambda_app.template.yaml | 10 -- .../apps/nlb/nlb_app.template.yaml | 11 -- .../apps/rds/rds_app.template.yaml | 12 -- .../apps/sns/sns_app.template.yaml | 10 -- .../apps/sqs/sqs_app.template.yaml | 12 -- ...mologic_observability.master.template.yaml | 5 +- 14 files changed, 168 insertions(+), 139 deletions(-) diff --git a/aws-observability/apps/alb/alb_app.template.yaml b/aws-observability/apps/alb/alb_app.template.yaml index 2fb3eb4e..d4fe9ef0 100755 --- a/aws-observability/apps/alb/alb_app.template.yaml +++ b/aws-observability/apps/alb/alb_app.template.yaml @@ -384,16 +384,6 @@ Resources: SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment - AddLoadBalancerField: - Type: Custom::SumoLogicFieldsSchema - Properties: - ServiceToken: !Ref Section6aParentStackLambdaARN - FieldName: "loadbalancer" - RemoveOnDeleteStack: false - SumoAccessID: !Ref Section1bSumoAccessID - SumoAccessKey: !Ref Section1cSumoAccessKey - SumoDeployment: !Ref Section1aSumoDeployment - Outputs: ExistingMetricSourceName: Description: "Existing CloudWatch Metrics Source Name" diff --git a/aws-observability/apps/apigateway/api_gateway_app.template.yaml b/aws-observability/apps/apigateway/api_gateway_app.template.yaml index 936ba42b..6f9dbeff 100755 --- a/aws-observability/apps/apigateway/api_gateway_app.template.yaml +++ b/aws-observability/apps/apigateway/api_gateway_app.template.yaml @@ -205,9 +205,6 @@ Resources: AccessLogsFieldExtractionRule: Type: Custom::SumoLogicFieldExtractionRule Condition: create_fer - DependsOn: - - AddApiNameField - - AddApiIdField Properties: ServiceToken: !Ref Section4aParentStackLambdaARN RemoveOnDeleteStack: false @@ -234,23 +231,3 @@ Resources: SumoAccessID: !Ref Section1bSumoAccessID SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment - - AddApiNameField: - Type: Custom::SumoLogicFieldsSchema - Properties: - ServiceToken: !Ref Section4aParentStackLambdaARN - FieldName: "apiname" - RemoveOnDeleteStack: false - SumoAccessID: !Ref Section1bSumoAccessID - SumoAccessKey: !Ref Section1cSumoAccessKey - SumoDeployment: !Ref Section1aSumoDeployment - - AddApiIdField: - Type: Custom::SumoLogicFieldsSchema - Properties: - ServiceToken: !Ref Section4aParentStackLambdaARN - FieldName: "apiid" - RemoveOnDeleteStack: false - SumoAccessID: !Ref Section1bSumoAccessID - SumoAccessKey: !Ref Section1cSumoAccessKey - SumoDeployment: !Ref Section1aSumoDeployment \ No newline at end of file diff --git a/aws-observability/apps/common/resources.template.yaml b/aws-observability/apps/common/resources.template.yaml index 71dec66a..f55c7766 100755 --- a/aws-observability/apps/common/resources.template.yaml +++ b/aws-observability/apps/common/resources.template.yaml @@ -49,6 +49,15 @@ Parameters: Description: "Provide the Sumo Logic Account ID for trust relationship." Default: "" + InstallObservabilityApps: + Type: String + Default: 'Yes' + Description: "Yes - Installs Apps (EC2, Application Load Balancer, RDS, API Gateway, Lambda, Dynamo DB, ECS, ElastiCache and NLB) and Alerts for the Sumo Logic AWS Observability Solution. All the Apps are installed in the folder 'AWS Observability'. + No - Skips the installation of Apps and Alerts." + AllowedValues: + - 'Yes' + - 'No' + CreateMetaDataSource: Type: String Description: "Yes - Creates Sumo Logic MetaData Source. A common metadata source will be created with the region selected. @@ -247,6 +256,7 @@ Parameters: Conditions: # Sources Conditions + install_observability_apps: !Equals [ !Ref InstallObservabilityApps, 'Yes' ] install_metadata_source: !Equals [ !Ref CreateMetaDataSource, 'Yes' ] install_cloud_watch_metric_source: !Equals [ !Ref CreateCloudWatchMetricsSource, 'Yes' ] install_alb_logs_source: !Equals [ !Ref CreateALBLogSource, 'Yes' ] @@ -883,6 +893,161 @@ Resources: SumoAccessKey: !Ref SumoLogicAccessKey SumoDeployment: !Ref SumoLogicDeployment + # ALB App + AddLoadBalancerField: + Condition: install_observability_apps + Type: Custom::SumoLogicFieldsSchema + Properties: + ServiceToken: !GetAtt LambdaHelper.Arn + FieldName: "loadbalancer" + RemoveOnDeleteStack: false + SumoAccessID: !Ref SumoLogicAccessID + SumoAccessKey: !Ref SumoLogicAccessKey + SumoDeployment: !Ref SumoLogicDeployment + + # Dynamodb App + AddTableNameField: + Condition: install_observability_apps + Type: Custom::SumoLogicFieldsSchema + Properties: + ServiceToken: !GetAtt LambdaHelper.Arn + FieldName: "tablename" + RemoveOnDeleteStack: false + SumoAccessID: !Ref SumoLogicAccessID + SumoAccessKey: !Ref SumoLogicAccessKey + SumoDeployment: !Ref SumoLogicDeployment + + # ELb App + AddLoadBalancerNameField: + Condition: install_observability_apps + Type: Custom::SumoLogicFieldsSchema + Properties: + ServiceToken: !GetAtt LambdaHelper.Arn + FieldName: "loadbalancername" + RemoveOnDeleteStack: false + SumoAccessID: !Ref SumoLogicAccessID + SumoAccessKey: !Ref SumoLogicAccessKey + SumoDeployment: !Ref SumoLogicDeployment + + # Lambda App + AddFunctionNameField: + Condition: install_observability_apps + Type: Custom::SumoLogicFieldsSchema + Properties: + ServiceToken: !GetAtt LambdaHelper.Arn + FieldName: "functionname" + RemoveOnDeleteStack: false + SumoAccessID: !Ref SumoLogicAccessID + SumoAccessKey: !Ref SumoLogicAccessKey + SumoDeployment: !Ref SumoLogicDeployment + + # EC2 App + AddInstanceIdField: + Condition: install_observability_apps + Type: Custom::SumoLogicFieldsSchema + Properties: + ServiceToken: !GetAtt LambdaHelper.Arn + FieldName: "instanceid" + RemoveOnDeleteStack: false + SumoAccessID: !Ref SumoLogicAccessID + SumoAccessKey: !Ref SumoLogicAccessKey + SumoDeployment: !Ref SumoLogicDeployment + + # RDS App + AddDBIdentifierField: + Condition: install_observability_apps + Type: Custom::SumoLogicFieldsSchema + Properties: + ServiceToken: !GetAtt LambdaHelper.Arn + FieldName: "dbidentifier" + RemoveOnDeleteStack: false + SumoAccessID: !Ref SumoLogicAccessID + SumoAccessKey: !Ref SumoLogicAccessKey + SumoDeployment: !Ref SumoLogicDeployment + + # Elastic App + AddCacheClusterIdField: + Condition: install_observability_apps + Type: Custom::SumoLogicFieldsSchema + Properties: + ServiceToken: !GetAtt LambdaHelper.Arn + FieldName: "cacheclusterid" + RemoveOnDeleteStack: false + SumoAccessID: !Ref SumoLogicAccessID + SumoAccessKey: !Ref SumoLogicAccessKey + SumoDeployment: !Ref SumoLogicDeployment + + # API gateway App + AddApiNameField: + Condition: install_observability_apps + Type: Custom::SumoLogicFieldsSchema + Properties: + ServiceToken: !GetAtt LambdaHelper.Arn + FieldName: "apiname" + RemoveOnDeleteStack: false + SumoAccessID: !Ref SumoLogicAccessID + SumoAccessKey: !Ref SumoLogicAccessKey + SumoDeployment: !Ref SumoLogicDeployment + + # API gateway App + AddApiIdField: + Condition: install_observability_apps + Type: Custom::SumoLogicFieldsSchema + Properties: + ServiceToken: !GetAtt LambdaHelper.Arn + FieldName: "apiid" + RemoveOnDeleteStack: false + SumoAccessID: !Ref SumoLogicAccessID + SumoAccessKey: !Ref SumoLogicAccessKey + SumoDeployment: !Ref SumoLogicDeployment + + # SNS App + AddTopicNameField: + Condition: install_observability_apps + Type: Custom::SumoLogicFieldsSchema + Properties: + ServiceToken: !GetAtt LambdaHelper.Arn + FieldName: "topicname" + RemoveOnDeleteStack: false + SumoAccessID: !Ref SumoLogicAccessID + SumoAccessKey: !Ref SumoLogicAccessKey + SumoDeployment: !Ref SumoLogicDeployment + + # SQS App + AddQueueNameField: + Condition: install_observability_apps + Type: Custom::SumoLogicFieldsSchema + Properties: + ServiceToken: !GetAtt LambdaHelper.Arn + FieldName: "queuename" + RemoveOnDeleteStack: false + SumoAccessID: !Ref SumoLogicAccessID + SumoAccessKey: !Ref SumoLogicAccessKey + SumoDeployment: !Ref SumoLogicDeployment + + # ECS App + AddClusterNameField: + Condition: install_observability_apps + Type: Custom::SumoLogicFieldsSchema + Properties: + ServiceToken: !GetAtt LambdaHelper.Arn + FieldName: "clustername" + RemoveOnDeleteStack: false + SumoAccessID: !Ref SumoLogicAccessID + SumoAccessKey: !Ref SumoLogicAccessKey + SumoDeployment: !Ref SumoLogicDeployment + + # NLB App + AddNETLoadBalancerField: + Condition: install_observability_apps + Type: Custom::SumoLogicFieldsSchema + Properties: + ServiceToken: !GetAtt LambdaHelper.Arn + FieldName: "networkloadbalancer" + RemoveOnDeleteStack: false + SumoAccessID: !Ref SumoLogicAccessID + SumoAccessKey: !Ref SumoLogicAccessKey + SumoDeployment: !Ref SumoLogicDeployment ############# START - RESOURCES FOR METADATA SOURCE ################# SumoLogicMetaDataSource: diff --git a/aws-observability/apps/dynamodb/dynamodb_app.template.yaml b/aws-observability/apps/dynamodb/dynamodb_app.template.yaml index 7effe15f..ad58561f 100755 --- a/aws-observability/apps/dynamodb/dynamodb_app.template.yaml +++ b/aws-observability/apps/dynamodb/dynamodb_app.template.yaml @@ -200,13 +200,3 @@ Resources: SumoAccessID: !Ref Section1bSumoAccessID SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment - - AddTableNameField: - Type: Custom::SumoLogicFieldsSchema - Properties: - ServiceToken: !Ref Section4aParentStackLambdaARN - FieldName: "tablename" - RemoveOnDeleteStack: false - SumoAccessID: !Ref Section1bSumoAccessID - SumoAccessKey: !Ref Section1cSumoAccessKey - SumoDeployment: !Ref Section1aSumoDeployment \ No newline at end of file diff --git a/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml b/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml index ee1f5318..6a2f2e3c 100755 --- a/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml +++ b/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml @@ -265,13 +265,3 @@ Resources: SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment orgid: !Ref Section1eOrgId - - AddInstanceIdField: - Type: Custom::SumoLogicFieldsSchema - Properties: - ServiceToken: !Ref Section3aParentStackLambdaARN - FieldName: "instanceid" - RemoveOnDeleteStack: false - SumoAccessID: !Ref Section1bSumoAccessID - SumoAccessKey: !Ref Section1cSumoAccessKey - SumoDeployment: !Ref Section1aSumoDeployment \ No newline at end of file diff --git a/aws-observability/apps/ecs/ecs_app.template.yaml b/aws-observability/apps/ecs/ecs_app.template.yaml index c103ec89..e4895728 100755 --- a/aws-observability/apps/ecs/ecs_app.template.yaml +++ b/aws-observability/apps/ecs/ecs_app.template.yaml @@ -161,16 +161,6 @@ Conditions: Resources: - AddClusterNameField: - Type: Custom::SumoLogicFieldsSchema - Properties: - ServiceToken: !Ref Section4aParentStackLambdaARN - FieldName: "clustername" - RemoveOnDeleteStack: false - SumoAccessID: !Ref Section1bSumoAccessID - SumoAccessKey: !Ref Section1cSumoAccessKey - SumoDeployment: !Ref Section1aSumoDeployment - sumoApp: Type: Custom::App Condition: install_app diff --git a/aws-observability/apps/elasticache/elasticache_app.template.yaml b/aws-observability/apps/elasticache/elasticache_app.template.yaml index e7b2ea3e..f7295796 100755 --- a/aws-observability/apps/elasticache/elasticache_app.template.yaml +++ b/aws-observability/apps/elasticache/elasticache_app.template.yaml @@ -201,13 +201,3 @@ Resources: SumoAccessID: !Ref Section1bSumoAccessID SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment - - AddCacheClusterIdField: - Type: Custom::SumoLogicFieldsSchema - Properties: - ServiceToken: !Ref Section4aParentStackLambdaARN - FieldName: "cacheclusterid" - RemoveOnDeleteStack: false - SumoAccessID: !Ref Section1bSumoAccessID - SumoAccessKey: !Ref Section1cSumoAccessKey - SumoDeployment: !Ref Section1aSumoDeployment \ No newline at end of file diff --git a/aws-observability/apps/elb/elb_app.template.yaml b/aws-observability/apps/elb/elb_app.template.yaml index 516ab6e9..ef1a6b44 100755 --- a/aws-observability/apps/elb/elb_app.template.yaml +++ b/aws-observability/apps/elb/elb_app.template.yaml @@ -381,15 +381,6 @@ Resources: SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment - AddLoadBalancerNameField: - Type: Custom::SumoLogicFieldsSchema - Properties: - ServiceToken: !Ref Section6aParentStackLambdaARN - FieldName: "loadbalancername" - RemoveOnDeleteStack: false - SumoAccessID: !Ref Section1bSumoAccessID - SumoAccessKey: !Ref Section1cSumoAccessKey - SumoDeployment: !Ref Section1aSumoDeployment Outputs: ExistingLogSourceName: diff --git a/aws-observability/apps/lambda/lambda_app.template.yaml b/aws-observability/apps/lambda/lambda_app.template.yaml index 6c21130e..902ffead 100755 --- a/aws-observability/apps/lambda/lambda_app.template.yaml +++ b/aws-observability/apps/lambda/lambda_app.template.yaml @@ -374,16 +374,6 @@ Resources: SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment - AddFunctionNameField: - Type: Custom::SumoLogicFieldsSchema - Properties: - ServiceToken: !Ref Section7aParentStackLambdaARN - FieldName: "functionname" - RemoveOnDeleteStack: false - SumoAccessID: !Ref Section1bSumoAccessID - SumoAccessKey: !Ref Section1cSumoAccessKey - SumoDeployment: !Ref Section1aSumoDeployment - Outputs: ExistingMetricSourceName: Description: "Existing CloudWatch Metrics Source Name" diff --git a/aws-observability/apps/nlb/nlb_app.template.yaml b/aws-observability/apps/nlb/nlb_app.template.yaml index 04ded112..081426eb 100755 --- a/aws-observability/apps/nlb/nlb_app.template.yaml +++ b/aws-observability/apps/nlb/nlb_app.template.yaml @@ -161,19 +161,8 @@ Conditions: Resources: - AddLoadBalancerField: - Type: Custom::SumoLogicFieldsSchema - Properties: - ServiceToken: !Ref Section4aParentStackLambdaARN - FieldName: "networkloadbalancer" - RemoveOnDeleteStack: false - SumoAccessID: !Ref Section1bSumoAccessID - SumoAccessKey: !Ref Section1cSumoAccessKey - SumoDeployment: !Ref Section1aSumoDeployment - MetricRule: Type: Custom::SumoLogicMetricRules - DependsOn: AddLoadBalancerField Properties: ServiceToken: !Ref Section4aParentStackLambdaARN RemoveOnDeleteStack: false diff --git a/aws-observability/apps/rds/rds_app.template.yaml b/aws-observability/apps/rds/rds_app.template.yaml index fabcf382..168b9ae9 100755 --- a/aws-observability/apps/rds/rds_app.template.yaml +++ b/aws-observability/apps/rds/rds_app.template.yaml @@ -163,7 +163,6 @@ Resources: ClusterMetricRule: Type: Custom::SumoLogicMetricRules - DependsOn: AddDBIdentifierField Properties: ServiceToken: !Ref Section4aParentStackLambdaARN RemoveOnDeleteStack: false @@ -177,7 +176,6 @@ Resources: InstanceMetricRule: Type: Custom::SumoLogicMetricRules - DependsOn: AddDBIdentifierField Properties: ServiceToken: !Ref Section4aParentStackLambdaARN RemoveOnDeleteStack: false @@ -234,13 +232,3 @@ Resources: SumoAccessID: !Ref Section1bSumoAccessID SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment - - AddDBIdentifierField: - Type: Custom::SumoLogicFieldsSchema - Properties: - ServiceToken: !Ref Section4aParentStackLambdaARN - FieldName: "dbidentifier" - RemoveOnDeleteStack: false - SumoAccessID: !Ref Section1bSumoAccessID - SumoAccessKey: !Ref Section1cSumoAccessKey - SumoDeployment: !Ref Section1aSumoDeployment \ No newline at end of file diff --git a/aws-observability/apps/sns/sns_app.template.yaml b/aws-observability/apps/sns/sns_app.template.yaml index ac2ad2c4..6287b5ec 100755 --- a/aws-observability/apps/sns/sns_app.template.yaml +++ b/aws-observability/apps/sns/sns_app.template.yaml @@ -211,13 +211,3 @@ Resources: SumoAccessID: !Ref Section1bSumoAccessID SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment - - AddTopicNameField: - Type: Custom::SumoLogicFieldsSchema - Properties: - ServiceToken: !Ref Section4aParentStackLambdaARN - FieldName: "topicname" - RemoveOnDeleteStack: false - SumoAccessID: !Ref Section1bSumoAccessID - SumoAccessKey: !Ref Section1cSumoAccessKey - SumoDeployment: !Ref Section1aSumoDeployment \ No newline at end of file diff --git a/aws-observability/apps/sqs/sqs_app.template.yaml b/aws-observability/apps/sqs/sqs_app.template.yaml index 53dfc08e..f80bee56 100755 --- a/aws-observability/apps/sqs/sqs_app.template.yaml +++ b/aws-observability/apps/sqs/sqs_app.template.yaml @@ -206,15 +206,3 @@ Resources: SumoAccessID: !Ref Section1bSumoAccessID SumoAccessKey: !Ref Section1cSumoAccessKey SumoDeployment: !Ref Section1aSumoDeployment - - AddQueueNameField: - Type: Custom::SumoLogicFieldsSchema - Properties: - ServiceToken: !Ref Section4aParentStackLambdaARN - FieldName: "queuename" - RemoveOnDeleteStack: false - SumoAccessID: !Ref Section1bSumoAccessID - SumoAccessKey: !Ref Section1cSumoAccessKey - SumoDeployment: !Ref Section1aSumoDeployment - - \ No newline at end of file diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml index 3bf96ecd..55479812 100644 --- a/aws-observability/templates/sumologic_observability.master.template.yaml +++ b/aws-observability/templates/sumologic_observability.master.template.yaml @@ -461,7 +461,7 @@ Mappings: CommonData: NestedTemplate: BucketName: "sumologic-appdev-aws-sam-apps" - Version: "v2.8.0" + Version: "v2.10.0" CollectorDetails: SumoLogicAccountID: 926226587429 CollectorNamePrefix: "aws-observability" @@ -490,6 +490,7 @@ Resources: AccountAlias: !Ref Section2aAccountAlias AccountAliasMappingS3URL: !Ref Section2bAccountAliasMappingS3URL SumoLogicAccountID: !FindInMap [CommonData, CollectorDetails, SumoLogicAccountID] + InstallObservabilityApps: !Ref Section3aInstallObservabilityApps CreateMetaDataSource: "No" CreateCloudWatchMetricsSource: !If [ create_cw_metrics_source, "Yes", "No" ] CloudWatchMetricsSourceName: !Sub "cloudwatch-metrics-${AWS::Region}" @@ -559,7 +560,7 @@ Resources: sumoEC2MetricsAppStack: Type: AWS::CloudFormation::Stack - DependsOn: sumoNlbMetricsAppStack + DependsOn: sumoAlbMetricsAppStack Properties: TemplateURL: !Sub - "https://${BucketName}.s3.amazonaws.com/aws-observability-versions/${Version}/ec2metrics/ec2_metrics_app.template.yaml" From 53f11e1b90fb834875344374184ee823b1a3a695 Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Mon, 10 Jun 2024 18:48:42 +0530 Subject: [PATCH 05/34] Corrected version --- .../templates/sumologic_observability.master.template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml index 55479812..6aef785e 100644 --- a/aws-observability/templates/sumologic_observability.master.template.yaml +++ b/aws-observability/templates/sumologic_observability.master.template.yaml @@ -461,7 +461,7 @@ Mappings: CommonData: NestedTemplate: BucketName: "sumologic-appdev-aws-sam-apps" - Version: "v2.10.0" + Version: "v2.9.0" CollectorDetails: SumoLogicAccountID: 926226587429 CollectorNamePrefix: "aws-observability" From 6be486939dab6796d8af9e4df4d4a5b2f721fa9c Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Tue, 11 Jun 2024 11:02:31 +0530 Subject: [PATCH 06/34] Upgraded version --- aws-observability/apps/alb/alb_app.template.yaml | 2 +- .../apps/apigateway/api_gateway_app.template.yaml | 2 +- aws-observability/apps/autoenable/auto_enable.template.yaml | 2 +- .../apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml | 2 +- aws-observability/apps/common/resources.template.yaml | 2 +- .../apps/controltower/controltower.template.yaml | 4 ++-- aws-observability/apps/dynamodb/dynamodb_app.template.yaml | 2 +- .../apps/ec2metrics/ec2_metrics_app.template.yaml | 2 +- aws-observability/apps/ecs/ecs_app.template.yaml | 2 +- .../apps/elasticache/elasticache_app.template.yaml | 2 +- aws-observability/apps/elb/elb_app.template.yaml | 2 +- .../hostmetricsfields/host_metrics_add_fields.template.yaml | 2 +- aws-observability/apps/lambda/lambda_app.template.yaml | 2 +- aws-observability/apps/nlb/nlb_app.template.yaml | 2 +- .../permissioncheck.nested.template.test.yaml | 2 +- .../permissionchecker/permissioncheck.nested.template.yaml | 2 +- .../apps/permissionchecker/permissioncheck.template.test.yaml | 4 ++-- .../apps/permissionchecker/permissioncheck.template.yaml | 4 ++-- aws-observability/apps/rds/rds_app.template.yaml | 2 +- .../apps/rootcause/rootcauseexplorer.template.yaml | 2 +- aws-observability/apps/sns/sns_app.template.yaml | 2 +- aws-observability/apps/sqs/sqs_app.template.yaml | 2 +- 22 files changed, 25 insertions(+), 25 deletions(-) diff --git a/aws-observability/apps/alb/alb_app.template.yaml b/aws-observability/apps/alb/alb_app.template.yaml index d4fe9ef0..bfbd0121 100755 --- a/aws-observability/apps/alb/alb_app.template.yaml +++ b/aws-observability/apps/alb/alb_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.8.0: Template to setup the ALB app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.9.0: Template to setup the ALB app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/apigateway/api_gateway_app.template.yaml b/aws-observability/apps/apigateway/api_gateway_app.template.yaml index 6f9dbeff..de1655b2 100755 --- a/aws-observability/apps/apigateway/api_gateway_app.template.yaml +++ b/aws-observability/apps/apigateway/api_gateway_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.8.0: Template to setup the API Gateway app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.9.0: Template to setup the API Gateway app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/autoenable/auto_enable.template.yaml b/aws-observability/apps/autoenable/auto_enable.template.yaml index 1649a1b8..c04955e2 100644 --- a/aws-observability/apps/autoenable/auto_enable.template.yaml +++ b/aws-observability/apps/autoenable/auto_enable.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.8.0: Template to setup Auto Enable ALB Access Logging and Lambda Auto Subscribe Log Groups for AWS Observability Solution." +Description: "Version - v2.9.0: Template to setup Auto Enable ALB Access Logging and Lambda Auto Subscribe Log Groups for AWS Observability Solution." Parameters: SumoLogicResourceRemoveOnDeleteStack: diff --git a/aws-observability/apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml b/aws-observability/apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml index fa22d1ea..fb5c7e54 100644 --- a/aws-observability/apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml +++ b/aws-observability/apps/cloudwatchmetrics/cloudwatchmetrics.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.8.0: Template to Setup Sumo Logic CloudWatch Metric Source. The template setup CW Metrics Sources for Namespaces." +Description: "Version - v2.9.0: Template to Setup Sumo Logic CloudWatch Metric Source. The template setup CW Metrics Sources for Namespaces." Parameters: SumoLogicDeployment: diff --git a/aws-observability/apps/common/resources.template.yaml b/aws-observability/apps/common/resources.template.yaml index f55c7766..014769e4 100755 --- a/aws-observability/apps/common/resources.template.yaml +++ b/aws-observability/apps/common/resources.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.8.0: Template to Setup Sumo Logic Sources and supporting AWS Resources for CloudTrail, ALB, Lambda CloudWatch Logs and CloudWatch Metrics." +Description: "Version - v2.9.0: Template to Setup Sumo Logic Sources and supporting AWS Resources for CloudTrail, ALB, Lambda CloudWatch Logs and CloudWatch Metrics." Parameters: SumoLogicDeployment: diff --git a/aws-observability/apps/controltower/controltower.template.yaml b/aws-observability/apps/controltower/controltower.template.yaml index ab74ce27..04c60967 100644 --- a/aws-observability/apps/controltower/controltower.template.yaml +++ b/aws-observability/apps/controltower/controltower.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: AWS::Serverless-2016-10-31 -Description: "Version - v2.8.0: The Template should be deployed in Master account. This template setup the Lambda trigger for new account created using AWS Control Tower Account Factory process. The Lambda install the AWS Observability CF template on the regions of new AWS account using stack Sets." +Description: "Version - v2.9.0: The Template should be deployed in Master account. This template setup the Lambda trigger for new account created using AWS Control Tower Account Factory process. The Lambda install the AWS Observability CF template on the regions of new AWS account using stack Sets." Globals: Function: @@ -212,7 +212,7 @@ Resources: from botocore.exceptions import ClientError name = 'SUMO-LOGIC-AWS-OBSERVABILITY' - templateURL = "https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/aws-observability-versions/v2.8.0/sumologic_observability.master.template.yaml" + templateURL = "https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/aws-observability-versions/v2.9.0/sumologic_observability.master.template.yaml" ALL = ["CAPABILITY_IAM", "CAPABILITY_NAMED_IAM", "CAPABILITY_AUTO_EXPAND"] diff --git a/aws-observability/apps/dynamodb/dynamodb_app.template.yaml b/aws-observability/apps/dynamodb/dynamodb_app.template.yaml index ad58561f..c40f5c26 100755 --- a/aws-observability/apps/dynamodb/dynamodb_app.template.yaml +++ b/aws-observability/apps/dynamodb/dynamodb_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.8.0: Template to setup the DynamoDB app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.9.0: Template to setup the DynamoDB app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml b/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml index 6a2f2e3c..c74db900 100755 --- a/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml +++ b/aws-observability/apps/ec2metrics/ec2_metrics_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.8.0: Template to setup the EC2 Metrics app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.9.0: Template to setup the EC2 Metrics app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: AWS::CloudFormation::Interface: diff --git a/aws-observability/apps/ecs/ecs_app.template.yaml b/aws-observability/apps/ecs/ecs_app.template.yaml index e4895728..8b4a8fe8 100755 --- a/aws-observability/apps/ecs/ecs_app.template.yaml +++ b/aws-observability/apps/ecs/ecs_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.8.0: Template to setup the ECS app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.9.0: Template to setup the ECS app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/elasticache/elasticache_app.template.yaml b/aws-observability/apps/elasticache/elasticache_app.template.yaml index f7295796..0f100e5e 100755 --- a/aws-observability/apps/elasticache/elasticache_app.template.yaml +++ b/aws-observability/apps/elasticache/elasticache_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.8.0: Template to setup the ElastiCache app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.9.0: Template to setup the ElastiCache app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/elb/elb_app.template.yaml b/aws-observability/apps/elb/elb_app.template.yaml index ef1a6b44..d01b1175 100755 --- a/aws-observability/apps/elb/elb_app.template.yaml +++ b/aws-observability/apps/elb/elb_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.8.0: Template to setup the ELB classic app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.9.0: Template to setup the ELB classic app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/hostmetricsfields/host_metrics_add_fields.template.yaml b/aws-observability/apps/hostmetricsfields/host_metrics_add_fields.template.yaml index 165a3612..a03b35b4 100644 --- a/aws-observability/apps/hostmetricsfields/host_metrics_add_fields.template.yaml +++ b/aws-observability/apps/hostmetricsfields/host_metrics_add_fields.template.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: '2010-09-09' -Description: "Version - v2.8.0: Lambda Function to add fields to host metrics sources based on the available instances in all regions of the current AWS account." +Description: "Version - v2.9.0: Lambda Function to add fields to host metrics sources based on the available instances in all regions of the current AWS account." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/lambda/lambda_app.template.yaml b/aws-observability/apps/lambda/lambda_app.template.yaml index 902ffead..96ab32e6 100755 --- a/aws-observability/apps/lambda/lambda_app.template.yaml +++ b/aws-observability/apps/lambda/lambda_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.8.0: Template to setup the Lambda app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.9.0: Template to setup the Lambda app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/nlb/nlb_app.template.yaml b/aws-observability/apps/nlb/nlb_app.template.yaml index 081426eb..ab90f01a 100755 --- a/aws-observability/apps/nlb/nlb_app.template.yaml +++ b/aws-observability/apps/nlb/nlb_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.8.0: Template to setup the NLB app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.9.0: Template to setup the NLB app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml index 8cd84410..4eacfef6 100644 --- a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml +++ b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: '2010-09-09' -Description: "Version - v2.8.0: This CloudFormation template will check for the permission required to deploy the AWS Observability CF template. Based on various error received, please provide the specific permissions to Sumo Logic role or AWS IAM Role used to deploy the template." +Description: "Version - v2.9.0: This CloudFormation template will check for the permission required to deploy the AWS Observability CF template. Based on various error received, please provide the specific permissions to Sumo Logic role or AWS IAM Role used to deploy the template." Transform: 'AWS::Serverless-2016-10-31' Metadata: diff --git a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml index b31ade30..ee17c024 100644 --- a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml +++ b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: '2010-09-09' -Description: "Version - v2.8.0: This CloudFormation template will check for the permission required to deploy the AWS Observability CF template. Based on various error received, please provide the specific permissions to Sumo Logic role or AWS IAM Role used to deploy the template." +Description: "Version - v2.9.0: This CloudFormation template will check for the permission required to deploy the AWS Observability CF template. Based on various error received, please provide the specific permissions to Sumo Logic role or AWS IAM Role used to deploy the template." Transform: 'AWS::Serverless-2016-10-31' Metadata: diff --git a/aws-observability/apps/permissionchecker/permissioncheck.template.test.yaml b/aws-observability/apps/permissionchecker/permissioncheck.template.test.yaml index 0b8a9b61..fae8e340 100644 --- a/aws-observability/apps/permissionchecker/permissioncheck.template.test.yaml +++ b/aws-observability/apps/permissionchecker/permissioncheck.template.test.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: '2010-09-09' -Description: "Version - v2.8.0: Note: Before deploying this template, please select the appropriate region. This CloudFormation template will check for the permission required to deploy the AWS Observability CF template. Based on various error received, please provide the specific permissions to Sumo Logic role or AWS IAM Role used to deploy the template." +Description: "Version - v2.9.0: Note: Before deploying this template, please select the appropriate region. This CloudFormation template will check for the permission required to deploy the AWS Observability CF template. Based on various error received, please provide the specific permissions to Sumo Logic role or AWS IAM Role used to deploy the template." Transform: 'AWS::Serverless-2016-10-31' Metadata: @@ -60,7 +60,7 @@ Mappings: CommonData: NestedTemplate: BucketName: "sumologic-appdev-aws-sam-apps" - Version: "v2.8.0" + Version: "v2.9.0" Resources: diff --git a/aws-observability/apps/permissionchecker/permissioncheck.template.yaml b/aws-observability/apps/permissionchecker/permissioncheck.template.yaml index af3004d1..c9bb0fa8 100644 --- a/aws-observability/apps/permissionchecker/permissioncheck.template.yaml +++ b/aws-observability/apps/permissionchecker/permissioncheck.template.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: '2010-09-09' -Description: "Version - v2.8.0. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will check for the permission required to deploy the AWS Observability CF template. Based on various error received, please provide the specific permissions to Sumo Logic role or AWS IAM Role used to deploy the template." +Description: "Version - v2.9.0. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will check for the permission required to deploy the AWS Observability CF template. Based on various error received, please provide the specific permissions to Sumo Logic role or AWS IAM Role used to deploy the template." Transform: 'AWS::Serverless-2016-10-31' Metadata: @@ -58,7 +58,7 @@ Mappings: CommonData: NestedTemplate: BucketName: "sumologic-appdev-aws-sam-apps" - Version: "v2.8.0" + Version: "v2.9.0" Resources: diff --git a/aws-observability/apps/rds/rds_app.template.yaml b/aws-observability/apps/rds/rds_app.template.yaml index 168b9ae9..2cddbafb 100755 --- a/aws-observability/apps/rds/rds_app.template.yaml +++ b/aws-observability/apps/rds/rds_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.8.0: Template to setup the RDS app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.9.0: Template to setup the RDS app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml b/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml index 7a6b907c..ee5faa86 100755 --- a/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml +++ b/aws-observability/apps/rootcause/rootcauseexplorer.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.8.0: Template to setup the Sumo Logic AWS Inventory Source and Root Cause Explorer app." +Description: "Version - v2.9.0: Template to setup the Sumo Logic AWS Inventory Source and Root Cause Explorer app." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/sns/sns_app.template.yaml b/aws-observability/apps/sns/sns_app.template.yaml index 6287b5ec..12f07d60 100755 --- a/aws-observability/apps/sns/sns_app.template.yaml +++ b/aws-observability/apps/sns/sns_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.8.0: Template to setup the SNS app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.9.0: Template to setup the SNS app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': diff --git a/aws-observability/apps/sqs/sqs_app.template.yaml b/aws-observability/apps/sqs/sqs_app.template.yaml index f80bee56..7bb8d940 100755 --- a/aws-observability/apps/sqs/sqs_app.template.yaml +++ b/aws-observability/apps/sqs/sqs_app.template.yaml @@ -1,6 +1,6 @@ AWSTemplateFormatVersion: '2010-09-09' Transform: 'AWS::Serverless-2016-10-31' -Description: "Version - v2.8.0: Template to setup the SQS app with AWS and Sumo Logic resources for AWS Observability Solution." +Description: "Version - v2.9.0: Template to setup the SQS app with AWS and Sumo Logic resources for AWS Observability Solution." Metadata: 'AWS::CloudFormation::Interface': From d6a180899eb5581dbc762591171e83bc8f547fac Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Tue, 11 Jun 2024 12:50:38 +0530 Subject: [PATCH 07/34] Updated version in master template --- .../templates/sumologic_observability.master.template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml index 6aef785e..ca4b1deb 100644 --- a/aws-observability/templates/sumologic_observability.master.template.yaml +++ b/aws-observability/templates/sumologic_observability.master.template.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: '2010-09-09' -Description: "Version - v2.8.0. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will automate the setup of the AWS Observability Solution. For more information on each parameter, please see the AWS Observability Setup Guide: https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/01_Deploy_and_Use_AWS_Observability/05_Deploy_AWS_Observability" +Description: "Version - v2.9.0. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will automate the setup of the AWS Observability Solution. For more information on each parameter, please see the AWS Observability Setup Guide: https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/01_Deploy_and_Use_AWS_Observability/05_Deploy_AWS_Observability" Metadata: 'AWS::CloudFormation::Interface': From 3261d776fd77703a7f730f54f032b3fd7cf83faf Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Tue, 25 Jun 2024 20:22:02 +0000 Subject: [PATCH 08/34] Bump github.com/hashicorp/go-getter in /aws-observability-terraform Bumps [github.com/hashicorp/go-getter](https://github.com/hashicorp/go-getter) from 1.7.4 to 1.7.5. - [Release notes](https://github.com/hashicorp/go-getter/releases) - [Changelog](https://github.com/hashicorp/go-getter/blob/main/.goreleaser.yml) - [Commits](https://github.com/hashicorp/go-getter/compare/v1.7.4...v1.7.5) --- updated-dependencies: - dependency-name: github.com/hashicorp/go-getter dependency-type: indirect ... Signed-off-by: dependabot[bot] --- aws-observability-terraform/go.mod | 2 +- aws-observability-terraform/go.sum | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/aws-observability-terraform/go.mod b/aws-observability-terraform/go.mod index 8a175d30..050880bc 100644 --- a/aws-observability-terraform/go.mod +++ b/aws-observability-terraform/go.mod @@ -44,7 +44,7 @@ require ( github.com/gruntwork-io/go-commons v0.17.1 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect - github.com/hashicorp/go-getter v1.7.4 // indirect + github.com/hashicorp/go-getter v1.7.5 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-safetemp v1.0.0 // indirect github.com/hashicorp/go-version v1.7.0 // indirect diff --git a/aws-observability-terraform/go.sum b/aws-observability-terraform/go.sum index 9cc16ead..c75bbf69 100644 --- a/aws-observability-terraform/go.sum +++ b/aws-observability-terraform/go.sum @@ -389,8 +389,8 @@ github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/go-cleanhttp v0.5.2 h1:035FKYIWjmULyFRBKPs8TBQoi0x6d9G4xc9neXJWAZQ= github.com/hashicorp/go-cleanhttp v0.5.2/go.mod h1:kO/YDlP8L1346E6Sodw+PrpBSV4/SoxCXGY6BqNFT48= -github.com/hashicorp/go-getter v1.7.4 h1:3yQjWuxICvSpYwqSayAdKRFcvBl1y/vogCxczWSmix0= -github.com/hashicorp/go-getter v1.7.4/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744= +github.com/hashicorp/go-getter v1.7.5 h1:dT58k9hQ/vbxNMwoI5+xFYAJuv6152UNvdHokfI5wE4= +github.com/hashicorp/go-getter v1.7.5/go.mod h1:W7TalhMmbPmsSMdNjD0ZskARur/9GJ17cfHTRtXV744= github.com/hashicorp/go-multierror v1.1.1 h1:H5DkEtf6CXdFp0N0Em5UCwQpXMWke8IA0+lD48awMYo= github.com/hashicorp/go-multierror v1.1.1/go.mod h1:iw975J/qwKPdAO1clOe2L8331t/9/fmwbPZ6JB6eMoM= github.com/hashicorp/go-safetemp v1.0.0 h1:2HR189eFNrjHQyENnQMMpCiBAsRxzbTMIgBhEyExpmo= From 909ca9eeed669a4ad0efdeb53e48b5fabb7d5610 Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Thu, 27 Jun 2024 11:43:01 +0530 Subject: [PATCH 09/34] Added new mssql dashboard --- aws-observability/json/Rds-App.json | 817 +++++++++++++++++++++++++++- 1 file changed, 816 insertions(+), 1 deletion(-) diff --git a/aws-observability/json/Rds-App.json b/aws-observability/json/Rds-App.json index 43b00a79..31d202dd 100644 --- a/aws-observability/json/Rds-App.json +++ b/aws-observability/json/Rds-App.json @@ -5215,7 +5215,7 @@ "coloringRules": null, "linkedDashboards": [ { - "id": "Abkssnc1TyrHnPDUrUpid0NA6dsdUjk0Fo5OMHkYWbxkWr6Xcv70xrLyCBT4", + "id": "TSs5j8Fdvs403tVwBZP4ZHPZzLpgzs6Yvjx88xxlzucFSOzQEPWqxhyK9ugj", "relativePath": "../09. Amazon RDS - MySQL Logs - Audit Log Analysis", "includeTimeRange": false, "includeVariables": false @@ -11402,6 +11402,821 @@ } ], "coloringRules": [] + }, + { + "type": "DashboardV2SyncDefinition", + "name": "18. Amazon RDS - MSSQL Logs - Error Logs - Logon Analysis", + "description": "The Amazon RDS - MSSQL Logs - Error Logs - Logon Analysis dashboard provides information about the error logs, including failed authentications and logon errors.", + "title": "18. Amazon RDS - MSSQL Logs - Error Logs - Logon Analysis", + "theme": "Light", + "topologyLabelMap": { + "data": { + "ffe0d04967abc0c87d695d4a7f2700e0": [ + "*" + ], + "namespace": [ + "aws/rds" + ], + "region": [ + "*" + ], + "f049c8a107a343b5188930219d3063f5": [ + "*" + ], + "dbidentifier": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelPANE-5556565F9FF73B4A", + "structure": "{\"height\":5,\"width\":6,\"x\":0,\"y\":0}" + }, + { + "key": "panelPANE-C97F5EDEB22FB84E", + "structure": "{\"height\":8,\"width\":16,\"x\":0,\"y\":10}" + }, + { + "key": "panelPANE-1359B3B4A25FF947", + "structure": "{\"height\":10,\"width\":8,\"x\":16,\"y\":0}" + }, + { + "key": "panel2C0BFEAFBAC60849", + "structure": "{\"height\":8,\"width\":8,\"x\":16,\"y\":10}" + }, + { + "key": "panel1B3270DCA521BA4A", + "structure": "{\"height\":8,\"width\":8,\"x\":16,\"y\":18}" + }, + { + "key": "panelPANE-28DC265CAE0DEB4F", + "structure": "{\"height\":8,\"width\":16,\"x\":0,\"y\":18}" + }, + { + "key": "panelA414E941A506CB41", + "structure": "{\"height\":10,\"width\":10,\"x\":6,\"y\":0}" + }, + { + "key": "panel4F5E4422BA291842", + "structure": "{\"height\":5,\"width\":6,\"x\":0,\"y\":5}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelPANE-5556565F9FF73B4A", + "title": "Failed Authentication Attempts", + "visualSettings": "{\"general\":{\"mode\":\"singleValueMetrics\",\"type\":\"svp\",\"displayType\":\"default\",\"roundDataPoints\":true},\"title\":{\"fontSize\":14},\"svp\":{\"option\":\"Latest\",\"unitify\":false,\"textColor\":\"\",\"backgroundColor\":\"\",\"label\":\"\",\"useBackgroundColor\":false,\"useNoData\":false,\"noDataString\":\"\",\"hideData\":false,\"hideLabel\":false,\"rounding\":0,\"valueFontSize\":24,\"labelFontSize\":14,\"thresholds\":[{\"from\":null,\"to\":1,\"color\":\"#16943E\"},{\"from\":1,\"to\":5,\"color\":\"#DFBE2E\"},{\"from\":5,\"to\":null,\"color\":\"#BF2121\"}],\"sparkline\":{\"show\":false,\"color\":\"#222D3B\"},\"gauge\":{\"show\":false,\"min\":0,\"max\":100,\"showThreshold\":false,\"showThresholdMarker\":false}},\"series\":{},\"legend\":{\"enabled\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "transient": false, + "queryString": "account={{account}} region={{region}} namespace={{namespace}} dbidentifier={{dbidentifier}} _sourceHost=/aws/rds/*Error Logon Login failed for user\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* Logon Login failed for user '*'. Reason: * [CLIENT: *]\" as time, user, reason, client_ip\n| where user != \"rdsadmin\" and !isEmpty(user) and user matches \"{{user}}\"\n| where !isEmpty(client_ip) and client_ip matches \"{{client_ip}}\"\n| count as eventCount", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "spansQueryData": null, + "parseMode": "Auto", + "timeSource": "Message", + "outputCardinalityLimit": 1000 + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-C97F5EDEB22FB84E", + "title": "Failed Authentication - Details", + "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"roundDataPoints\":true,\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "transient": false, + "queryString": "account={{account}} region={{region}} namespace={{namespace}} dbidentifier={{dbidentifier}} _sourceHost=/aws/rds/*Error Logon Login failed for user\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* Logon Login failed for user '*'. Reason: * [CLIENT: *]\" as time, user, reason, client_ip\n| where user != \"rdsadmin\" and !isEmpty(user) and user matches \"{{user}}\"\n| where !isEmpty(client_ip) and client_ip matches \"{{client_ip}}\"\n| timeslice 1s\n| count as frequency by _timeslice, user, dbidentifier, reason, client_ip\n| sort by _timeslice\n", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "spansQueryData": null, + "parseMode": "Auto", + "timeSource": "Message", + "outputCardinalityLimit": 1000 + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-1359B3B4A25FF947", + "title": "Failed Authentication - User Location", + "visualSettings": "{\"general\":{\"mode\":\"map\",\"type\":\"map\",\"displayType\":\"default\",\"roundDataPoints\":true},\"title\":{\"fontSize\":14},\"series\":{},\"legend\":{\"enabled\":false}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "transient": false, + "queryString": "account={{account}} region={{region}} namespace={{namespace}} dbidentifier={{dbidentifier}} _sourceHost=/aws/rds/*Error Logon Login failed for user\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* Logon Login failed for user '*'. Reason: * [CLIENT: *]\" as time, user, reason, client_ip\n| where user != \"rdsadmin\" and !isEmpty(user) and user matches \"{{user}}\"\n| where !isEmpty(client_ip) and !isBlank(client_ip) and client_ip matches \"{{client_ip}}\"\n| count by client_ip\n| lookup latitude, longitude from geo://location on ip = client_ip\n| where !isNull(latitude)", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "spansQueryData": null, + "parseMode": "Auto", + "timeSource": "Message", + "outputCardinalityLimit": 1000 + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel2C0BFEAFBAC60849", + "title": "Failed Auth Attempts by User", + "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"roundDataPoints\":true,\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "transient": false, + "queryString": "account={{account}} region={{region}} namespace={{namespace}} dbidentifier={{dbidentifier}} _sourceHost=/aws/rds/*Error Logon Login failed for user\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* Logon Login failed for user '*'. Reason: * [CLIENT: *]\" as time, user, reason, client_ip\n| where user != \"rdsadmin\" and !isEmpty(user) and user matches \"{{user}}\"\n| where !isEmpty(client_ip) and client_ip matches \"{{client_ip}}\"\n| count as frequency by user\n| sort by frequency, user asc", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "spansQueryData": null, + "parseMode": "Auto", + "timeSource": "Message", + "outputCardinalityLimit": 1000 + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel1B3270DCA521BA4A", + "title": "Failed Auth Attempts by Client IP", + "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"roundDataPoints\":true,\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "transient": false, + "queryString": "account={{account}} region={{region}} namespace={{namespace}} dbidentifier={{dbidentifier}} _sourceHost=/aws/rds/*Error Logon Login failed for user\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* Logon Login failed for user '*'. Reason: * [CLIENT: *]\" as time, user, reason, client_ip\n| where user != \"rdsadmin\" and !isEmpty(user) and user matches \"{{user}}\"\n| where !isEmpty(client_ip) and client_ip matches \"{{client_ip}}\"\n| count as frequency by client_ip\n| sort by frequency, client_ip asc", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "spansQueryData": null, + "parseMode": "Auto", + "timeSource": "Message", + "outputCardinalityLimit": 1000 + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-28DC265CAE0DEB4F", + "title": "Logon Errors", + "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"roundDataPoints\":true,\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "transient": false, + "queryString": "account={{account}} region={{region}} namespace={{namespace}} dbidentifier={{dbidentifier}} _sourceHost=/aws/rds/*Error Logon Error\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"Error: *, Severity: *, State: *.\" as error_code, severity, state\n| count as frequency by dbidentifier, error_code, severity, state\n| sort by severity, frequency", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "spansQueryData": null, + "parseMode": "Auto", + "timeSource": "Message", + "outputCardinalityLimit": 1000 + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelA414E941A506CB41", + "title": "Failed Authentication Attempts - Trend", + "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false,\"title\":\"Failed Auth Attempts\"}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"general\":{\"type\":\"column\",\"displayType\":\"stacked\",\"roundDataPoints\":true,\"fillOpacity\":1,\"mode\":\"timeSeries\"},\"overrides\":[]}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "transient": false, + "queryString": "account={{account}} region={{region}} namespace={{namespace}} dbidentifier={{dbidentifier}} _sourceHost=/aws/rds/*Error Logon Login failed for user\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* Logon Login failed for user '*'. Reason: * [CLIENT: *]\" as time, user, reason, client_ip\n| where user != \"rdsadmin\" and !isEmpty(user) and user matches \"{{user}}\"\n| where !isEmpty(client_ip) and client_ip matches \"{{client_ip}}\"\n| timeslice 15m\n| count as failedLogonAttempts by _timeslice, dbidentifier\n| transpose row _timeslice column dbidentifier", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "spansQueryData": null, + "parseMode": "Auto", + "timeSource": "Message", + "outputCardinalityLimit": 1000 + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel4F5E4422BA291842", + "title": "Failed Authentication Attempts by dbidentifier", + "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"roundDataPoints\":true,\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"30%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "transient": false, + "queryString": "account={{account}} region={{region}} namespace={{namespace}} dbidentifier={{dbidentifier}} _sourceHost=/aws/rds/*Error Logon Login failed for user\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* Logon Login failed for user '*'. Reason: * [CLIENT: *]\" as time, user, reason, client_ip\n| where user != \"rdsadmin\" and !isEmpty(user) and user matches \"{{user}}\"\n| where !isEmpty(client_ip) and client_ip matches \"{{client_ip}}\"\n| count as eventCount by dbidentifier\n| sort by eventCount, dbidentifier asc", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "spansQueryData": null, + "parseMode": "Auto", + "timeSource": "Message", + "outputCardinalityLimit": 1000 + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": "account", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": "region", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region=*", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/rds", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace=aws/rds", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": false, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "dbidentifier", + "displayName": "dbidentifier", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "dbidentifier" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "user", + "displayName": "user", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "LogQueryVariableSourceDefinition", + "query": "account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*Error Logon Login failed for user\n| parse \"* Logon Login failed for user '*'. Reason: * [CLIENT: *]\" as time, user, reason, client_ip\n| count by user\n| sort by user asc", + "field": "user" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "client_ip", + "displayName": "client_ip", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "LogQueryVariableSourceDefinition", + "query": "account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*Error Logon Login failed for user\n| parse \"* Logon Login failed for user '*'. Reason: * [CLIENT: *]\" as time, user, reason, client_ip\n| count by client_ip\n| sort by client_ip asc", + "field": "client_ip" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] + }, + { + "type": "DashboardV2SyncDefinition", + "name": "19. Amazon RDS - MSSQL Logs - Error Logs - Infrastructure Overview", + "description": "The Amazon RDS - MSSQL Logs - Error Logs - Infrastructure Overview dashboard provides details for hardware, authentications mode, collation, process, recent SQL Server terminations, and newly created databases.", + "title": "19. Amazon RDS - MSSQL Logs - Error Logs - Infrastructure Overview", + "theme": "Light", + "topologyLabelMap": { + "data": { + "ffe0d04967abc0c87d695d4a7f2700e0": [ + "*" + ], + "namespace": [ + "aws/rds" + ], + "region": [ + "*" + ], + "f049c8a107a343b5188930219d3063f5": [ + "*" + ], + "dbidentifier": [ + "*" + ], + "account": [ + "*" + ] + } + }, + "refreshInterval": 0, + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "layout": { + "layoutType": "Grid", + "layoutStructures": [ + { + "key": "panelPANE-1B625C63AFF01A43", + "structure": "{\"height\":6,\"width\":6,\"x\":18,\"y\":0}" + }, + { + "key": "panelPANE-44D782B2B2738B48", + "structure": "{\"height\":6,\"width\":6,\"x\":5,\"y\":0}" + }, + { + "key": "panel76EEA97B9A431944", + "structure": "{\"height\":6,\"width\":9,\"x\":7,\"y\":6}" + }, + { + "key": "panelAFCBC601BB5F4A4D", + "structure": "{\"height\":6,\"width\":8,\"x\":16,\"y\":6}" + }, + { + "key": "panel9F73C967AECF9A4C", + "structure": "{\"height\":6,\"width\":5,\"x\":0,\"y\":0}" + }, + { + "key": "panel227CB3299FF30948", + "structure": "{\"height\":6,\"width\":14,\"x\":10,\"y\":12}" + }, + { + "key": "panelE0A53C29AD3B3840", + "structure": "{\"height\":6,\"width\":7,\"x\":11,\"y\":0}" + }, + { + "key": "panelPANE-E8CD03B485782844", + "structure": "{\"height\":6,\"width\":7,\"x\":0,\"y\":6}" + }, + { + "key": "panel7B61E36EAF144940", + "structure": "{\"height\":6,\"width\":10,\"x\":0,\"y\":12}" + } + ] + }, + "panels": [ + { + "id": null, + "key": "panelPANE-1B625C63AFF01A43", + "title": "Configured Authentication mode", + "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"roundDataPoints\":true,\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "transient": false, + "queryString": "account={{account}} region={{region}} namespace={{namespace}} dbidentifier={{dbidentifier}} _sourceHost=/aws/rds/*Error Authentication mode\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"Authentication mode is *.\" as mode\n| withtime mode\n| most_recent(mode_withtime) as mode by dbidentifier", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "spansQueryData": null, + "parseMode": "Auto", + "timeSource": "Message", + "outputCardinalityLimit": 1000 + } + ], + "description": "", + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-44D782B2B2738B48", + "title": "DB Setup Details", + "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"roundDataPoints\":true,\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "transient": false, + "queryString": "account={{account}} region={{region}} namespace={{namespace}} dbidentifier={{dbidentifier}} _sourceHost=/aws/rds/*Error System Manufacturer\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"System Manufacturer: '*', System Model: '*'\" as service, instance_class\n| concat(service, \" - \", instance_class) as db_setup\n| withtime db_setup\n| most_recent(db_setup_withtime) as instance_class by dbidentifier", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "spansQueryData": null, + "parseMode": "Auto", + "timeSource": "Message", + "outputCardinalityLimit": 1000 + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel76EEA97B9A431944", + "title": "DB Process IDs", + "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"roundDataPoints\":true,\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "transient": false, + "queryString": "account={{account}} region={{region}} namespace={{namespace}} dbidentifier={{dbidentifier}} _sourceHost=/aws/rds/*Error SQL Server has been using a process ID\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"This instance of SQL Server has been using a process ID of * since * (local) * (UTC)\" as process_id, local_created_time, utc_created_time\n| withtime process_id\n| most_recent(process_id_withtime) as process_id by dbidentifier, process_id, utc_created_time", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "spansQueryData": null, + "parseMode": "Auto", + "timeSource": "Message", + "outputCardinalityLimit": 1000 + } + ], + "description": "", + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelAFCBC601BB5F4A4D", + "title": "DB Collation Details", + "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"roundDataPoints\":true,\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "transient": false, + "queryString": "account={{account}} region={{region}} namespace={{namespace}} dbidentifier={{dbidentifier}} _sourceHost=/aws/rds/*Error Default collation\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"Default collation: *\" as collation\n| withtime collation\n| most_recent(collation_withtime) as collation by dbidentifier, collation", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "spansQueryData": null, + "parseMode": "Auto", + "timeSource": "Message", + "outputCardinalityLimit": 1000 + } + ], + "description": "", + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel9F73C967AECF9A4C", + "title": "DB Instance Type", + "visualSettings": "{\"title\":{\"fontSize\":14},\"general\":{\"type\":\"pie\",\"displayType\":\"default\",\"roundDataPoints\":true,\"fillOpacity\":1,\"startAngle\":270,\"innerRadius\":\"30%\",\"maxNumOfSlices\":10,\"mode\":\"distribution\"},\"legend\":{\"enabled\":false,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12}},\"series\":{}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "transient": false, + "queryString": "account={{account}} region={{region}} namespace={{namespace}} dbidentifier={{dbidentifier}} _sourceHost=/aws/rds/*Error System Manufacturer\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"System Manufacturer: '*', System Model: '*'\" as service, instance_class\n| withtime instance_class\n| most_recent(instance_class_withtime) as instance_class by dbidentifier\n| count by instance_class\n| sort by _count, instance_class asc", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "spansQueryData": null, + "parseMode": "Auto", + "timeSource": "Message", + "outputCardinalityLimit": 1000 + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel227CB3299FF30948", + "title": "Recently Created Databases", + "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"roundDataPoints\":true,\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "transient": false, + "queryString": "account={{account}} region={{region}} namespace={{namespace}} dbidentifier={{dbidentifier}} _sourceHost=/aws/rds/*Error Starting up database\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"Starting up database '*'.\" as db_name\n| dedup by db_name, dbidentifier\n| values(db_name) as db_name by dbidentifier", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "spansQueryData": null, + "parseMode": "Auto", + "timeSource": "Message", + "outputCardinalityLimit": 1000 + } + ], + "description": "", + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelE0A53C29AD3B3840", + "title": "SQL Server Versions", + "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"roundDataPoints\":true,\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "transient": false, + "queryString": "account={{account}} region={{region}} namespace={{namespace}} dbidentifier={{dbidentifier}} _sourceHost=/aws/rds/*Error Microsoft SQL Server\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse regex field=message \"Microsoft SQL Server (?\\d{4})\" \n| parse regex field=message \"\\n(?[\\w\\s]+ Edition \\(\\d+-bit\\))\"\n| trim(edition) as edition\n| withtime edition \n| most_recent(edition_withtime) as edition by dbidentifier, version", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "spansQueryData": null, + "parseMode": "Auto", + "timeSource": "Message", + "outputCardinalityLimit": 1000 + } + ], + "description": "", + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panelPANE-E8CD03B485782844", + "title": "DBCC CHECK DB", + "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"roundDataPoints\":true,\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "transient": false, + "queryString": "account={{account}} region={{region}} namespace={{namespace}} dbidentifier={{dbidentifier}} _sourceHost=/aws/rds/*Error DBCC CHECKDB\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"DBCC CHECKDB (rdsadmin) WITH all_errormsgs, no_infomsgs, tableresults executed by NT AUTHORITY\\\\SYSTEM found * errors and repaired * errors.\" as error, repaired_error\n| count as frequency by dbidentifier, error, repaired_error", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "spansQueryData": null, + "parseMode": "Auto", + "timeSource": "Message", + "outputCardinalityLimit": 1000 + } + ], + "description": "", + "timeRange": null, + "coloringRules": null, + "linkedDashboards": [] + }, + { + "id": null, + "key": "panel7B61E36EAF144940", + "title": "Recently Terminated SQL Servers", + "visualSettings": "{\"title\":{\"fontSize\":14},\"axes\":{\"axisX\":{\"titleFontSize\":12,\"labelFontSize\":12},\"axisY\":{\"titleFontSize\":12,\"labelFontSize\":12,\"logarithmic\":false}},\"legend\":{\"enabled\":true,\"verticalAlign\":\"bottom\",\"fontSize\":12,\"maxHeight\":50,\"showAsTable\":false,\"wrap\":true},\"color\":{\"family\":\"Categorical Default\"},\"series\":{},\"general\":{\"type\":\"table\",\"displayType\":\"default\",\"roundDataPoints\":true,\"paginationPageSize\":100,\"fontSize\":12,\"mode\":\"timeSeries\"}}", + "keepVisualSettingsConsistentWithParent": true, + "panelType": "SumoSearchPanel", + "queries": [ + { + "transient": false, + "queryString": "account={{account}} region={{region}} namespace={{namespace}} dbidentifier={{dbidentifier}} _sourceHost=/aws/rds/*Error SQL Server is terminating\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| withtime dbidentifier \n| most_recent(dbidentifier_withtime) as dbidentifier by dbidentifier", + "queryType": "Logs", + "queryKey": "A", + "metricsQueryMode": null, + "metricsQueryData": null, + "tracesQueryData": null, + "spansQueryData": null, + "parseMode": "Auto", + "timeSource": "Message", + "outputCardinalityLimit": 1000 + } + ], + "description": "", + "timeRange": { + "type": "BeginBoundedTimeRange", + "from": { + "type": "RelativeTimeRangeBoundary", + "relativeTime": "-1d" + }, + "to": null + }, + "coloringRules": null, + "linkedDashboards": [] + } + ], + "variables": [ + { + "id": null, + "name": "account", + "displayName": "account", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "", + "key": "account" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "region", + "displayName": "region", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region=*", + "key": "region" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "namespace", + "displayName": "namespace", + "defaultValue": "aws/rds", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace=aws/rds", + "key": "namespace" + }, + "allowMultiSelect": false, + "includeAllOption": false, + "hideFromUI": false, + "valueType": "Any" + }, + { + "id": null, + "name": "dbidentifier", + "displayName": "dbidentifier", + "defaultValue": "*", + "sourceDefinition": { + "variableSourceType": "MetadataVariableSourceDefinition", + "filter": "account={{account}} region={{region}} namespace={{namespace}}", + "key": "dbidentifier" + }, + "allowMultiSelect": false, + "includeAllOption": true, + "hideFromUI": false, + "valueType": "Any" + } + ], + "coloringRules": [] } ] } \ No newline at end of file From a7b8b803ceaef0e9993f89737fa8176803b74204 Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Thu, 27 Jun 2024 14:34:25 +0530 Subject: [PATCH 10/34] adding awso cf telemetry resources --- aws-observability/scripts/YamlToS3.sh | 2 +- ...mologic_observability.master.template.yaml | 127 ++++++++++++++++++ 2 files changed, 128 insertions(+), 1 deletion(-) diff --git a/aws-observability/scripts/YamlToS3.sh b/aws-observability/scripts/YamlToS3.sh index 7b5c7cf7..1089c653 100755 --- a/aws-observability/scripts/YamlToS3.sh +++ b/aws-observability/scripts/YamlToS3.sh @@ -50,7 +50,7 @@ fi # Upload all templates to sumologic-appdev-aws-sam-apps bucket with version information. if [[ ${AWS_PROFILE} == 'default' ]] then - export version=v2.8.0 + export version=v2.9.0 aws s3 cp apps/ s3://${bucket_name}/aws-observability-versions/${version}/ --recursive --include "*.template.yaml" --exclude '*.zip' --exclude '*.sh' --exclude 'apps/*/test/*' --exclude '*/test/*' --acl public-read --profile ${AWS_PROFILE} diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml index ca4b1deb..4276c61b 100644 --- a/aws-observability/templates/sumologic_observability.master.template.yaml +++ b/aws-observability/templates/sumologic_observability.master.template.yaml @@ -12,6 +12,7 @@ Metadata: - Section1cSumoLogicAccessKey - Section1dSumoLogicOrganizationId - Section1eSumoLogicResourceRemoveOnDeleteStack + - Section1fSumoLogicSendTelemetry - Label: default: "2. AWS Account Alias" @@ -87,6 +88,8 @@ Metadata: default: "Sumo Logic Organization Id" Section1eSumoLogicResourceRemoveOnDeleteStack: default: "Delete Sumo Logic Resources when stack is deleted" + Section1fSumoLogicSendTelemetry: + default: "Send telemetry to Sumo Logic" Section2aAccountAlias: default: "Alias for AWS Account Identification. Please leave this blank if you are using CloudFormation StackSets to deploy the solution in multiple AWS accounts." @@ -189,6 +192,13 @@ Parameters: Description: "To delete collectors, sources and apps when the stack is deleted, set this parameter to True. Default is True. Deletes the resources created by the stack. Deletion of updated resources will be skipped." Type: String + Section1fSumoLogicSendTelemetry: + AllowedValues: + - true + - false + Default: true + Description: "To send telemetry to Sumo Logic, set this parameter to True. Default is True." + Type: String Section2aAccountAlias: Type: String @@ -457,6 +467,9 @@ Conditions: # Condition for Stacks creation. Calling Nested Stack EveryTime to create FER and Metric Rule. If already present, marked as duplicate in Resource. install_overview_dashboards: !Equals [ !Ref Section3aInstallObservabilityApps, 'Yes' ] + # Condition for sending solution telemetry to sumo logic. + send_telemetry_to_sumo: !Equals [ !Ref Section1fSumoLogicSendTelemetry, 'true' ] + Mappings: CommonData: NestedTemplate: @@ -474,6 +487,120 @@ Mappings: ELBLogsSourceCategory: "aws/observability/clb/logs" Resources: + LambdaRole: + Condition: send_telemetry_to_sumo + Type: AWS::IAM::Role + DeletionPolicy: Retain + Metadata: + cfn_nag: + rules_to_suppress: + - id: W11 + reason: "Operations are performed across resources." + Properties: + AssumeRolePolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Principal: + Service: lambda.amazonaws.com + Action: sts:AssumeRole + Path: / + Policies: + - PolicyName: LambdaExecutePolicies + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - lambda:InvokeFunction + - lambda:DeleteFunction + Resource: !Sub 'arn:aws:lambda:${AWS::Region}:${AWS::AccountId}:function:*TelemetryLambda*' + - PolicyName: BasicLambdaPolicies + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - logs:CreateLogGroup + - logs:CreateLogStream + - logs:PutLogEvents + Resource: "*" + - PolicyName: CloudFormationRead + PolicyDocument: + Version: '2012-10-17' + Statement: + - Effect: Allow + Action: + - cloudformation:Describe* + Resource: !Sub '${AWS::StackId}' + + TelemetryLambda: + Condition: send_telemetry_to_sumo + Type: AWS::Lambda::Function + DeletionPolicy: Retain + Properties: + Handler: lambda_function.lambda_handler + Runtime: python3.12 + Code: + S3Bucket: hsharma-codes + S3Key: 'telemetry.zip' + MemorySize: 128 + Timeout: 900 + Role: !GetAtt LambdaRole.Arn + + LambdaPermission: + Condition: send_telemetry_to_sumo + Type: 'AWS::Lambda::Permission' + # DeletionPolicy: Retain + Properties: + FunctionName: !GetAtt TelemetryLambda.Arn + Action: 'lambda:InvokeFunction' + Principal: 'cloudformation.amazonaws.com' + + Primerinvoke: + Condition: send_telemetry_to_sumo + Type: AWS::CloudFormation::CustomResource + Version: "1.0" + Properties: + ServiceToken: !GetAtt TelemetryLambda.Arn + Handler: lambda_function.lambda_handler + stackID: + Ref: "AWS::StackId" + sumoDeployment: + !Ref Section1aSumoLogicDeployment + sumoOrgId: + !Ref Section1dSumoLogicOrganizationId + solutionName: 'AWSO' + solutionVersion: 'v2.9.0' + deploymentSource: 'cloudFormation' + TelemetryEndpoint: "https://collectors.sumologic.com/receiver/v1/http/ZaVnC4dhaV24CA_LXFO0iHFPLWH8VaEczkwtk-GZYMlTG_Dl2CPQ6YNbmKXf9K3dZQ2aAjTREC_C3TECzVQc1XN7zw5CI5lIR4O4-uYsk4bTELB1MU57AQ==" + scanInterval: 60 + ToUpdate: + Fn::Base64: !Sub + - "${a}-${b}-${c}-${d}-${e}-${f}-${g}-${h}-${i}-${j}-${k}-${l}-${m}-${n}-${o}-${p}-${q}-${r}-${s}-${t}-${u}-${v}" + - a: !Ref Section2aAccountAlias + b: !Ref Section3aInstallObservabilityApps + c: !Ref Section4aCreateMetricsSourceOptions + d: !Ref Section4bMetricsNameSpaces + e: !Ref Section4cCloudWatchExistingSourceAPIUrl + f: !Ref Section5aAutoEnableS3LogsALBResourcesOptions + g: !Ref Section5bALBCreateLogSource + h: !Ref Section5cALBLogsSourceUrl + i: !Ref Section5dALBS3LogsBucketName + j: !Ref Section6aCreateCloudTrailLogSource + k: !Ref Section6bCloudTrailLogsSourceUrl + l: !Ref Section6cCloudTrailLogsBucketName + m: !Ref Section7aLambdaCreateCloudWatchLogsSourceOptions + n: !Ref Section7bLambdaCloudWatchLogsSourceUrl + o: !Ref Section7cAutoSubscribeLogGroupsOptions + p: !Ref Section7dAutoSubscribeLogGroupPattern + q: !Ref Section9aAutoEnableS3LogsELBResourcesOptions + r: !Ref Section9bELBCreateLogSource + s: !Ref Section9cELBLogsSourceUrl + t: !Ref Section9dELBS3LogsBucketName + u: !Ref Section10aAppInstallLocation + v: !FindInMap [CommonData, NestedTemplate, Version] + CreateCommonResources: Type: AWS::CloudFormation::Stack Properties: From c0ba991402974bd85a44cd8657ce0b6c3b029635 Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Thu, 27 Jun 2024 14:35:06 +0530 Subject: [PATCH 11/34] Added monitors for MSSQL in CF --- aws-observability/json/Alerts-App.json | 1895 +++++++++++++----------- 1 file changed, 1064 insertions(+), 831 deletions(-) diff --git a/aws-observability/json/Alerts-App.json b/aws-observability/json/Alerts-App.json index 51b332ca..9949c477 100644 --- a/aws-observability/json/Alerts-App.json +++ b/aws-observability/json/Alerts-App.json @@ -4,18 +4,18 @@ "type": "MonitorsLibraryFolderExport", "children": [ { - "name": "AWS API Gateway - High Authorizer Errors", - "description": "This alert fires where there are too many API requests (>5%) with authorizer errors within 5 minutes", + "name": "AWS SNS - Access from Highly Malicious Sources", + "description": "This alert fires when an Application AWS - SNS is accessed from highly malicious IP addresses within last 5 minutes", "type": "MonitorsLibraryMonitorExport", "monitorType": "Logs", - "evaluationDelay": "1m", + "evaluationDelay": "0m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/apigateway apiname=* apiid stage domainname requestId authorizerError\n| json \"status\", \"authorizerError\", \"apiid\", \"stage\" as status, authorizerError, apiid, stage \n| if (!(authorizerError matches \"-\") and !(status matches \"2*\"), 1, 0) as is_authorizerError\n| sum(is_authorizerError) as is_authorizerError_count, count as totalRequests by apiid, stage\n| (is_authorizerError_count*100/totalRequests) as authorizerError_percent\n| fields authorizerError_percent, apiid, stage\n" + "query": "account=* region=* namespace=aws/sns \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" sourceIPAddress\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\" as accountid, user_type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user_type, username) as user_type\n| count as ip_count by src_ip, event_name, region, accountid,user_type\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip\n| where type=\"ip_address\" and malicious_confidence = \"high\"\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as actor\n| sum(ip_count) as threat_count by src_ip, event_name, region, accountid, malicious_confidence, actor, label_name\n" } ], "triggers": [ @@ -24,21 +24,21 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 5, + "threshold": 0, "thresholdType": "GreaterThan", - "field": "authorizerError_percent" + "field": null }, { "detectionMethod": "LogsStaticCondition", "triggerType": "ResolvedCritical", - "resolutionWindow": "-5m", + "resolutionWindow": null, "timeRange": "-5m", - "threshold": 5, + "threshold": 0, "thresholdType": "LessThanOrEqual", - "field": "authorizerError_percent" + "field": null } ], - "timeZone": "Asia/Kolkata", + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": true, @@ -49,8 +49,8 @@ "automatedPlaybookIds": [] }, { - "name": "AWS API Gateway - High Client-Side Errors", - "description": "This alert fires where there are too many API requests (>5%) with client-side errors within 5 minutes. \nThis can indicate an issue in the authorisation or client request parameters. It could also mean that a resource was removed or a client is requesting one that doesn't exist. Errors could also be caused by exceeding the configured throttling limit.", + "name": "AWS DynamoDB - High Write Throttle", + "description": "This alert fires when we detect that the total write throttle events for a dynamodb table is high (>5) for a time interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -60,7 +60,7 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/apigateway (metric=4XX or metric=4xxError or metric=ClientError) Statistic=Average account=* region=* apiname=* stage=* !(route=*) !(resource=*) | avg by apiname, namespace, region, account, stage" + "query": "account=* region=* namespace=aws/dynamodb tablename=* metric=WriteThrottleEvents statistic=sum | sum by account, region, namespace, tablename" } ], "triggers": [ @@ -69,23 +69,23 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0.05, - "thresholdType": "GreaterThanOrEqual", + "threshold": 5, + "thresholdType": "GreaterThan", "occurrenceType": "Always", - "minDataPoints": 5 + "minDataPoints": 2 }, { "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0.05, - "thresholdType": "LessThan", + "threshold": 5, + "thresholdType": "LessThanOrEqual", "occurrenceType": "Always", - "minDataPoints": 5 + "minDataPoints": 2 } ], - "timeZone": "Asia/Kolkata", + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, @@ -96,18 +96,18 @@ "automatedPlaybookIds": [] }, { - "name": "AWS API Gateway - High Integration Errors", - "description": "This alert fires where there are too many API requests (>5%) with integration errors within 5 minutes.", + "name": "AWS SQS - Access from highly malicious sources", + "description": "This alert fires when an AWS - SQS resource is accessed from highly malicious IP addresses within last 5 minutes", "type": "MonitorsLibraryMonitorExport", "monitorType": "Logs", - "evaluationDelay": "1m", + "evaluationDelay": "0m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/apigateway apiname=* apiid stage domainname requestId integrationError\n| json \"status\", \"integrationError\", \"apiid\", \"stage\" as status, integrationError, apiid, stage \n| if (!(integrationError matches \"-\") and !(status matches \"2*\"), 1, 0) as is_integrationError\n| sum(is_integrationError) as integrationError_count, count as totalRequests by apiid, stage\n| (integrationError_count*100/totalRequests) as integrationError_percent\n| fields integrationError_percent, apiid, stage" + "query": "account=* region=* namespace=\"aws/sqs\" eventname eventsource \"sqs.amazonaws.com\" sourceIPAddress\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\",\"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, recipient_account_id, requestParameters, responseElements, src_ip, error_code, error_message nodrop\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\" as accountid, type, arn, username nodrop\n| json field=requestParameters \"queueUrl\" as queueUrlReq nodrop \n| json field=responseElements \"queueUrl\" as queueUrlRes nodrop\n| where event_source=\"sqs.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")\n| if(event_name=\"CreateQueue\", queueUrlRes, queueUrlReq) as queueUrl \n| parse regex field=queueUrl \"(?[^\\/]*$)\"\n| if (isBlank(recipient_account_id), accountid, recipient_account_id) as accountid\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status \n| count as ip_count by src_ip\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as actor\n| where type=\"ip_address\" and malicious_confidence = \"high\"\n| sort by ip_count, src_ip\n| fields src_ip, malicious_confidence, actor, label_name" } ], "triggers": [ @@ -116,21 +116,21 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 5, + "threshold": 0, "thresholdType": "GreaterThan", - "field": "integrationError_percent" + "field": null }, { "detectionMethod": "LogsStaticCondition", "triggerType": "ResolvedCritical", - "resolutionWindow": "-5m", + "resolutionWindow": null, "timeRange": "-5m", - "threshold": 5, + "threshold": 0, "thresholdType": "LessThanOrEqual", - "field": "integrationError_percent" + "field": null } ], - "timeZone": "Asia/Kolkata", + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": true, @@ -141,43 +141,41 @@ "automatedPlaybookIds": [] }, { - "name": "AWS API Gateway - High Integration Latency", - "description": "This alert fires when we detect the high integration latency for the API requests in a stage within 5 minutes. This alarm is recommended for WebSocket APIs by AWS, and optional for other APIs because they already have separate alarm recommendations for the Latency metric.\nYou can correlate the IntegrationLatency metric value with the corresponding latency metric of your backend such as the Duration metric for Lambda integrations. This helps you determine whether the API backend is taking more time to process requests from clients due to performance issues or if there is some other overhead from initialization or cold start.", + "name": "Amazon RDS PostgreSQL - Statement Timeouts", + "description": "This alert fires when we detect Postgres logs show statement timeouts", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Metrics", - "evaluationDelay": "4m", + "monitorType": "Logs", + "evaluationDelay": "0m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* Namespace=aws/apigateway metric=IntegrationLatency statistic=p90 apiname=* stage=* !(route=*) !(resource=*) | avg by apiname, namespace, region, account, stage" + "query": "account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*postgresql \"statement timeout\" | json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message | parse field=message \"* * *:*(*):*@*:[*]:*:*\" as date,time,time_zone,host,thread_id,user,database,processid,severity,msg | count by dbidentifier, database" } ], "triggers": [ { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 2000, - "thresholdType": "GreaterThanOrEqual", - "occurrenceType": "Always", - "minDataPoints": 5 + "threshold": 0, + "thresholdType": "GreaterThan", + "field": null }, { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 2000, - "thresholdType": "LessThan", - "occurrenceType": "Always", - "minDataPoints": 5 + "threshold": 0, + "thresholdType": "LessThanOrEqual", + "field": null } ], - "timeZone": "Asia/Kolkata", + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": true, @@ -188,43 +186,47 @@ "automatedPlaybookIds": [] }, { - "name": "AWS API Gateway - High Latency", - "description": "This alert fires when we detect the high Latency in a stage within 5 minutes for REST and HTTP API.\nFind the IntegrationLatency metric value to check the API backend latency. If the two metrics are mostly aligned, the API backend is the source of higher latency and you should investigate there for issues. View this metric per resource and method and narrow down the source of the latency.", + "name": "Amazon Elasticache - Multiple Failed Operations", + "description": "This alert fires when we detect multiple failed operations within a 15 minute interval for an ElastiCache service.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Metrics", - "evaluationDelay": "4m", + "monitorType": "Logs", + "evaluationDelay": "0m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* Namespace=aws/apigateway metric=Latency statistic=p90 apiname=* stage=* !(route=*) !(resource=*) | avg by apiname, namespace, region, account, stage" + "query": "account=* region=* namespace=aws/elasticache \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventSource\", \"errorCode\", \"errorMessage\", \"userIdentity\", \"requestParameters\", \"responseElements\" as event_source, error_code, error_message, user_identity, requestParameters, responseElements nodrop\n| json field=requestParameters \"cacheClusterId\" as req_cacheClusterId nodrop\n| json field=responseElements \"cacheClusterId\" as res_cacheClusterId nodrop\n| json field=user_identity \"arn\", \"userName\" nodrop \n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where event_source matches \"elasticache.amazonaws.com\" and !isEmpty(error_code) and !isEmpty(error_message) and !isEmpty(user)\n| count as event_count by _messageTime, account, region, event_source, error_code, error_message, user, cacheclusterid\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS Z\") as message_date\n| fields message_date, account, region, event_source, error_code, error_message, user, cacheclusterid\n| fields -_messageTime" } ], "triggers": [ { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 2500, + "timeRange": "-15m", + "threshold": 10, "thresholdType": "GreaterThanOrEqual", - "occurrenceType": "Always", - "minDataPoints": 5 + "field": null, + "occurrenceType": "ResultCount", + "triggerSource": "AllResults", + "minDataPoints": null }, { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 2500, + "timeRange": "-15m", + "threshold": 10, "thresholdType": "LessThan", - "occurrenceType": "Always", - "minDataPoints": 5 + "field": null, + "occurrenceType": "ResultCount", + "triggerSource": "AllResults", + "minDataPoints": null } ], - "timeZone": "Asia/Kolkata", + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": true, @@ -235,8 +237,8 @@ "automatedPlaybookIds": [] }, { - "name": "AWS API Gateway - High Server-Side Errors", - "description": "This alert fires where there are too many API requests (>5%) with server-side errors within 5 minutes.\nThis can be caused by 5xx errors from your integration, permission issues, or other factors preventing successful invocation of the integration, such as the integration being throttled or deleted.", + "name": "Amazon RDS - High Read Latency", + "description": "This alert fires when the average read latency of a database within a 5 minutes time inerval is high (>=5 seconds). High read latency will affect the performance of your application.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -246,32 +248,36 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/apigateway (metric=5XX or metric=5xxError or metric=ExecutionError) Statistic=Average account=* region=* apiname=* stage=* !(route=*) !(resource=*) | avg by apiname, namespace, region, account, stage" + "query": "Namespace=aws/rds metric=ReadLatency statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" } ], "triggers": [ { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0.05, + "threshold": 5, "thresholdType": "GreaterThanOrEqual", + "field": null, "occurrenceType": "Always", - "minDataPoints": 5 + "triggerSource": "AnyTimeSeries", + "minDataPoints": 2 }, { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0.05, + "threshold": 5, "thresholdType": "LessThan", + "field": null, "occurrenceType": "Always", - "minDataPoints": 5 + "triggerSource": "AnyTimeSeries", + "minDataPoints": 2 } ], - "timeZone": "Asia/Kolkata", + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, @@ -282,41 +288,43 @@ "automatedPlaybookIds": [] }, { - "name": "AWS API Gateway - High WAF Errors", - "description": "This alert fires where there are too many API requests (>5%) with WAF errors within 5 minutes.", + "name": "AWS SNS - Failed Notifications", + "description": "This alert fires where there are many failed notifications (>2) within an interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Logs", - "evaluationDelay": "1m", + "monitorType": "Metrics", + "evaluationDelay": "4m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/apigateway apiname=* apiid stage domainname requestId \n| json \"status\", \"apiid\", \"stage\", \"wafResponseCode\" as status, apiid, stage, wafResponseCode\n| if (wafResponseCode==\"WAF_BLOCK\" and !(status matches \"2*\"), 1, 0) as is_wafError\n| sum(is_wafError) as is_wafError_count, count as totalRequests by apiid, stage\n| (is_wafError_count*100/totalRequests) as wafError_percent\n| fields wafError_percent, apiid, stage" + "query": "account=* region=* namespace=aws/sns TopicName=* metric=NumberOfNotificationsFailed Statistic=Sum | sum by account, region, TopicName" } ], "triggers": [ { - "detectionMethod": "LogsStaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 5, + "threshold": 2, "thresholdType": "GreaterThan", - "field": "wafError_percent" + "occurrenceType": "Always", + "minDataPoints": 2 }, { - "detectionMethod": "LogsStaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", - "resolutionWindow": "-5m", + "resolutionWindow": null, "timeRange": "-5m", - "threshold": 5, + "threshold": 2, "thresholdType": "LessThanOrEqual", - "field": "wafError_percent" + "occurrenceType": "Always", + "minDataPoints": 2 } ], - "timeZone": "Asia/Kolkata", + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": true, @@ -327,44 +335,46 @@ "automatedPlaybookIds": [] }, { - "name": "AWS API Gateway - High WAF Latency", - "description": "This alert fires when we detect the high WAF latency for the REST and WebSocket API requests in a stage within 5 minutes.", + "name": "AWS SNS - Notification to DLQ Failure", + "description": "This alert fires when an SNS topic messages that couldn't be moved to a dead-letter queue.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Logs", - "evaluationDelay": "1m", + "monitorType": "Metrics", + "evaluationDelay": "4m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=* apiname=* apiid stage domainname requestId wafLatency\n| json \"wafLatency\", \"apiId\", \"stage\" as wafLatency, apiid, stage \n| pct(wafLatency, 90) as wafLatency90th by apiid,stage" + "query": "account=* region=* namespace=aws/sns topicname=* metric=NumberOfNotificationsFailedToRedriveToDlq statistic=sum | sum by account, region, namespace, topicname " } ], "triggers": [ { - "detectionMethod": "LogsStaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 1000, + "threshold": 0, "thresholdType": "GreaterThan", - "field": "wafLatency90th" + "occurrenceType": "Always", + "minDataPoints": 2 }, { - "detectionMethod": "LogsStaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", - "resolutionWindow": "-5m", + "resolutionWindow": null, "timeRange": "-5m", - "threshold": 1000, + "threshold": 0, "thresholdType": "LessThanOrEqual", - "field": "wafLatency90th" + "occurrenceType": "Always", + "minDataPoints": 2 } ], - "timeZone": "Asia/Kolkata", + "timeZone": null, "notifications": [], "isDisabled": true, - "groupNotifications": true, + "groupNotifications": false, "playbook": "", "sloId": null, "monitorTemplateId": null, @@ -372,43 +382,47 @@ "automatedPlaybookIds": [] }, { - "name": "AWS API Gateway - Low Traffic API", - "description": "This alert fires where there is low message traffic volume for the API within 5 minutes. \nThis can indicate an issue with the application calling the API such as using incorrect endpoints. It could also indicate an issue with the configuration or permissions of the API making it unreachable for clients. This alarm is not recommended for APIs that don't expect constant and consistent traffic.", + "name": "AWS EC2 - High Total CPU Utilization", + "description": "This alert fires when the average total CPU utilization within a 5 minute interval for an EC2 instance is high (>=85%).", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", - "evaluationDelay": "4m", + "evaluationDelay": "0m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/apigateway (metric=ConnectCount OR metric=Count) statistic=SampleCount account=* region=* apiname=* stage=* !(route=*) !(resource=*) | quantize using sum | sum by apiname, namespace, region, account, stage" + "query": "Namespace=aws/ec2 metric=CPU_Total account=* region=* instanceid=* | avg by account, region, namespace, instanceid" } ], "triggers": [ { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-10m", - "threshold": 1, - "thresholdType": "LessThanOrEqual", + "timeRange": "-5m", + "threshold": 85, + "thresholdType": "GreaterThanOrEqual", + "field": null, "occurrenceType": "Always", - "minDataPoints": 10 + "triggerSource": "AnyTimeSeries", + "minDataPoints": 2 }, { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, - "timeRange": "-10m", - "threshold": 1, - "thresholdType": "GreaterThan", + "timeRange": "-5m", + "threshold": 85, + "thresholdType": "LessThan", + "field": null, "occurrenceType": "Always", - "minDataPoints": 10 + "triggerSource": "AnyTimeSeries", + "minDataPoints": 2 } ], - "timeZone": "Asia/Kolkata", + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, @@ -419,18 +433,18 @@ "automatedPlaybookIds": [] }, { - "name": "AWS EC2 - High System CPU Utilization", - "description": "This alert fires when the average system CPU utilization within a 5 minute interval for an EC2 instance is high (>=85%).", + "name": "AWS Application Load Balancer - High Latency", + "description": "This alert fires when we detect that the average latency for a given Application load balancer within a time interval of 5 minutes is greater than or equal to three seconds.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", - "evaluationDelay": "0m", + "evaluationDelay": "4m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/ec2 metric=CPU_Sys account=* region=* instanceid=* | avg by account, region, namespace, instanceid" + "query": "Namespace=aws/applicationelb metric=TargetResponseTime Statistic=Average account=* region=* loadbalancer=* | eval(_value*1000) | sum by account, region, namespace, loadbalancer" } ], "triggers": [ @@ -439,7 +453,7 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 85, + "threshold": 3000, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -451,7 +465,7 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 85, + "threshold": 3000, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -459,26 +473,29 @@ "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS SNS - Failed Events", - "description": "This alert fires when an SNS app has high number of failed events (>5) within last 5 minutes", + "name": "AWS API Gateway - High WAF Latency", + "description": "This alert fires when we detect the high WAF latency for the REST and WebSocket API requests in a stage within 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Logs", - "evaluationDelay": "0m", + "evaluationDelay": "1m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/sns \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\" as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by event_name, error_code, error_message, region, src_ip, accountid, user, type, request_id, topicname, topic_arn, user_agent\n" + "query": "account=* region=* namespace=* apiname=* apiid stage domainname requestId wafLatency\n| json \"wafLatency\", \"apiId\", \"stage\" as wafLatency, apiid, stage \n| pct(wafLatency, 90) as wafLatency90th by apiid,stage" } ], "triggers": [ @@ -487,78 +504,78 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 5, + "threshold": 1000, "thresholdType": "GreaterThan", - "field": null + "field": "wafLatency90th" }, { "detectionMethod": "LogsStaticCondition", "triggerType": "ResolvedCritical", - "resolutionWindow": null, + "resolutionWindow": "-5m", "timeRange": "-5m", - "threshold": 5, + "threshold": 1000, "thresholdType": "LessThanOrEqual", - "field": null + "field": "wafLatency90th" } ], + "timeZone": "Asia/Kolkata", "notifications": [], "isDisabled": true, "groupNotifications": true, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS DynamoDB - High Account Provisioned Write Capacity", - "description": "This alert fires when we detect that the average write capacity provisioned for an account for a time interval of 5 minutes is greater than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.", + "name": "AWS Classic Load Balancer - Access from Highly Malicious Sources", + "description": "This alert fires when the Classic load balancer is accessed from highly malicious IP addresses within last 5 minutes.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Metrics", - "evaluationDelay": "4m", + "monitorType": "Logs", + "evaluationDelay": "0m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/dynamodb metric=AccountProvisionedWriteCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account" + "query": "account=* region=* namespace=aws/elb\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, loadbalancername, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, loadbalancername, account, region, namespace, MaliciousConfidence, Actor, LabelName" } ], "triggers": [ { - "detectionMethod": "StaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 80, - "thresholdType": "GreaterThanOrEqual", - "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", - "minDataPoints": 2 + "threshold": 0, + "thresholdType": "GreaterThan", + "field": null }, { - "detectionMethod": "StaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 80, - "thresholdType": "LessThan", - "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", - "minDataPoints": 2 + "threshold": 0, + "thresholdType": "LessThanOrEqual", + "field": null } ], + "timeZone": null, "notifications": [], "isDisabled": true, - "groupNotifications": false, + "groupNotifications": true, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS SNS - Access from Highly Malicious Sources", - "description": "This alert fires when an Application AWS - SNS is accessed from highly malicious IP addresses within last 5 minutes", + "name": "Amazon RDS MySQL - Excessive Slow Query Detected", + "description": "This alert fires when we detect the average time to execute a query is more than 5 seconds over last 10 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Logs", "evaluationDelay": "0m", @@ -568,39 +585,48 @@ "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/sns \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" sourceIPAddress\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" \n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\" as accountid, user_type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountid, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user_type, username) as user_type\n| count as ip_count by src_ip, event_name, region, accountid,user_type\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip\n| where type=\"ip_address\" and malicious_confidence = \"high\"\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as actor\n| sum(ip_count) as threat_count by src_ip, event_name, region, accountid, malicious_confidence, actor, label_name\n" + "query": "account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*SlowQuery \"User@Host\" \"Query_time\"\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse regex field=message \"(?# User@Host:[\\S\\s]+?SET timestamp=\\d+;[\\S\\s]+?;)\" multi\n| parse regex field=query_block \"# User@Host:\\s*\\S+?\\[(?\\S*?)\\]\\s*@\\s*\\[(?\\S*?)\\]\\s*Id:\\s*(?\\d*)\" nodrop\n| parse regex field=query_block \"# User@Host:\\s*\\S+?\\[(?\\S*?)\\]\\s*@\\s*(?\\S+)\\s\\[(?\\S*?)\\]\\s+Id:\\s*(?\\d+)\"\n| parse regex field=query_block \"# Query_time:\\s+(?[\\d.]*)\\s+Lock_time:\\s+(?[\\d.]*)\\s+Rows_sent:\\s+(?[\\d]*)\\s+Rows_examined:\\s+(?[\\d]*)\" nodrop\n| parse regex field=query_block \"SET timestamp=(?\\d*);\\n(?[\\s\\S]*);\" nodrop\n| parse regex field=sql_cmd \"[^a-zA-Z]*(?[a-zA-Z]+)\\s*\"\n| fields -query_block\n| num (query_time)\n| count as frequency, sum(query_time) as total_time, min(query_time) as min_time, max(query_time) as max_time, avg(query_time) as avg_time, avg(rows_examined) as avg_rows_examined, avg(rows_sent) as avg_rows_sent, avg(Lock_Time) as avg_lock_time group by sql_cmd, dbidentifier\n| 5 as threshold // customize if need different value. As an example, query taking more than 5 Seconds is considered as Excessive Slow.\n| where avg_time > threshold\n| sort by avg_time, frequency asc" } ], "triggers": [ { - "detectionMethod": "LogsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 0, - "thresholdType": "GreaterThan", - "field": null + "timeRange": "-10m", + "threshold": 1, + "thresholdType": "GreaterThanOrEqual", + "field": null, + "occurrenceType": "ResultCount", + "triggerSource": "AllResults", + "minDataPoints": null }, { - "detectionMethod": "LogsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 0, - "thresholdType": "LessThanOrEqual", - "field": null + "timeRange": "-10m", + "threshold": 1, + "thresholdType": "LessThan", + "field": null, + "occurrenceType": "ResultCount", + "triggerSource": "AllResults", + "minDataPoints": null } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": true, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS Lambda - High Percentage of Failed Requests", - "description": "This alert fires when we detect a large number of failed Lambda requests (>5%) within an interval of 5 minutes.", + "name": "AWS DynamoDB - High Max Provisioned Table Read Capacity", + "description": "This alert fires when we detect that the average percentage of read provisioned capacity used by the highest read provisioned table of an account for a time interval of 5 minutes is great than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -610,15 +636,7 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/lambda metric=Errors Statistic=Sum account=* region=* functionname=* | sum by functionname, account, region, namespace" - }, - { - "rowId": "B", - "query": "Namespace=aws/lambda metric=Invocations Statistic=Sum account=* region=* functionname=* | sum by functionname, account, region, namespace" - }, - { - "rowId": "C", - "query": "#A * 100 / #B along functionname, account, region, namespace" + "query": "Namespace=aws/dynamodb metric=MaxProvisionedTableReadCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account" } ], "triggers": [ @@ -627,7 +645,7 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 5, + "threshold": 80, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -639,7 +657,7 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 5, + "threshold": 80, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -647,16 +665,19 @@ "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "Amazon RDS - Low Aurora Buffer Cache Hit Ratio", - "description": "This alert fires when the average RDS Aurora buffer cache hit ratio within a 5 minute interval is low (<= 50%). This indicates that a lower percentage of requests were are served by the buffer cache, which could further indicate a degradation in application performance.", + "name": "AWS Classic Load Balancer - High 4XX Errors", + "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -666,45 +687,52 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/rds metric=BufferCacheHitRatio statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" + "query": "Namespace=aws/elb metric=HTTPCode_ELB_4XX Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace" + }, + { + "rowId": "B", + "query": "Namespace=aws/elb metric=RequestCount Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace" + }, + { + "rowId": "C", + "query": "#A * 100 / #B along loadbalancername, account, region, namespace" } ], "triggers": [ { - "detectionMethod": "StaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 50, - "thresholdType": "LessThanOrEqual", - "field": null, + "threshold": 5, + "thresholdType": "GreaterThanOrEqual", "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", "minDataPoints": 2 }, { - "detectionMethod": "StaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 50, - "thresholdType": "GreaterThan", - "field": null, + "threshold": 5, + "thresholdType": "LessThan", "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS Lambda - Low Provisioned Concurrency Utilization", - "description": "This alert fires when the average provisioned concurrency utilization for 5 minutes is low (<= 50%). This indicates low provisioned concurrency utilization efficiency.", + "name": "Amazon RDS - High Write Latency", + "description": "This alert fires when the average write latency of a database within a 5 minute interval is high (>=5 seconds) . High write latencies will affect the performance of your application.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -714,7 +742,7 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/lambda metric=ProvisionedConcurrencyUtilization statistic=Average account=* region=* functionname=* | avg by functionname, namespace, region, account" + "query": "Namespace=aws/rds metric=WriteLatency statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" } ], "triggers": [ @@ -723,8 +751,8 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 50, - "thresholdType": "LessThanOrEqual", + "threshold": 5, + "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries", @@ -735,24 +763,27 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 50, - "thresholdType": "GreaterThan", + "threshold": 5, + "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries", "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "Amazon Elasticache - Low Redis Cache Hit Rate", - "description": "This alert fires when the average cache hit rate for Redis within a 5 minute interval is low (<= 80%). This indicates low efficiency of the Redis instance. If cache ratio is lower than 80%, that indicates a significant amount of keys are either evicted, expired, or don't exist.", + "name": "Amazon Elasticache - High CPU Utilization", + "description": "This alert fires when the average CPU utilization within a 5 minute interval for a host is high (>=90%). The CPUUtilization metric includes total CPU utilization across application, operating system and management processes. We highly recommend monitoring CPU utilization for hosts with two vCPUs or less.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -762,7 +793,7 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/elasticache metric=CacheHitRate statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId" + "query": "Namespace=aws/elasticache metric=CPUUtilization statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by CacheClusterId, CacheNodeId, account, region, namespace" } ], "triggers": [ @@ -771,8 +802,8 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 80, - "thresholdType": "LessThanOrEqual", + "threshold": 90, + "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries", @@ -783,70 +814,74 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 80, - "thresholdType": "GreaterThan", + "threshold": 90, + "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries", "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS SQS - Message processing not fast enough", - "description": "This alert fires when we detect message processing is not fast enough. That is, the average approximate age of the oldest non-deleted message in the queue is more than 5 seconds for an interval of 5 minutes.", + "name": "Amazon RDS MySQL - High Authentication Failure", + "description": "This alert fires when we detect more then 10 authentication failure over a 5 minute time-period", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Metrics", - "evaluationDelay": "4m", + "monitorType": "Logs", + "evaluationDelay": "0m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "metric=ApproximateAgeOfOldestMessage Statistic=avg region=* account=* queuename=* namespace=aws/sqs | avg by account,region,namespace,queuename " + "query": "account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*Error \"Access denied for user\"\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \" [*] \" as LogLevel\n| parse field=message \" * [Note] Access denied for user '*'@'*' (using *: *)\" as requestid, user, host, authenticationType, flag nodrop\n| parse field=message \"[Warning] Access denied for user '*'@'*' (using *: *)\" as user, host, authenticationType, flag nodrop" } ], "triggers": [ { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 5, + "threshold": 10, "thresholdType": "GreaterThan", - "occurrenceType": "Always", - "minDataPoints": 3 + "field": null }, { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 5, + "threshold": 10, "thresholdType": "LessThanOrEqual", - "occurrenceType": "Always", - "minDataPoints": 3 + "field": null } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": true, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS EC2 - High Memory Utilization", - "description": "This alert fires when the average memory utilization within a 5 minute interval for an EC2 instance is high (>=85%).", + "name": "AWS Application Load Balancer - Access from Highly Malicious Sources", + "description": "This alert fires when an Application load balancer is accessed from highly malicious IP addresses within last 5 minutes", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Metrics", + "monitorType": "Logs", "evaluationDelay": "0m", "alertName": null, "runAs": null, @@ -854,7 +889,7 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/ec2 metric=Mem_UsedPercent account=* region=* instanceid=* | avg by account, region, namespace, instanceid" + "query": "account=* region=* namespace=aws/applicationelb\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, loadbalancer, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, loadbalancer, account, region, namespace, MaliciousConfidence, Actor, LabelName" } ], "triggers": [ @@ -863,36 +898,39 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 85, - "thresholdType": "GreaterThanOrEqual", + "threshold": 0, + "thresholdType": "GreaterThan", "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", - "minDataPoints": 2 + "occurrenceType": "ResultCount", + "triggerSource": "AllResults", + "minDataPoints": null }, { "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 85, - "thresholdType": "LessThan", + "threshold": 0, + "thresholdType": "LessThanOrEqual", "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", - "minDataPoints": 2 + "occurrenceType": "ResultCount", + "triggerSource": "AllResults", + "minDataPoints": null } ], + "timeZone": null, "notifications": [], "isDisabled": true, - "groupNotifications": false, + "groupNotifications": true, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS SNS - Failed Notifications", - "description": "This alert fires where there are many failed notifications (>2) within an interval of 5 minutes.", + "name": "Amazon Elasticache - High Redis Database Memory Usage", + "description": "This alert fires when the average database memory usage within a 5 minute interval for the Redis engine is high (>=95%). When the value reaches 100%, eviction may happen or write operations may fail based on ElastiCache policies thereby impacting application performance.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -902,41 +940,99 @@ "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/sns TopicName=* metric=NumberOfNotificationsFailed Statistic=Sum | sum by account, region, TopicName" + "query": "Namespace=aws/elasticache metric=DatabaseMemoryUsagePercentage statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId" } ], "triggers": [ { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 2, - "thresholdType": "GreaterThan", + "threshold": 95, + "thresholdType": "GreaterThanOrEqual", + "field": null, "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", "minDataPoints": 2 }, { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 2, - "thresholdType": "LessThanOrEqual", + "threshold": 95, + "thresholdType": "LessThan", + "field": null, "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", "minDataPoints": 2 } ], + "timeZone": null, + "notifications": [], + "isDisabled": true, + "groupNotifications": false, + "playbook": "", + "sloId": null, + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] + }, + { + "name": "AWS DynamoDB - Multiple Tables deleted", + "description": "This alert fires when five or more tables are deleted within 15 minutes.", + "type": "MonitorsLibraryMonitorExport", + "monitorType": "Logs", + "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], + "queries": [ + { + "rowId": "A", + "query": "account=* region=* namespace=aws/dynamodb eventSource \"dynamodb.amazonaws.com\"\n| json \"eventSource\", \"eventName\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as event_source, event_name, tablename, SourceIp, UserName, ContextUserName nodrop\n| where event_source = \"dynamodb.amazonaws.com\" and event_name = \"DeleteTable\"\n| if (isEmpty(UserName), ContextUserName, UserName) as user\n| count by _messageTime, account, region, namespace, event_name, user, tablename\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS Z\") as message_date\n| fields message_date, account, region, namespace, event_name, user, tablename\n| fields -_messageTime" + } + ], + "triggers": [ + { + "detectionMethod": "StaticCondition", + "triggerType": "Critical", + "resolutionWindow": null, + "timeRange": "-15m", + "threshold": 5, + "thresholdType": "GreaterThanOrEqual", + "field": null, + "occurrenceType": "ResultCount", + "triggerSource": "AllResults", + "minDataPoints": null + }, + { + "detectionMethod": "StaticCondition", + "triggerType": "ResolvedCritical", + "resolutionWindow": null, + "timeRange": "-15m", + "threshold": 5, + "thresholdType": "LessThan", + "field": null, + "occurrenceType": "ResultCount", + "triggerSource": "AllResults", + "minDataPoints": null + } + ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": true, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "Amazon RDS - High Read Latency", - "description": "This alert fires when the average read latency of a database within a 5 minutes time inerval is high (>=5 seconds). High read latency will affect the performance of your application.", + "name": "AWS DynamoDB - High Max Provisioned Table Write Capacity", + "description": "This alert fires when we detect that the average percentage of write provisioned capacity used by the highest write provisioned table of an account for a time interval of 5 minutes is great than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -946,7 +1042,7 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/rds metric=ReadLatency statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" + "query": "Namespace=aws/dynamodb metric=MaxProvisionedTableWriteCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account" } ], "triggers": [ @@ -955,7 +1051,7 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 5, + "threshold": 80, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -967,7 +1063,7 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 5, + "threshold": 80, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -975,16 +1071,19 @@ "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS SQS - Messages not processed", - "description": "This alert fires when we detect messages that have been received by a consumer, but have not been processed (deleted/failed). That is, the average number of messages that are in flight are >=20 for an interval of 5 minutes.", + "name": "AWS Lambda - Throttling", + "description": "This alert fires when we detect a Lambda running into throttling within an interval of 10 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -994,7 +1093,7 @@ "queries": [ { "rowId": "A", - "query": "metric=ApproximateNumberOfMessagesNotVisible Statistic=avg region = * account=* queuename=* namespace=aws/sqs | avg by account, region, namespace, queuename " + "query": "Namespace=aws/lambda metric=Throttles statistic=average account=* region=* functionname=* Resource=* | avg by account, region,namespace, functionname " } ], "triggers": [ @@ -1002,33 +1101,36 @@ "detectionMethod": "MetricsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 20, - "thresholdType": "GreaterThanOrEqual", + "timeRange": "-10m", + "threshold": 0, + "thresholdType": "GreaterThan", "occurrenceType": "Always", - "minDataPoints": 3 + "minDataPoints": 2 }, { "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 20, - "thresholdType": "LessThan", + "timeRange": "-10m", + "threshold": 0, + "thresholdType": "LessThanOrEqual", "occurrenceType": "Always", - "minDataPoints": 3 + "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, - "groupNotifications": true, + "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS Application Load Balancer - High 4XX Errors", - "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.", + "name": "Amazon RDS - Low Aurora Buffer Cache Hit Ratio", + "description": "This alert fires when the average RDS Aurora buffer cache hit ratio within a 5 minute interval is low (<= 50%). This indicates that a lower percentage of requests were are served by the buffer cache, which could further indicate a degradation in application performance.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -1038,15 +1140,7 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/applicationelb metric=HTTPCode_ELB_4XX_Count Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace" - }, - { - "rowId": "B", - "query": "Namespace=aws/applicationelb metric=RequestCount Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace" - }, - { - "rowId": "C", - "query": "#A * 100 / #B along loadbalancer, account, region, namespace" + "query": "Namespace=aws/rds metric=BufferCacheHitRatio statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" } ], "triggers": [ @@ -1055,8 +1149,8 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 5, - "thresholdType": "GreaterThanOrEqual", + "threshold": 50, + "thresholdType": "LessThanOrEqual", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries", @@ -1067,24 +1161,27 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 5, - "thresholdType": "LessThan", + "threshold": 50, + "thresholdType": "GreaterThan", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries", "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS Network Load Balancer - High TLS Negotiation Errors", - "description": "This alert fires when we detect that there are too many TLS Negotiation Errors (>=10%) within an interval of 5 minutes for a given network load balancer", + "name": "Amazon Elasticache - Low Redis Cache Hit Rate", + "description": "This alert fires when the average cache hit rate for Redis within a 5 minute interval is low (<= 80%). This indicates low efficiency of the Redis instance. If cache ratio is lower than 80%, that indicates a significant amount of keys are either evicted, expired, or don't exist.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -1094,15 +1191,7 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/NetworkELB metric=ClientTLSNegotiationErrorCount Statistic=sum account=* region=* LoadBalancer=* | sum by LoadBalancer, account, region, namespace" - }, - { - "rowId": "B", - "query": "Namespace=aws/NetworkELB metric=TargetTLSNegotiationErrorCount Statistic=sum account=* region=* LoadBalancer=* | sum by LoadBalancer, account, region, namespace" - }, - { - "rowId": "C", - "query": "(#A + #B) along LoadBalancer, account, region, namespace" + "query": "Namespace=aws/elasticache metric=CacheHitRate statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId" } ], "triggers": [ @@ -1111,8 +1200,8 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 10, - "thresholdType": "GreaterThanOrEqual", + "threshold": 80, + "thresholdType": "LessThanOrEqual", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries", @@ -1123,78 +1212,127 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 10, - "thresholdType": "LessThan", + "threshold": 80, + "thresholdType": "GreaterThan", "field": null, "occurrenceType": "Always", "triggerSource": "AnyTimeSeries", "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS SQS - Queue has stopped receiving messages", - "description": "This alert fires when we detect that the queue has stopped receiving messages. That is, the average number of messages received in the queue <1 for an interval of 30 minutes.", + "name": "AWS API Gateway - High Integration Errors", + "description": "This alert fires where there are too many API requests (>5%) with integration errors within 5 minutes.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Metrics", - "evaluationDelay": "4m", + "monitorType": "Logs", + "evaluationDelay": "1m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "metric=NumberOfMessagesReceived Statistic=avg region=* account=* queuename=* namespace=aws/sqs | avg by account, region, namespace, queuename " + "query": "account=* region=* namespace=aws/apigateway apiname=* apiid stage domainname requestId integrationError\n| json \"status\", \"integrationError\", \"apiid\", \"stage\" as status, integrationError, apiid, stage \n| if (!(integrationError matches \"-\") and !(status matches \"2*\"), 1, 0) as is_integrationError\n| sum(is_integrationError) as integrationError_count, count as totalRequests by apiid, stage\n| (integrationError_count*100/totalRequests) as integrationError_percent\n| fields integrationError_percent, apiid, stage" } ], "triggers": [ { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-30m", - "threshold": 1, - "thresholdType": "LessThan", - "occurrenceType": "Always", - "minDataPoints": 3 + "timeRange": "-5m", + "threshold": 5, + "thresholdType": "GreaterThan", + "field": "integrationError_percent" }, { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "ResolvedCritical", + "resolutionWindow": "-5m", + "timeRange": "-5m", + "threshold": 5, + "thresholdType": "LessThanOrEqual", + "field": "integrationError_percent" + } + ], + "timeZone": "Asia/Kolkata", + "notifications": [], + "isDisabled": true, + "groupNotifications": true, + "playbook": "", + "sloId": null, + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] + }, + { + "name": "Amazon RDS MSSQL - Authentication failures from the same client IP on multiple databases", + "description": "This alert fires when we detect specific client IP attempting authentication failures on more than or equal to 10 databases over a 15 minute time-period.", + "type": "MonitorsLibraryMonitorExport", + "monitorType": "Logs", + "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], + "queries": [ + { + "rowId": "A", + "query": "account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*Error Logon Login failed for user\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* Logon Login failed for user '*'. Reason: * [CLIENT: *]\" as time, user, reason, client_ip\n| count_distinct(dbidentifier) as unique_db by client_ip\n| 10 as threshold\n| where unique_db >= threshold\n| sort by unique_db, client_ip asc\n| fields - threshold" + } + ], + "triggers": [ + { + "detectionMethod": "LogsStaticCondition", + "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-30m", + "timeRange": "-15m", "threshold": 1, - "thresholdType": "GreaterThanOrEqual", - "occurrenceType": "Always", - "minDataPoints": 3 + "thresholdType": "GreaterThan", + "field": null + }, + { + "detectionMethod": "LogsStaticCondition", + "triggerType": "ResolvedCritical", + "resolutionWindow": "-15m", + "timeRange": "-15m", + "threshold": 1, + "thresholdType": "LessThanOrEqual", + "field": null } ], + "timeZone": "Asia/Kolkata", "notifications": [], "isDisabled": true, "groupNotifications": true, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS EC2 - High Disk Utilization", - "description": "This alert fires when the average disk utilization within a 5 minute time interval for an EC2 instance is high (>=85%).", + "name": "Amazon Elasticache - High Redis Memory Fragmentation Ratio", + "description": "This alert fires when the average Redis memory fragmentation ratio for within a 5 minute interval is high (>=1.5). Value equal to or greater than 1.5 Indicate significant memory fragmentation.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", - "evaluationDelay": "0m", + "evaluationDelay": "4m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/ec2 metric=Disk_UsedPercent account=* region=* instanceid=* | avg by account, region, namespace, instanceid, devname" + "query": "Namespace=aws/elasticache metric=MemoryFragmentationRatio statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId" } ], "triggers": [ @@ -1203,7 +1341,7 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 85, + "threshold": 1.5, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -1215,7 +1353,7 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 85, + "threshold": 1.5, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -1223,18 +1361,21 @@ "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS DynamoDB - Multiple Tables deleted", - "description": "This alert fires when five or more tables are deleted within 15 minutes.", + "name": "AWS EC2 - High Memory Utilization", + "description": "This alert fires when the average memory utilization within a 5 minute interval for an EC2 instance is high (>=85%).", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Logs", + "monitorType": "Metrics", "evaluationDelay": "0m", "alertName": null, "runAs": null, @@ -1242,7 +1383,7 @@ "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/dynamodb eventSource \"dynamodb.amazonaws.com\"\n| json \"eventSource\", \"eventName\", \"requestParameters.tableName\", \"sourceIPAddress\", \"userIdentity.userName\", \"userIdentity.sessionContext.sessionIssuer.userName\" as event_source, event_name, tablename, SourceIp, UserName, ContextUserName nodrop\n| where event_source = \"dynamodb.amazonaws.com\" and event_name = \"DeleteTable\"\n| if (isEmpty(UserName), ContextUserName, UserName) as user\n| count by _messageTime, account, region, namespace, event_name, user, tablename\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS Z\") as message_date\n| fields message_date, account, region, namespace, event_name, user, tablename\n| fields -_messageTime" + "query": "Namespace=aws/ec2 metric=Mem_UsedPercent account=* region=* instanceid=* | avg by account, region, namespace, instanceid" } ], "triggers": [ @@ -1250,37 +1391,40 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-15m", - "threshold": 5, + "timeRange": "-5m", + "threshold": 85, "thresholdType": "GreaterThanOrEqual", "field": null, - "occurrenceType": "ResultCount", - "triggerSource": "AllResults", - "minDataPoints": null + "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", + "minDataPoints": 2 }, { "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, - "timeRange": "-15m", - "threshold": 5, + "timeRange": "-5m", + "threshold": 85, "thresholdType": "LessThan", "field": null, - "occurrenceType": "ResultCount", - "triggerSource": "AllResults", - "minDataPoints": null + "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", + "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, - "groupNotifications": true, + "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS Classic Load Balancer - High 4XX Errors", - "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.", + "name": "AWS Application Load Balancer - High 5XX Errors", + "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -1290,59 +1434,66 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/elb metric=HTTPCode_ELB_4XX Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace" + "query": "Namespace=aws/applicationelb metric=HTTPCode_ELB_5XX_Count Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace" }, { "rowId": "B", - "query": "Namespace=aws/elb metric=RequestCount Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace" + "query": "Namespace=aws/applicationelb metric=RequestCount Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace" }, { "rowId": "C", - "query": "#A * 100 / #B along loadbalancername, account, region, namespace" + "query": "#A * 100 / #B along loadbalancer, account, region, namespace" } ], "triggers": [ { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", "threshold": 5, "thresholdType": "GreaterThanOrEqual", + "field": null, "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", "minDataPoints": 2 }, { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", "threshold": 5, "thresholdType": "LessThan", + "field": null, "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS DynamoDB - High Max Provisioned Table Read Capacity", - "description": "This alert fires when we detect that the average percentage of read provisioned capacity used by the highest read provisioned table of an account for a time interval of 5 minutes is great than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.", + "name": "AWS EC2 - High System CPU Utilization", + "description": "This alert fires when the average system CPU utilization within a 5 minute interval for an EC2 instance is high (>=85%).", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", - "evaluationDelay": "4m", + "evaluationDelay": "0m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/dynamodb metric=MaxProvisionedTableReadCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account" + "query": "Namespace=aws/ec2 metric=CPU_Sys account=* region=* instanceid=* | avg by account, region, namespace, instanceid" } ], "triggers": [ @@ -1351,7 +1502,7 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 80, + "threshold": 85, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -1363,7 +1514,7 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 80, + "threshold": 85, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -1371,64 +1522,64 @@ "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "Amazon Elasticache - High Redis Database Memory Usage", - "description": "This alert fires when the average database memory usage within a 5 minute interval for the Redis engine is high (>=95%). When the value reaches 100%, eviction may happen or write operations may fail based on ElastiCache policies thereby impacting application performance.", + "name": "AWS SNS - Failed Events", + "description": "This alert fires when an SNS app has high number of failed events (>5) within last 5 minutes", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Metrics", - "evaluationDelay": "4m", + "monitorType": "Logs", + "evaluationDelay": "0m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/elasticache metric=DatabaseMemoryUsagePercentage statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId" + "query": "account=* region=* namespace=aws/sns \"\\\"eventsource\\\":\\\"sns.amazonaws.com\\\"\" errorCode\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"sourceIPAddress\", \"userAgent\", \"eventType\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"requestID\", \"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, src_ip, user_agent, event_type, recipient_account_id, requestParameters, responseElements, request_id, error_code, error_message nodrop\n| where event_source = \"sns.amazonaws.com\" and !isblank(error_code)\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\" as accountid, type, arn, username nodrop\n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| json field=requestParameters \"topicArn\", \"name\", \"resourceArn\", \"subscriptionArn\" as req_topic_arn, req_topic_name, resource_arn, subscription_arn nodrop \n| json field=responseElements \"topicArn\" as res_topic_arn nodrop\n| if (isBlank(req_topic_arn), res_topic_arn, req_topic_arn) as topic_arn\n| if (isBlank(topic_arn), resource_arn, topic_arn) as topic_arn\n| parse field=topic_arn \"arn:aws:sns:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp nodrop\n| parse field=subscription_arn \"arn:aws:sns:*:*:*:*\" as region_temp, accountid_temp, topic_arn_name_temp, arn_value_temp nodrop\n| if (isBlank(req_topic_name), topic_arn_name_temp, req_topic_name) as topicname\n| if (isBlank(accountid), recipient_account_id, accountid) as accountid\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status\n| if (isEmpty(username), user, username) as user\n| count as event_count by event_name, error_code, error_message, region, src_ip, accountid, user, type, request_id, topicname, topic_arn, user_agent\n" } ], "triggers": [ { - "detectionMethod": "StaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 95, - "thresholdType": "GreaterThanOrEqual", - "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", - "minDataPoints": 2 + "threshold": 5, + "thresholdType": "GreaterThan", + "field": null }, { - "detectionMethod": "StaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 95, - "thresholdType": "LessThan", - "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", - "minDataPoints": 2 + "threshold": 5, + "thresholdType": "LessThanOrEqual", + "field": null } ], + "timeZone": null, "notifications": [], "isDisabled": true, - "groupNotifications": false, + "groupNotifications": true, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "Amazon ECS - High CPU Utilization", - "description": "This alert fires when the average CPU utilization within a 5 minute interval for a service within a cluster is high (>=85%).", + "name": "AWS Network Load Balancer - High Unhealthy Hosts", + "description": "This alert fires when we detect that are there are too many unhealthy hosts (>=10%) within an interval of 5 minutes for a given network load balancer", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -1438,7 +1589,15 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/ecs metric=CPUUtilization statistic=Average account=* region=* ClusterName=* ServiceName=* | avg by ClusterName, ServiceName, account, region, namespace" + "query": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=sum account=* region=* LoadBalancer=* AvailabilityZone=* | sum by LoadBalancer, AvailabilityZone, account, region, namespace" + }, + { + "rowId": "B", + "query": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=sum account=* region=* LoadBalancer=* AvailabilityZone=* | sum by LoadBalancer, AvailabilityZone, account, region, namespace" + }, + { + "rowId": "C", + "query": "#A * 100 / (#A + #B) along LoadBalancer, AvailabilityZone, account, region, namespace" } ], "triggers": [ @@ -1447,7 +1606,7 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 85, + "threshold": 10, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -1459,7 +1618,7 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 85, + "threshold": 10, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -1467,16 +1626,19 @@ "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "Amazon Elasticache - High Redis Memory Fragmentation Ratio", - "description": "This alert fires when the average Redis memory fragmentation ratio for within a 5 minute interval is high (>=1.5). Value equal to or greater than 1.5 Indicate significant memory fragmentation.", + "name": "AWS SNS - Notification to DLQ", + "description": "This alert fires when an SNS topic messages are moved to a dead-letter queue.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -1486,45 +1648,44 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/elasticache metric=MemoryFragmentationRatio statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by account, region, namespace, CacheClusterId, CacheNodeId" + "query": "account=* region=* namespace=aws/sns topicname=* metric=NumberOfNotificationsRedrivenToDlq statistic=sum | sum by account, region, namespace, topicname " } ], "triggers": [ { - "detectionMethod": "StaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 1.5, - "thresholdType": "GreaterThanOrEqual", - "field": null, + "threshold": 0, + "thresholdType": "GreaterThan", "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", "minDataPoints": 2 }, { - "detectionMethod": "StaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 1.5, - "thresholdType": "LessThan", - "field": null, + "threshold": 0, + "thresholdType": "LessThanOrEqual", "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "Amazon Elasticache - High CPU Utilization", - "description": "This alert fires when the average CPU utilization within a 5 minute interval for a host is high (>=90%). The CPUUtilization metric includes total CPU utilization across application, operating system and management processes. We highly recommend monitoring CPU utilization for hosts with two vCPUs or less.", + "name": "AWS DynamoDB - High Account Provisioned Read Capacity", + "description": "This alert fires when we detect that the average read capacity provisioned for an account for a time interval of 5 minutes is greater than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -1534,7 +1695,7 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/elasticache metric=CPUUtilization statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by CacheClusterId, CacheNodeId, account, region, namespace" + "query": "Namespace=aws/dynamodb metric=AccountProvisionedReadCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account" } ], "triggers": [ @@ -1543,7 +1704,7 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 90, + "threshold": 80, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -1555,7 +1716,7 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 90, + "threshold": 80, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -1563,16 +1724,19 @@ "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS DynamoDB - High Account Provisioned Read Capacity", - "description": "This alert fires when we detect that the average read capacity provisioned for an account for a time interval of 5 minutes is greater than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.", + "name": "Amazon RDS - High CPU Utilization", + "description": "This alert fires when we detect that the average CPU utilization for a database is high (>=85%) for an interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -1582,7 +1746,7 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/dynamodb metric=AccountProvisionedReadCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account" + "query": "Namespace=aws/rds metric=CPUUtilization statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" } ], "triggers": [ @@ -1591,7 +1755,7 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 80, + "threshold": 85, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -1603,7 +1767,7 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 80, + "threshold": 85, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -1611,26 +1775,29 @@ "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS SQS - Access from highly malicious sources", - "description": "This alert fires when an AWS - SQS resource is accessed from highly malicious IP addresses within last 5 minutes", + "name": "AWS API Gateway - High Authorizer Errors", + "description": "This alert fires where there are too many API requests (>5%) with authorizer errors within 5 minutes", "type": "MonitorsLibraryMonitorExport", "monitorType": "Logs", - "evaluationDelay": "0m", + "evaluationDelay": "1m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=\"aws/sqs\" eventname eventsource \"sqs.amazonaws.com\" sourceIPAddress\n| json \"userIdentity\", \"eventSource\", \"eventName\", \"awsRegion\", \"recipientAccountId\", \"requestParameters\", \"responseElements\", \"sourceIPAddress\",\"errorCode\", \"errorMessage\" as userIdentity, event_source, event_name, region, recipient_account_id, requestParameters, responseElements, src_ip, error_code, error_message nodrop\n| json field=userIdentity \"accountId\", \"type\", \"arn\", \"userName\" as accountid, type, arn, username nodrop\n| json field=requestParameters \"queueUrl\" as queueUrlReq nodrop \n| json field=responseElements \"queueUrl\" as queueUrlRes nodrop\n| where event_source=\"sqs.amazonaws.com\" and !(src_ip matches \"*.amazonaws.com\")\n| if(event_name=\"CreateQueue\", queueUrlRes, queueUrlReq) as queueUrl \n| parse regex field=queueUrl \"(?[^\\/]*$)\"\n| if (isBlank(recipient_account_id), accountid, recipient_account_id) as accountid\n| if (isEmpty(error_code), \"Success\", \"Failure\") as event_status \n| count as ip_count by src_ip\n| lookup type, actor, raw, threatlevel as malicious_confidence from sumo://threat/cs on threat=src_ip\n| json field=raw \"labels[*].name\" as label_name \n| replace(label_name, \"\\\\/\",\"->\") as label_name\n| replace(label_name, \"\\\"\",\" \") as label_name\n| if (isEmpty(actor), \"Unassigned\", actor) as actor\n| where type=\"ip_address\" and malicious_confidence = \"high\"\n| sort by ip_count, src_ip\n| fields src_ip, malicious_confidence, actor, label_name" + "query": "account=* region=* namespace=aws/apigateway apiname=* apiid stage domainname requestId authorizerError\n| json \"status\", \"authorizerError\", \"apiid\", \"stage\" as status, authorizerError, apiid, stage \n| if (!(authorizerError matches \"-\") and !(status matches \"2*\"), 1, 0) as is_authorizerError\n| sum(is_authorizerError) as is_authorizerError_count, count as totalRequests by apiid, stage\n| (is_authorizerError_count*100/totalRequests) as authorizerError_percent\n| fields authorizerError_percent, apiid, stage\n" } ], "triggers": [ @@ -1639,30 +1806,33 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0, + "threshold": 5, "thresholdType": "GreaterThan", - "field": null + "field": "authorizerError_percent" }, { "detectionMethod": "LogsStaticCondition", "triggerType": "ResolvedCritical", - "resolutionWindow": null, + "resolutionWindow": "-5m", "timeRange": "-5m", - "threshold": 0, + "threshold": 5, "thresholdType": "LessThanOrEqual", - "field": null + "field": "authorizerError_percent" } ], + "timeZone": "Asia/Kolkata", "notifications": [], "isDisabled": true, "groupNotifications": true, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS Classic Load Balancer - High 5XX Errors", - "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.", + "name": "AWS EC2 CW - High CPU Utilization", + "description": "This alert fires when the average CPU Utilization based on cloud watch metrics, within a 5 minute interval for an EC2 instance is high (>=85%).", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -1672,15 +1842,7 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/elb metric=HTTPCode_ELB_5XX Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace" - }, - { - "rowId": "B", - "query": "Namespace=aws/elb metric=RequestCount Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace" - }, - { - "rowId": "C", - "query": "#A * 100 / #B along loadbalancername, account, region, namespace" + "query": "account=* region=* namespace=aws/ec2 metric=CPUUtilization instanceid=* statistic=average | avg by account, region, namespace, instanceid" } ], "triggers": [ @@ -1689,8 +1851,8 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 5, - "thresholdType": "GreaterThanOrEqual", + "threshold": 85, + "thresholdType": "GreaterThan", "occurrenceType": "Always", "minDataPoints": 2 }, @@ -1699,22 +1861,25 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 5, - "thresholdType": "LessThan", + "threshold": 85, + "thresholdType": "LessThanOrEqual", "occurrenceType": "Always", "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS Classic Load Balancer - Access from Highly Malicious Sources", - "description": "This alert fires when the Classic load balancer is accessed from highly malicious IP addresses within last 5 minutes.", + "name": "Amazon RDS PostgreSQL - High Errors", + "description": "This alert fires when we detect high rate (>10) of error/fatal logs in Postgres logs over a 5 minutes time period", "type": "MonitorsLibraryMonitorExport", "monitorType": "Logs", "evaluationDelay": "0m", @@ -1724,7 +1889,7 @@ "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/elb\n| parse \"* * * * * * * * * * * \\\"*\\\" \\\"*\\\" * *\" as datetime, loadbalancername, client, backend, request_processing_time, backend_processing_time, response_processing_time, elb_status_code, backend_status_code, received_bytes, sent_bytes, request, user_agent, ssl_cipher, ssl_protocol\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, loadbalancername, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, loadbalancername, account, region, namespace, MaliciousConfidence, Actor, LabelName" + "query": "account=* region=* namespace=aws/rds _sourceHost=/aws/rds/*postgresql dbidentifier=* (\"ERROR\" OR \"FATAL\")\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* * *:*(*):*@*:[*]:*:*\" as date,time,time_zone,host,threadid,user,database,processid,severity,msg \n| where severity IN (\"ERROR\", \"FATAL\") " } ], "triggers": [ @@ -1733,7 +1898,7 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0, + "threshold": 10, "thresholdType": "GreaterThan", "field": null }, @@ -1742,23 +1907,26 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0, + "threshold": 10, "thresholdType": "LessThanOrEqual", "field": null } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": true, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS EC2 - High Total CPU Utilization", - "description": "This alert fires when the average total CPU utilization within a 5 minute interval for an EC2 instance is high (>=85%).", + "name": "Amazon RDS PostgreSQL - High Authentication Failure", + "description": "This alert fires when we detect more than 10 authentication failure in Postgres logs over a 5 minute time-period", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Metrics", + "monitorType": "Logs", "evaluationDelay": "0m", "alertName": null, "runAs": null, @@ -1766,45 +1934,42 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/ec2 metric=CPU_Total account=* region=* instanceid=* | avg by account, region, namespace, instanceid" + "query": "account=* region=* namespace=aws/rds _sourceHost=/aws/rds/*postgresql dbidentifier=* \"authentication failed\"\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* * *:*(*):*@*:[*]:*:*\" as date,time,time_zone,host,thread_id,user,database,processid,severity,msg \n| where msg matches \"*authentication failed*\"" } ], "triggers": [ { - "detectionMethod": "StaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 85, - "thresholdType": "GreaterThanOrEqual", - "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", - "minDataPoints": 2 + "threshold": 10, + "thresholdType": "GreaterThan", + "field": null }, { - "detectionMethod": "StaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 85, - "thresholdType": "LessThan", - "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", - "minDataPoints": 2 + "threshold": 10, + "thresholdType": "LessThanOrEqual", + "field": null } ], + "timeZone": null, "notifications": [], "isDisabled": true, - "groupNotifications": false, + "groupNotifications": true, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "Amazon RDS - High Write Latency", - "description": "This alert fires when the average write latency of a database within a 5 minute interval is high (>=5 seconds) . High write latencies will affect the performance of your application.", + "name": "Amazon RDS - Low Free Storage", + "description": "This alert fires when the average free storage space of a RDS instance is low (< 512MB) for an interval of 15 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -1814,45 +1979,44 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/rds metric=WriteLatency statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" + "query": "account=* region=* namespace=aws/rds metric=FreeStorageSpace statistic=average | eval _value/(1024*1024) | avg by dbidentifier, namespace, region, account" } ], "triggers": [ { - "detectionMethod": "StaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 5, - "thresholdType": "GreaterThanOrEqual", - "field": null, + "timeRange": "-15m", + "threshold": 512, + "thresholdType": "LessThan", "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", "minDataPoints": 2 }, { - "detectionMethod": "StaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 5, - "thresholdType": "LessThan", - "field": null, + "timeRange": "-15m", + "threshold": 512, + "thresholdType": "GreaterThanOrEqual", "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "Amazon RDS - High Disk Queue Depth", - "description": "This alert fires when the average disk queue depth for a database is high (>=5) for an interval of 5 minutes. Higher this value, higher will be the number of outstanding I/Os (read/write requests) waiting to access the disk, which will impact the performance of your application.", + "name": "Amazon RDS - Low Freeable Memory", + "description": "This alert fires when the average Freeable memory of an RDS instance is < 128 MB for an interval of 15 minutes. If this value is lower you may need to scale up to a larger instance class.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -1862,93 +2026,89 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/rds metric=DiskQueueDepth statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" + "query": "account=* region=* namespace=aws/rds metric=FreeableMemory statistic=average | eval _value/(1024*1024) | avg by dbidentifier, namespace, region, account" } ], "triggers": [ { - "detectionMethod": "StaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 5, - "thresholdType": "GreaterThanOrEqual", - "field": null, + "timeRange": "-15m", + "threshold": 128, + "thresholdType": "LessThanOrEqual", "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", "minDataPoints": 2 }, { - "detectionMethod": "StaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 5, - "thresholdType": "LessThan", - "field": null, + "timeRange": "-15m", + "threshold": 128, + "thresholdType": "GreaterThan", "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "Amazon ECS - High Memory Utilization", - "description": "This alert fires when the average memory utilization within a 5 minute interval for a service within a cluster is high (>=85%).", + "name": "Amazon RDS MSSQL - Database observing authentication failures from multiple client IPs", + "description": "This alert fires when we detect more than or equal to 10 client IPs attempting authentication failures on the database over a 15-minute period.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Metrics", - "evaluationDelay": "4m", + "monitorType": "Logs", + "evaluationDelay": "0m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/ecs metric=MemoryUtilization statistic=Average account=* region=* ClusterName=* ServiceName=* | avg by ClusterName, ServiceName, account, region, namespace" + "query": "account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*Error Logon Login failed for user\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* Logon Login failed for user '*'. Reason: * [CLIENT: *]\" as time, user, reason, client_ip\n| count_distinct(client_ip) as unique_client_ip by dbidentifier\n| 10 as threshold\n| where unique_client_ip >= threshold\n| sort by unique_client_ip\n| fields - threshold" } ], "triggers": [ { - "detectionMethod": "StaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 85, + "timeRange": "-15m", + "threshold": 1, "thresholdType": "GreaterThanOrEqual", - "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", - "minDataPoints": 2 + "field": null }, { - "detectionMethod": "StaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "ResolvedCritical", - "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 85, + "resolutionWindow": "-15m", + "timeRange": "-15m", + "threshold": 1, "thresholdType": "LessThan", - "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", - "minDataPoints": 2 + "field": null } ], + "timeZone": "Asia/Kolkata", "notifications": [], "isDisabled": true, - "groupNotifications": false, + "groupNotifications": true, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS DynamoDB - High Max Provisioned Table Write Capacity", - "description": "This alert fires when we detect that the average percentage of write provisioned capacity used by the highest write provisioned table of an account for a time interval of 5 minutes is great than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.", + "name": "AWS API Gateway - High Integration Latency", + "description": "This alert fires when we detect the high integration latency for the API requests in a stage within 5 minutes. This alarm is recommended for WebSocket APIs by AWS, and optional for other APIs because they already have separate alarm recommendations for the Latency metric.\nYou can correlate the IntegrationLatency metric value with the corresponding latency metric of your backend such as the Duration metric for Lambda integrations. This helps you determine whether the API backend is taking more time to process requests from clients due to performance issues or if there is some other overhead from initialization or cold start.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -1958,45 +2118,44 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/dynamodb metric=MaxProvisionedTableWriteCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account" + "query": "account=* region=* Namespace=aws/apigateway metric=IntegrationLatency statistic=p90 apiname=* stage=* !(route=*) !(resource=*) | avg by apiname, namespace, region, account, stage" } ], "triggers": [ { - "detectionMethod": "StaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 80, + "threshold": 2000, "thresholdType": "GreaterThanOrEqual", - "field": null, "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", - "minDataPoints": 2 + "minDataPoints": 5 }, { - "detectionMethod": "StaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 80, + "threshold": 2000, "thresholdType": "LessThan", - "field": null, "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", - "minDataPoints": 2 + "minDataPoints": 5 } ], + "timeZone": "Asia/Kolkata", "notifications": [], "isDisabled": true, - "groupNotifications": false, + "groupNotifications": true, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS Application Load Balancer - High 5XX Errors", - "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.", + "name": "AWS Application Load Balancer - High 4XX Errors", + "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 4xx within an interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -2006,7 +2165,7 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/applicationelb metric=HTTPCode_ELB_5XX_Count Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace" + "query": "Namespace=aws/applicationelb metric=HTTPCode_ELB_4XX_Count Statistic=Sum account=* region=* loadbalancer=* | sum by loadbalancer, account, region, namespace" }, { "rowId": "B", @@ -2043,64 +2202,66 @@ "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "Amazon Elasticache - Multiple Failed Operations", - "description": "This alert fires when we detect multiple failed operations within a 15 minute interval for an ElastiCache service.", + "name": "AWS Classic Load Balancer - High Latency", + "description": "This alert fires when we detect that the average latency for a given Classic load balancer within a time interval of 5 minutes is greater than or equal to three seconds.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Logs", - "evaluationDelay": "0m", + "monitorType": "Metrics", + "evaluationDelay": "4m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/elasticache \"\\\"eventSource\\\":\\\"elasticache.amazonaws.com\\\"\" errorCode errorMessage\n| json \"eventSource\", \"errorCode\", \"errorMessage\", \"userIdentity\", \"requestParameters\", \"responseElements\" as event_source, error_code, error_message, user_identity, requestParameters, responseElements nodrop\n| json field=requestParameters \"cacheClusterId\" as req_cacheClusterId nodrop\n| json field=responseElements \"cacheClusterId\" as res_cacheClusterId nodrop\n| json field=user_identity \"arn\", \"userName\" nodrop \n| parse field=arn \":assumed-role/*\" as user nodrop \n| parse field=arn \"arn:aws:iam::*:*\" as accountId, user nodrop\n| if (isEmpty(userName), user, userName) as user\n| if (isEmpty(req_cacheClusterId), res_cacheClusterId, req_cacheClusterId) as cacheclusterid\n| where event_source matches \"elasticache.amazonaws.com\" and !isEmpty(error_code) and !isEmpty(error_message) and !isEmpty(user)\n| count as event_count by _messageTime, account, region, event_source, error_code, error_message, user, cacheclusterid\n| formatDate(_messageTime, \"MM/dd/yyyy HH:mm:ss:SSS Z\") as message_date\n| fields message_date, account, region, event_source, error_code, error_message, user, cacheclusterid\n| fields -_messageTime" + "query": "Namespace=aws/elb metric=Latency Statistic=Average account=* region=* loadbalancername=* | eval(_value*1000) | sum by account, region, namespace, loadbalancername" } ], "triggers": [ { - "detectionMethod": "StaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-15m", - "threshold": 10, + "timeRange": "-5m", + "threshold": 3000, "thresholdType": "GreaterThanOrEqual", - "field": null, - "occurrenceType": "ResultCount", - "triggerSource": "AllResults", - "minDataPoints": null + "occurrenceType": "Always", + "minDataPoints": 2 }, { - "detectionMethod": "StaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, - "timeRange": "-15m", - "threshold": 10, + "timeRange": "-5m", + "threshold": 3000, "thresholdType": "LessThan", - "field": null, - "occurrenceType": "ResultCount", - "triggerSource": "AllResults", - "minDataPoints": null + "occurrenceType": "Always", + "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, - "groupNotifications": true, + "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "Amazon RDS - High CPU Utilization", - "description": "This alert fires when we detect that the average CPU utilization for a database is high (>=85%) for an interval of 5 minutes.", + "name": "AWS DynamoDB - High Account Provisioned Write Capacity", + "description": "This alert fires when we detect that the average write capacity provisioned for an account for a time interval of 5 minutes is greater than or equal to 80%. High values indicate requests to the database are being throttled, which could further indicate that your application may not be working as intended.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -2110,7 +2271,7 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/rds metric=CPUUtilization statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" + "query": "Namespace=aws/dynamodb metric=AccountProvisionedWriteCapacityUtilization statistic=Average account=* region=* | avg by namespace, region, account" } ], "triggers": [ @@ -2119,7 +2280,7 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 85, + "threshold": 80, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -2131,7 +2292,7 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 85, + "threshold": 80, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -2139,16 +2300,19 @@ "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS Classic Load Balancer - High Latency", - "description": "This alert fires when we detect that the average latency for a given Classic load balancer within a time interval of 5 minutes is greater than or equal to three seconds.", + "name": "AWS API Gateway - High Server-Side Errors", + "description": "This alert fires where there are too many API requests (>5%) with server-side errors within 5 minutes.\nThis can be caused by 5xx errors from your integration, permission issues, or other factors preventing successful invocation of the integration, such as the integration being throttled or deleted.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -2158,7 +2322,7 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/elb metric=Latency Statistic=Average account=* region=* loadbalancername=* | eval(_value*1000) | sum by account, region, namespace, loadbalancername" + "query": "Namespace=aws/apigateway (metric=5XX or metric=5xxError or metric=ExecutionError) Statistic=Average account=* region=* apiname=* stage=* !(route=*) !(resource=*) | avg by apiname, namespace, region, account, stage" } ], "triggers": [ @@ -2167,32 +2331,35 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 3000, + "threshold": 0.05, "thresholdType": "GreaterThanOrEqual", "occurrenceType": "Always", - "minDataPoints": 2 + "minDataPoints": 5 }, { "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 3000, + "threshold": 0.05, "thresholdType": "LessThan", "occurrenceType": "Always", - "minDataPoints": 2 + "minDataPoints": 5 } ], + "timeZone": "Asia/Kolkata", "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "Amazon RDS - Low Burst Balance", - "description": "This alert fires when we observe a low burst balance (<= 50%) for a given database. A low burst balance indicates you won't be able to scale up as fast for burstable database workloads on gp2 volumes.", + "name": "AWS Lambda - Low Provisioned Concurrency Utilization", + "description": "This alert fires when the average provisioned concurrency utilization for 5 minutes is low (<= 50%). This indicates low provisioned concurrency utilization efficiency.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -2202,7 +2369,7 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/rds metric=BurstBalance statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" + "query": "Namespace=aws/lambda metric=ProvisionedConcurrencyUtilization statistic=Average account=* region=* functionname=* | avg by functionname, namespace, region, account" } ], "triggers": [ @@ -2231,64 +2398,64 @@ "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "Amazon Elasticache - High Engine CPU Utilization", - "description": "This alert fires when the average CPU utilization for the Redis engine process within a 5 minute interval is high (>=90%). For larger node types with four vCPUs or more, use the EngineCPUUtilization metric to monitor and set thresholds for scaling.", + "name": "AWS Lambda - High Memory Utilization", + "description": "This alert fires when we detect a Lambda execution with memory usage of more than 85% within an interval of 10 minutes.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Metrics", - "evaluationDelay": "4m", + "monitorType": "Logs", + "evaluationDelay": "0m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "Namespace=aws/elasticache metric=EngineCPUUtilization statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by CacheClusterId, CacheNodeId, account, region, namespace" + "query": "account=* region=* Namespace=aws/lambda Memory Size Used\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?[^\\s]+)\\s+Duration:\\s+(?[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?[^\\s]+)\\s+MB\" \n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| avg(MemorySize) as MemorySizeAvg, avg(MaxMemoryUsed) as MaxMemoryUsedAvg by functionname\n| (MaxMemoryUsedAvg/MemorySizeAvg)*100 as memoryUtilization\n| where memoryUtilization>85" } ], "triggers": [ { - "detectionMethod": "StaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 90, - "thresholdType": "GreaterThanOrEqual", - "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", - "minDataPoints": 2 + "timeRange": "-10m", + "threshold": 0, + "thresholdType": "GreaterThan", + "field": null }, { - "detectionMethod": "StaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "ResolvedCritical", - "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 90, - "thresholdType": "LessThan", - "field": null, - "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", - "minDataPoints": 2 + "resolutionWindow": "-10m", + "timeRange": "-10m", + "threshold": 0, + "thresholdType": "LessThanOrEqual", + "field": null } ], + "timeZone": null, "notifications": [], "isDisabled": true, - "groupNotifications": false, + "groupNotifications": true, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS Network Load Balancer - High Unhealthy Hosts", - "description": "This alert fires when we detect that are there are too many unhealthy hosts (>=10%) within an interval of 5 minutes for a given network load balancer", + "name": "AWS API Gateway - Low Traffic API", + "description": "This alert fires where there is low message traffic volume for the API within 5 minutes. \nThis can indicate an issue with the application calling the API such as using incorrect endpoints. It could also indicate an issue with the configuration or permissions of the API making it unreachable for clients. This alarm is not recommended for APIs that don't expect constant and consistent traffic.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -2298,101 +2465,89 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/NetworkELB metric=UnHealthyHostCount Statistic=sum account=* region=* LoadBalancer=* AvailabilityZone=* | sum by LoadBalancer, AvailabilityZone, account, region, namespace" - }, - { - "rowId": "B", - "query": "Namespace=aws/NetworkELB metric=HealthyHostCount Statistic=sum account=* region=* LoadBalancer=* AvailabilityZone=* | sum by LoadBalancer, AvailabilityZone, account, region, namespace" - }, - { - "rowId": "C", - "query": "#A * 100 / (#A + #B) along LoadBalancer, AvailabilityZone, account, region, namespace" + "query": "Namespace=aws/apigateway (metric=ConnectCount OR metric=Count) statistic=SampleCount account=* region=* apiname=* stage=* !(route=*) !(resource=*) | quantize using sum | sum by apiname, namespace, region, account, stage" } ], "triggers": [ { - "detectionMethod": "StaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 10, - "thresholdType": "GreaterThanOrEqual", - "field": null, + "timeRange": "-10m", + "threshold": 1, + "thresholdType": "LessThanOrEqual", "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", - "minDataPoints": 2 + "minDataPoints": 10 }, { - "detectionMethod": "StaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 10, - "thresholdType": "LessThan", - "field": null, + "timeRange": "-10m", + "threshold": 1, + "thresholdType": "GreaterThan", "occurrenceType": "Always", - "triggerSource": "AnyTimeSeries", - "minDataPoints": 2 + "minDataPoints": 10 } ], + "timeZone": "Asia/Kolkata", "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS Application Load Balancer - Access from Highly Malicious Sources", - "description": "This alert fires when an Application load balancer is accessed from highly malicious IP addresses within last 5 minutes", + "name": "AWS API Gateway - High WAF Errors", + "description": "This alert fires where there are too many API requests (>5%) with WAF errors within 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Logs", - "evaluationDelay": "0m", + "evaluationDelay": "1m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/applicationelb\n| parse \"* * * * * * * * * * * * \\\"*\\\" \\\"*\\\" * * * \\\"*\\\"\" as Type, DateTime, loadbalancer, Client, Target, RequestProcessingTime, TargetProcessingTime, ResponseProcessingTime, ElbStatusCode, TargetStatusCode, ReceivedBytes, SentBytes, Request, UserAgent, SslCipher, SslProtocol, TargetGroupArn, TraceId\n| parse regex \"(?\\b\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})\" multi\n| where ClientIp != \"0.0.0.0\" and ClientIp != \"127.0.0.1\"\n| count as ip_count by ClientIp, loadbalancer, account, region, namespace\n| lookup type, actor, raw, threatlevel as MaliciousConfidence from sumo://threat/cs on threat=ClientIp \n| json field=raw \"labels[*].name\" as LabelName \n| replace(LabelName, \"\\\\/\",\"->\") as LabelName\n| replace(LabelName, \"\\\"\",\" \") as LabelName\n| where type=\"ip_address\" and MaliciousConfidence=\"high\"\n| if (isEmpty(actor), \"Unassigned\", actor) as Actor\n| sum (ip_count) as ThreatCount by ClientIp, loadbalancer, account, region, namespace, MaliciousConfidence, Actor, LabelName" + "query": "account=* region=* namespace=aws/apigateway apiname=* apiid stage domainname requestId \n| json \"status\", \"apiid\", \"stage\", \"wafResponseCode\" as status, apiid, stage, wafResponseCode\n| if (wafResponseCode==\"WAF_BLOCK\" and !(status matches \"2*\"), 1, 0) as is_wafError\n| sum(is_wafError) as is_wafError_count, count as totalRequests by apiid, stage\n| (is_wafError_count*100/totalRequests) as wafError_percent\n| fields wafError_percent, apiid, stage" } ], "triggers": [ { - "detectionMethod": "StaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0, + "threshold": 5, "thresholdType": "GreaterThan", - "field": null, - "occurrenceType": "ResultCount", - "triggerSource": "AllResults", - "minDataPoints": null + "field": "wafError_percent" }, { - "detectionMethod": "StaticCondition", + "detectionMethod": "LogsStaticCondition", "triggerType": "ResolvedCritical", - "resolutionWindow": null, + "resolutionWindow": "-5m", "timeRange": "-5m", - "threshold": 0, + "threshold": 5, "thresholdType": "LessThanOrEqual", - "field": null, - "occurrenceType": "ResultCount", - "triggerSource": "AllResults", - "minDataPoints": null + "field": "wafError_percent" } ], + "timeZone": "Asia/Kolkata", "notifications": [], "isDisabled": true, "groupNotifications": true, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS Application Load Balancer - High Latency", - "description": "This alert fires when we detect that the average latency for a given Application load balancer within a time interval of 5 minutes is greater than or equal to three seconds.", + "name": "Amazon ECS - High Memory Utilization", + "description": "This alert fires when the average memory utilization within a 5 minute interval for a service within a cluster is high (>=85%).", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -2402,7 +2557,7 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/applicationelb metric=TargetResponseTime Statistic=Average account=* region=* loadbalancer=* | eval(_value*1000) | sum by account, region, namespace, loadbalancer" + "query": "Namespace=aws/ecs metric=MemoryUtilization statistic=Average account=* region=* ClusterName=* ServiceName=* | avg by ClusterName, ServiceName, account, region, namespace" } ], "triggers": [ @@ -2411,7 +2566,7 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 3000, + "threshold": 85, "thresholdType": "GreaterThanOrEqual", "field": null, "occurrenceType": "Always", @@ -2423,7 +2578,7 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 3000, + "threshold": 85, "thresholdType": "LessThan", "field": null, "occurrenceType": "Always", @@ -2431,16 +2586,19 @@ "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, "playbook": "", "sloId": null, - "monitorTemplateId": null + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] }, { - "name": "AWS EC2 CW - Status Check Failed", - "description": "This alert fires when there is a status check failures within a 5 minute interval for an EC2 instance.", + "name": "AWS DynamoDB - System Errors", + "description": "This alert fires when we detect system errors for a dynamodb table is high (>10) for a time interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -2450,7 +2608,7 @@ "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/ec2 instanceid=* metric=StatusCheckFailed statistic=maximum | filter latest=1 | count by account, region, namespace,instanceid " + "query": "account=* region=* namespace=aws/dynamodb metric=SystemErrors statistic=samplecount | sum " } ], "triggers": [ @@ -2459,7 +2617,7 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0, + "threshold": 10, "thresholdType": "GreaterThan", "occurrenceType": "Always", "minDataPoints": 2 @@ -2469,12 +2627,13 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0, + "threshold": 10, "thresholdType": "LessThanOrEqual", "occurrenceType": "Always", "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, @@ -2485,8 +2644,8 @@ "automatedPlaybookIds": [] }, { - "name": "AWS SNS - Notification to DLQ", - "description": "This alert fires when an SNS topic messages are moved to a dead-letter queue.", + "name": "AWS Classic Load Balancer - High 5XX Errors", + "description": "This alert fires where there are too many HTTP requests (>5%) with a response status of 5xx within an interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -2496,7 +2655,15 @@ "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/sns topicname=* metric=NumberOfNotificationsRedrivenToDlq statistic=sum | sum by account, region, namespace, topicname " + "query": "Namespace=aws/elb metric=HTTPCode_ELB_5XX Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace" + }, + { + "rowId": "B", + "query": "Namespace=aws/elb metric=RequestCount Statistic=Sum account=* region=* loadbalancername=* | sum by loadbalancername, account, region, namespace" + }, + { + "rowId": "C", + "query": "#A * 100 / #B along loadbalancername, account, region, namespace" } ], "triggers": [ @@ -2505,8 +2672,8 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0, - "thresholdType": "GreaterThan", + "threshold": 5, + "thresholdType": "GreaterThanOrEqual", "occurrenceType": "Always", "minDataPoints": 2 }, @@ -2515,12 +2682,13 @@ "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0, - "thresholdType": "LessThanOrEqual", + "threshold": 5, + "thresholdType": "LessThan", "occurrenceType": "Always", "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, @@ -2531,42 +2699,47 @@ "automatedPlaybookIds": [] }, { - "name": "AWS SNS - Notification to DLQ Failure", - "description": "This alert fires when an SNS topic messages that couldn't be moved to a dead-letter queue.", + "name": "AWS EC2 - High Disk Utilization", + "description": "This alert fires when the average disk utilization within a 5 minute time interval for an EC2 instance is high (>=85%).", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", - "evaluationDelay": "4m", + "evaluationDelay": "0m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/sns topicname=* metric=NumberOfNotificationsFailedToRedriveToDlq statistic=sum | sum by account, region, namespace, topicname " + "query": "Namespace=aws/ec2 metric=Disk_UsedPercent account=* region=* instanceid=* | avg by account, region, namespace, instanceid, devname" } ], "triggers": [ { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0, - "thresholdType": "GreaterThan", + "threshold": 85, + "thresholdType": "GreaterThanOrEqual", + "field": null, "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", "minDataPoints": 2 }, { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0, - "thresholdType": "LessThanOrEqual", + "threshold": 85, + "thresholdType": "LessThan", + "field": null, "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, @@ -2613,6 +2786,7 @@ "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, @@ -2623,8 +2797,8 @@ "automatedPlaybookIds": [] }, { - "name": "AWS DynamoDB - High Write Throttle", - "description": "This alert fires when we detect that the total write throttle events for a dynamodb table is high (>5) for a time interval of 5 minutes.", + "name": "AWS Lambda - High Percentage of Failed Requests", + "description": "This alert fires when we detect a large number of failed Lambda requests (>5%) within an interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -2634,31 +2808,44 @@ "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/dynamodb tablename=* metric=WriteThrottleEvents statistic=sum | sum by account, region, namespace, tablename" + "query": "Namespace=aws/lambda metric=Errors Statistic=Sum account=* region=* functionname=* | sum by functionname, account, region, namespace" + }, + { + "rowId": "B", + "query": "Namespace=aws/lambda metric=Invocations Statistic=Sum account=* region=* functionname=* | sum by functionname, account, region, namespace" + }, + { + "rowId": "C", + "query": "#A * 100 / #B along functionname, account, region, namespace" } ], "triggers": [ { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", "threshold": 5, - "thresholdType": "GreaterThan", + "thresholdType": "GreaterThanOrEqual", + "field": null, "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", "minDataPoints": 2 }, { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", "threshold": 5, - "thresholdType": "LessThanOrEqual", + "thresholdType": "LessThan", + "field": null, "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, @@ -2669,8 +2856,8 @@ "automatedPlaybookIds": [] }, { - "name": "AWS DynamoDB - System Errors", - "description": "This alert fires when we detect system errors for a dynamodb table is high (>10) for a time interval of 5 minutes.", + "name": "AWS SQS - Queue has stopped receiving messages", + "description": "This alert fires when we detect that the queue has stopped receiving messages. That is, the average number of messages received in the queue <1 for an interval of 30 minutes.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -2680,7 +2867,7 @@ "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/dynamodb metric=SystemErrors statistic=samplecount | sum " + "query": "metric=NumberOfMessagesReceived Statistic=avg region=* account=* queuename=* namespace=aws/sqs | avg by account, region, namespace, queuename " } ], "triggers": [ @@ -2688,26 +2875,27 @@ "detectionMethod": "MetricsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 10, - "thresholdType": "GreaterThan", + "timeRange": "-30m", + "threshold": 1, + "thresholdType": "LessThan", "occurrenceType": "Always", - "minDataPoints": 2 + "minDataPoints": 3 }, { "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, - "timeRange": "-5m", - "threshold": 10, - "thresholdType": "LessThanOrEqual", + "timeRange": "-30m", + "threshold": 1, + "thresholdType": "GreaterThanOrEqual", "occurrenceType": "Always", - "minDataPoints": 2 + "minDataPoints": 3 } ], + "timeZone": null, "notifications": [], "isDisabled": true, - "groupNotifications": false, + "groupNotifications": true, "playbook": "", "sloId": null, "monitorTemplateId": null, @@ -2715,40 +2903,43 @@ "automatedPlaybookIds": [] }, { - "name": "AWS Lambda - High Memory Utilization", - "description": "This alert fires when we detect a Lambda execution with memory usage of more than 85% within an interval of 10 minutes.", + "name": "AWS SQS - Message processing not fast enough", + "description": "This alert fires when we detect message processing is not fast enough. That is, the average approximate age of the oldest non-deleted message in the queue is more than 5 seconds for an interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Logs", - "evaluationDelay": "0m", + "monitorType": "Metrics", + "evaluationDelay": "4m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* Namespace=aws/lambda Memory Size Used\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| _sourceName as logStream | _sourceHost as logGroup\n| parse regex field=message \"REPORT\\s+RequestId:\\s+(?[^\\s]+)\\s+Duration:\\s+(?[^\\s]+)\\s+ms\\s+Billed Duration:\\s+(?[^\\s]+)\\s+ms\\s+Memory\\s+Size:\\s+(?[^\\s]+)\\s+MB\\s+Max\\s+Memory\\s+Used:\\s+(?[^\\s]+)\\s+MB\" \n| parse field=loggroup \"/aws/lambda/*\" as functionname\n| avg(MemorySize) as MemorySizeAvg, avg(MaxMemoryUsed) as MaxMemoryUsedAvg by functionname\n| (MaxMemoryUsedAvg/MemorySizeAvg)*100 as memoryUtilization\n| where memoryUtilization>85" + "query": "metric=ApproximateAgeOfOldestMessage Statistic=avg region=* account=* queuename=* namespace=aws/sqs | avg by account,region,namespace,queuename " } ], "triggers": [ { - "detectionMethod": "LogsStaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-10m", - "threshold": 0, + "timeRange": "-5m", + "threshold": 5, "thresholdType": "GreaterThan", - "field": null + "occurrenceType": "Always", + "minDataPoints": 3 }, { - "detectionMethod": "LogsStaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", - "resolutionWindow": "-10m", - "timeRange": "-10m", - "threshold": 0, + "resolutionWindow": null, + "timeRange": "-5m", + "threshold": 5, "thresholdType": "LessThanOrEqual", - "field": null + "occurrenceType": "Always", + "minDataPoints": 3 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": true, @@ -2759,8 +2950,8 @@ "automatedPlaybookIds": [] }, { - "name": "AWS Lambda - Throttling", - "description": "This alert fires when we detect a Lambda running into throttling within an interval of 10 minutes.", + "name": "AWS EC2 CW - Status Check Failed", + "description": "This alert fires when there is a status check failures within a 5 minute interval for an EC2 instance.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -2770,7 +2961,7 @@ "queries": [ { "rowId": "A", - "query": "Namespace=aws/lambda metric=Throttles statistic=average account=* region=* functionname=* Resource=* | avg by account, region,namespace, functionname " + "query": "account=* region=* namespace=aws/ec2 instanceid=* metric=StatusCheckFailed statistic=maximum | filter latest=1 | count by account, region, namespace,instanceid " } ], "triggers": [ @@ -2778,7 +2969,7 @@ "detectionMethod": "MetricsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-10m", + "timeRange": "-5m", "threshold": 0, "thresholdType": "GreaterThan", "occurrenceType": "Always", @@ -2788,13 +2979,14 @@ "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, - "timeRange": "-10m", + "timeRange": "-5m", "threshold": 0, "thresholdType": "LessThanOrEqual", "occurrenceType": "Always", "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, @@ -2805,18 +2997,26 @@ "automatedPlaybookIds": [] }, { - "name": "Amazon RDS MySQL - Excessive Slow Query Detected", - "description": "This alert fires when we detect the average time to execute a query is more than 5 seconds over last 10 minutes.", + "name": "AWS Network Load Balancer - High TLS Negotiation Errors", + "description": "This alert fires when we detect that there are too many TLS Negotiation Errors (>=10%) within an interval of 5 minutes for a given network load balancer", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Logs", - "evaluationDelay": "0m", + "monitorType": "Metrics", + "evaluationDelay": "4m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*SlowQuery \"User@Host\" \"Query_time\"\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse regex field=message \"(?# User@Host:[\\S\\s]+?SET timestamp=\\d+;[\\S\\s]+?;)\" multi\n| parse regex field=query_block \"# User@Host:\\s*\\S+?\\[(?\\S*?)\\]\\s*@\\s*\\[(?\\S*?)\\]\\s*Id:\\s*(?\\d*)\" nodrop\n| parse regex field=query_block \"# User@Host:\\s*\\S+?\\[(?\\S*?)\\]\\s*@\\s*(?\\S+)\\s\\[(?\\S*?)\\]\\s+Id:\\s*(?\\d+)\"\n| parse regex field=query_block \"# Query_time:\\s+(?[\\d.]*)\\s+Lock_time:\\s+(?[\\d.]*)\\s+Rows_sent:\\s+(?[\\d]*)\\s+Rows_examined:\\s+(?[\\d]*)\" nodrop\n| parse regex field=query_block \"SET timestamp=(?\\d*);\\n(?[\\s\\S]*);\" nodrop\n| parse regex field=sql_cmd \"[^a-zA-Z]*(?[a-zA-Z]+)\\s*\"\n| fields -query_block\n| num (query_time)\n| count as frequency, sum(query_time) as total_time, min(query_time) as min_time, max(query_time) as max_time, avg(query_time) as avg_time, avg(rows_examined) as avg_rows_examined, avg(rows_sent) as avg_rows_sent, avg(Lock_Time) as avg_lock_time group by sql_cmd, dbidentifier\n| 5 as threshold // customize if need different value. As an example, query taking more than 5 Seconds is considered as Excessive Slow.\n| where avg_time > threshold\n| sort by avg_time, frequency asc" + "query": "Namespace=aws/NetworkELB metric=ClientTLSNegotiationErrorCount Statistic=sum account=* region=* LoadBalancer=* | sum by LoadBalancer, account, region, namespace" + }, + { + "rowId": "B", + "query": "Namespace=aws/NetworkELB metric=TargetTLSNegotiationErrorCount Statistic=sum account=* region=* LoadBalancer=* | sum by LoadBalancer, account, region, namespace" + }, + { + "rowId": "C", + "query": "(#A + #B) along LoadBalancer, account, region, namespace" } ], "triggers": [ @@ -2824,30 +3024,31 @@ "detectionMethod": "StaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-10m", - "threshold": 1, + "timeRange": "-5m", + "threshold": 10, "thresholdType": "GreaterThanOrEqual", "field": null, - "occurrenceType": "ResultCount", - "triggerSource": "AllResults", - "minDataPoints": null + "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", + "minDataPoints": 2 }, { "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, - "timeRange": "-10m", - "threshold": 1, + "timeRange": "-5m", + "threshold": 10, "thresholdType": "LessThan", "field": null, - "occurrenceType": "ResultCount", - "triggerSource": "AllResults", - "minDataPoints": null + "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", + "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, - "groupNotifications": true, + "groupNotifications": false, "playbook": "", "sloId": null, "monitorTemplateId": null, @@ -2855,43 +3056,50 @@ "automatedPlaybookIds": [] }, { - "name": "Amazon RDS MySQL - High Authentication Failure", - "description": "This alert fires when we detect more then 10 authentication failure over a 5 minute time-period", + "name": "Amazon Elasticache - High Engine CPU Utilization", + "description": "This alert fires when the average CPU utilization for the Redis engine process within a 5 minute interval is high (>=90%). For larger node types with four vCPUs or more, use the EngineCPUUtilization metric to monitor and set thresholds for scaling.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Logs", - "evaluationDelay": "0m", + "monitorType": "Metrics", + "evaluationDelay": "4m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*Error \"Access denied for user\"\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \" [*] \" as LogLevel\n| parse field=message \" * [Note] Access denied for user '*'@'*' (using *: *)\" as requestid, user, host, authenticationType, flag nodrop\n| parse field=message \"[Warning] Access denied for user '*'@'*' (using *: *)\" as user, host, authenticationType, flag nodrop" + "query": "Namespace=aws/elasticache metric=EngineCPUUtilization statistic=Average account=* region=* CacheClusterId=* CacheNodeId=* | avg by CacheClusterId, CacheNodeId, account, region, namespace" } ], "triggers": [ { - "detectionMethod": "LogsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 10, - "thresholdType": "GreaterThan", - "field": null + "threshold": 90, + "thresholdType": "GreaterThanOrEqual", + "field": null, + "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", + "minDataPoints": 2 }, { - "detectionMethod": "LogsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 10, - "thresholdType": "LessThanOrEqual", - "field": null + "threshold": 90, + "thresholdType": "LessThan", + "field": null, + "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", + "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, - "groupNotifications": true, + "groupNotifications": false, "playbook": "", "sloId": null, "monitorTemplateId": null, @@ -2899,18 +3107,18 @@ "automatedPlaybookIds": [] }, { - "name": "Amazon RDS PostgreSQL - Excessive Slow Query Detected", - "description": "This alert fires when we detect the average time to execute a query is more than 5 seconds over a 10 minutes.", + "name": "Amazon RDS - Low Burst Balance", + "description": "This alert fires when we observe a low burst balance (<= 50%) for a given database. A low burst balance indicates you won't be able to scale up as fast for burstable database workloads on gp2 volumes.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Logs", - "evaluationDelay": "0m", + "monitorType": "Metrics", + "evaluationDelay": "4m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*postgresql\n| json \"message\" nodrop \n| if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* * *:*(*):*@*:[*]:*:*\" as date,time,time_zone,host,thread_id,user,database,processid,severity,msg \n| parse regex field=msg \"duration: (?[\\S]+) ms (?.+)\"\n| 5000 as threshold // customize if need different value. As an example, query taking more than 5 Seconds is considered as Excessive Slow.\n| where execution_time_ms > threshold \n| count by dbidentifier, database" + "query": "Namespace=aws/rds metric=BurstBalance statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" } ], "triggers": [ @@ -2919,29 +3127,30 @@ "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0, - "thresholdType": "GreaterThan", + "threshold": 50, + "thresholdType": "LessThanOrEqual", "field": null, - "occurrenceType": "ResultCount", - "triggerSource": "AllResults", - "minDataPoints": null + "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", + "minDataPoints": 2 }, { "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0, - "thresholdType": "LessThanOrEqual", + "threshold": 50, + "thresholdType": "GreaterThan", "field": null, - "occurrenceType": "ResultCount", - "triggerSource": "AllResults", - "minDataPoints": null + "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", + "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, - "groupNotifications": true, + "groupNotifications": false, "playbook": "", "sloId": null, "monitorTemplateId": null, @@ -2949,43 +3158,46 @@ "automatedPlaybookIds": [] }, { - "name": "Amazon RDS PostgreSQL - High Authentication Failure", - "description": "This alert fires when we detect more than 10 authentication failure in Postgres logs over a 5 minute time-period", + "name": "AWS API Gateway - High Client-Side Errors", + "description": "This alert fires where there are too many API requests (>5%) with client-side errors within 5 minutes. \nThis can indicate an issue in the authorisation or client request parameters. It could also mean that a resource was removed or a client is requesting one that doesn't exist. Errors could also be caused by exceeding the configured throttling limit.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Logs", - "evaluationDelay": "0m", + "monitorType": "Metrics", + "evaluationDelay": "4m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/rds _sourceHost=/aws/rds/*postgresql dbidentifier=* \"authentication failed\"\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* * *:*(*):*@*:[*]:*:*\" as date,time,time_zone,host,thread_id,user,database,processid,severity,msg \n| where msg matches \"*authentication failed*\"" + "query": "Namespace=aws/apigateway (metric=4XX or metric=4xxError or metric=ClientError) Statistic=Average account=* region=* apiname=* stage=* !(route=*) !(resource=*) | avg by apiname, namespace, region, account, stage" } ], "triggers": [ { - "detectionMethod": "LogsStaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 10, - "thresholdType": "GreaterThan", - "field": null + "threshold": 0.05, + "thresholdType": "GreaterThanOrEqual", + "occurrenceType": "Always", + "minDataPoints": 5 }, { - "detectionMethod": "LogsStaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 10, - "thresholdType": "LessThanOrEqual", - "field": null + "threshold": 0.05, + "thresholdType": "LessThan", + "occurrenceType": "Always", + "minDataPoints": 5 } ], + "timeZone": "Asia/Kolkata", "notifications": [], "isDisabled": true, - "groupNotifications": true, + "groupNotifications": false, "playbook": "", "sloId": null, "monitorTemplateId": null, @@ -2993,40 +3205,43 @@ "automatedPlaybookIds": [] }, { - "name": "Amazon RDS PostgreSQL - High Errors", - "description": "This alert fires when we detect high number (>10) of error/fatal logs in Postgres logs over a 5 minutes time period", + "name": "AWS SQS - Messages not processed", + "description": "This alert fires when we detect messages that have been received by a consumer, but have not been processed (deleted/failed). That is, the average number of messages that are in flight are >=20 for an interval of 5 minutes.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Logs", - "evaluationDelay": "0m", + "monitorType": "Metrics", + "evaluationDelay": "4m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/rds _sourceHost=/aws/rds/*postgresql dbidentifier=* (\"ERROR\" OR \"FATAL\")\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* * *:*(*):*@*:[*]:*:*\" as date,time,time_zone,host,threadid,user,database,processid,severity,msg \n| where severity IN (\"ERROR\", \"FATAL\") " + "query": "metric=ApproximateNumberOfMessagesNotVisible Statistic=avg region = * account=* queuename=* namespace=aws/sqs | avg by account, region, namespace, queuename " } ], "triggers": [ { - "detectionMethod": "LogsStaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 10, - "thresholdType": "GreaterThan", - "field": null + "threshold": 20, + "thresholdType": "GreaterThanOrEqual", + "occurrenceType": "Always", + "minDataPoints": 3 }, { - "detectionMethod": "LogsStaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 10, - "thresholdType": "LessThanOrEqual", - "field": null + "threshold": 20, + "thresholdType": "LessThan", + "occurrenceType": "Always", + "minDataPoints": 3 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": true, @@ -3037,40 +3252,43 @@ "automatedPlaybookIds": [] }, { - "name": "Amazon RDS PostgreSQL - Statement Timeouts", - "description": "This alert fires when we detect Postgres logs show statement timeouts", + "name": "AWS API Gateway - High Latency", + "description": "This alert fires when we detect the high Latency in a stage within 5 minutes for REST and HTTP API.\nFind the IntegrationLatency metric value to check the API backend latency. If the two metrics are mostly aligned, the API backend is the source of higher latency and you should investigate there for issues. View this metric per resource and method and narrow down the source of the latency.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Logs", - "evaluationDelay": "0m", + "monitorType": "Metrics", + "evaluationDelay": "4m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*postgresql \"statement timeout\" | json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message | parse field=message \"* * *:*(*):*@*:[*]:*:*\" as date,time,time_zone,host,thread_id,user,database,processid,severity,msg | count by dbidentifier, database" + "query": "account=* region=* Namespace=aws/apigateway metric=Latency statistic=p90 apiname=* stage=* !(route=*) !(resource=*) | avg by apiname, namespace, region, account, stage" } ], "triggers": [ { - "detectionMethod": "LogsStaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0, - "thresholdType": "GreaterThan", - "field": null + "threshold": 2500, + "thresholdType": "GreaterThanOrEqual", + "occurrenceType": "Always", + "minDataPoints": 5 }, { - "detectionMethod": "LogsStaticCondition", + "detectionMethod": "MetricsStaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 0, - "thresholdType": "LessThanOrEqual", - "field": null + "threshold": 2500, + "thresholdType": "LessThan", + "occurrenceType": "Always", + "minDataPoints": 5 } ], + "timeZone": "Asia/Kolkata", "notifications": [], "isDisabled": true, "groupNotifications": true, @@ -3081,8 +3299,8 @@ "automatedPlaybookIds": [] }, { - "name": "Amazon RDS - Low Free Storage", - "description": "This alert fires when the average free storage space of a RDS instance is low (< 512MB) for an interval of 15 minutes.", + "name": "Amazon ECS - High CPU Utilization", + "description": "This alert fires when the average CPU utilization within a 5 minute interval for a service within a cluster is high (>=85%).", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -3092,31 +3310,36 @@ "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/rds metric=FreeStorageSpace statistic=average | eval _value/(1024*1024) | avg by dbidentifier, namespace, region, account" + "query": "Namespace=aws/ecs metric=CPUUtilization statistic=Average account=* region=* ClusterName=* ServiceName=* | avg by ClusterName, ServiceName, account, region, namespace" } ], "triggers": [ { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-15m", - "threshold": 512, - "thresholdType": "LessThan", + "timeRange": "-5m", + "threshold": 85, + "thresholdType": "GreaterThanOrEqual", + "field": null, "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", "minDataPoints": 2 }, { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, - "timeRange": "-15m", - "threshold": 512, - "thresholdType": "GreaterThanOrEqual", + "timeRange": "-5m", + "threshold": 85, + "thresholdType": "LessThan", + "field": null, "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, @@ -3127,45 +3350,50 @@ "automatedPlaybookIds": [] }, { - "name": "Amazon RDS - Low Freeable Memory", - "description": "This alert fires when the average Freeable memory of an RDS instance is < 128 MB for an interval of 15 minutes. If this value is lower you may need to scale up to a larger instance class.", + "name": "Amazon RDS PostgreSQL - Excessive Slow Query Detected", + "description": "This alert fires when we detect the average time to execute a query is more than 5 seconds over a 10 minutes.", "type": "MonitorsLibraryMonitorExport", - "monitorType": "Metrics", - "evaluationDelay": "4m", + "monitorType": "Logs", + "evaluationDelay": "0m", "alertName": null, "runAs": null, "notificationGroupFields": [], "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/rds metric=FreeableMemory statistic=average | eval _value/(1024*1024) | avg by dbidentifier, namespace, region, account" + "query": "account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*postgresql\n| json \"message\" nodrop \n| if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* * *:*(*):*@*:[*]:*:*\" as date,time,time_zone,host,thread_id,user,database,processid,severity,msg \n| parse regex field=msg \"duration: (?[\\S]+) ms (?.+)\"\n| 5000 as threshold // customize if need different value. As an example, query taking more than 5 Seconds is considered as Excessive Slow.\n| where execution_time_ms > threshold \n| count by dbidentifier, database" } ], "triggers": [ { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "Critical", "resolutionWindow": null, - "timeRange": "-15m", - "threshold": 128, - "thresholdType": "LessThanOrEqual", - "occurrenceType": "Always", - "minDataPoints": 2 + "timeRange": "-5m", + "threshold": 0, + "thresholdType": "GreaterThan", + "field": null, + "occurrenceType": "ResultCount", + "triggerSource": "AllResults", + "minDataPoints": null }, { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, - "timeRange": "-15m", - "threshold": 128, - "thresholdType": "GreaterThan", - "occurrenceType": "Always", - "minDataPoints": 2 + "timeRange": "-5m", + "threshold": 0, + "thresholdType": "LessThanOrEqual", + "field": null, + "occurrenceType": "ResultCount", + "triggerSource": "AllResults", + "minDataPoints": null } ], + "timeZone": null, "notifications": [], "isDisabled": true, - "groupNotifications": false, + "groupNotifications": true, "playbook": "", "sloId": null, "monitorTemplateId": null, @@ -3173,8 +3401,8 @@ "automatedPlaybookIds": [] }, { - "name": "AWS EC2 CW - High CPU Utilization", - "description": "This alert fires when the average CPU Utilization based on cloud watch metrics, within a 5 minute interval for an EC2 instance is high (>=85%).", + "name": "Amazon RDS - High Disk Queue Depth", + "description": "This alert fires when the average disk queue depth for a database is high (>=5) for an interval of 5 minutes. Higher this value, higher will be the number of outstanding I/Os (read/write requests) waiting to access the disk, which will impact the performance of your application.", "type": "MonitorsLibraryMonitorExport", "monitorType": "Metrics", "evaluationDelay": "4m", @@ -3184,31 +3412,36 @@ "queries": [ { "rowId": "A", - "query": "account=* region=* namespace=aws/ec2 metric=CPUUtilization instanceid=* statistic=average | avg by account, region, namespace, instanceid" + "query": "Namespace=aws/rds metric=DiskQueueDepth statistic=Average account=* region=* dbidentifier=* | avg by dbidentifier, namespace, region, account" } ], "triggers": [ { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "Critical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 85, - "thresholdType": "GreaterThan", + "threshold": 5, + "thresholdType": "GreaterThanOrEqual", + "field": null, "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", "minDataPoints": 2 }, { - "detectionMethod": "MetricsStaticCondition", + "detectionMethod": "StaticCondition", "triggerType": "ResolvedCritical", "resolutionWindow": null, "timeRange": "-5m", - "threshold": 85, - "thresholdType": "LessThanOrEqual", + "threshold": 5, + "thresholdType": "LessThan", + "field": null, "occurrenceType": "Always", + "triggerSource": "AnyTimeSeries", "minDataPoints": 2 } ], + "timeZone": null, "notifications": [], "isDisabled": true, "groupNotifications": false, From a188a8781d107df556912acc54bbe45d71f9a4bc Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Thu, 27 Jun 2024 15:35:05 +0530 Subject: [PATCH 12/34] Added new monitors for mssql --- .../app-modules/rds/app.tf | 68 ++++++++++++++ aws-observability/json/Alerts-App.json | 90 +++++++++---------- 2 files changed, 113 insertions(+), 45 deletions(-) diff --git a/aws-observability-terraform/app-modules/rds/app.tf b/aws-observability-terraform/app-modules/rds/app.tf index 1fcb8f5d..15e2d1bb 100644 --- a/aws-observability-terraform/app-modules/rds/app.tf +++ b/aws-observability-terraform/app-modules/rds/app.tf @@ -519,6 +519,74 @@ module "rds_module" { group_notifications = var.group_notifications connection_notifications = var.connection_notifications email_notifications = var.email_notifications + }, + "RdsMSSQLHighAuthFailureByClientIPsOnDB" = { + monitor_name = "Amazon RDS MSSQL - Database observing authentication failures from multiple client IPs" + monitor_description = "This alert fires when we detect more than or equal to 10 client IPs attempting authentication failures on the database over a 15-minute period." + monitor_monitor_type = "Logs" + monitor_parent_id = var.monitor_folder_id + monitor_is_disabled = var.monitors_disabled + monitor_evaluation_delay = "0m" + queries = { + A = "account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*Error Logon Login failed for user\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* Logon Login failed for user '*'. Reason: * [CLIENT: *]\" as time, user, reason, client_ip\n| count_distinct(client_ip) as unique_client_ip by dbidentifier\n| 10 as threshold\n| where unique_client_ip >= threshold\n| sort by unique_client_ip\n| fields - threshold" + } + triggers = [ + { + detection_method = "LogsStaticCondition", + time_range = "-15m", + trigger_type = "Critical", + threshold = 1, + threshold_type = "GreaterThanOrEqual", + occurrence_type = "ResultCount", + trigger_source = "AllResults" + }, + { + detection_method = "LogsStaticCondition", + time_range = "-15m", + trigger_type = "ResolvedCritical", + threshold = 1, + threshold_type = "LessThan", + occurrence_type = "ResultCount", + trigger_source = "AllResults" + } + ] + group_notifications = var.group_notifications + connection_notifications = var.connection_notifications + email_notifications = var.email_notifications + }, + "RdsMSSQLHighAuthFailureByClientIPOnDBs" = { + monitor_name = "Amazon RDS MSSQL - Authentication failures from the same client IP on multiple databases" + monitor_description = "This alert fires when we detect specific client IP attempting authentication failures on more than or equal to 10 databases over a 15 minute time-period." + monitor_monitor_type = "Logs" + monitor_parent_id = var.monitor_folder_id + monitor_is_disabled = var.monitors_disabled + monitor_evaluation_delay = "0m" + queries = { + A = "account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*Error Logon Login failed for user\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* Logon Login failed for user '*'. Reason: * [CLIENT: *]\" as time, user, reason, client_ip\n| count_distinct(dbidentifier) as unique_db by client_ip\n| 10 as threshold\n| where unique_db >= threshold\n| sort by unique_db, client_ip asc\n| fields - threshold" + } + triggers = [ + { + detection_method = "LogsStaticCondition", + time_range = "-15m", + trigger_type = "Critical", + threshold = 1, + threshold_type = "GreaterThanOrEqual", + occurrence_type = "ResultCount", + trigger_source = "AllResults" + }, + { + detection_method = "LogsStaticCondition", + time_range = "-5m", + trigger_type = "ResolvedCritical", + threshold = 1, + threshold_type = "LessThan", + occurrence_type = "ResultCount", + trigger_source = "AllResults" + } + ] + group_notifications = var.group_notifications + connection_notifications = var.connection_notifications + email_notifications = var.email_notifications } } } \ No newline at end of file diff --git a/aws-observability/json/Alerts-App.json b/aws-observability/json/Alerts-App.json index 9949c477..eac10853 100644 --- a/aws-observability/json/Alerts-App.json +++ b/aws-observability/json/Alerts-App.json @@ -1275,51 +1275,6 @@ "tags": null, "automatedPlaybookIds": [] }, - { - "name": "Amazon RDS MSSQL - Authentication failures from the same client IP on multiple databases", - "description": "This alert fires when we detect specific client IP attempting authentication failures on more than or equal to 10 databases over a 15 minute time-period.", - "type": "MonitorsLibraryMonitorExport", - "monitorType": "Logs", - "evaluationDelay": "0m", - "alertName": null, - "runAs": null, - "notificationGroupFields": [], - "queries": [ - { - "rowId": "A", - "query": "account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*Error Logon Login failed for user\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* Logon Login failed for user '*'. Reason: * [CLIENT: *]\" as time, user, reason, client_ip\n| count_distinct(dbidentifier) as unique_db by client_ip\n| 10 as threshold\n| where unique_db >= threshold\n| sort by unique_db, client_ip asc\n| fields - threshold" - } - ], - "triggers": [ - { - "detectionMethod": "LogsStaticCondition", - "triggerType": "Critical", - "resolutionWindow": null, - "timeRange": "-15m", - "threshold": 1, - "thresholdType": "GreaterThan", - "field": null - }, - { - "detectionMethod": "LogsStaticCondition", - "triggerType": "ResolvedCritical", - "resolutionWindow": "-15m", - "timeRange": "-15m", - "threshold": 1, - "thresholdType": "LessThanOrEqual", - "field": null - } - ], - "timeZone": "Asia/Kolkata", - "notifications": [], - "isDisabled": true, - "groupNotifications": true, - "playbook": "", - "sloId": null, - "monitorTemplateId": null, - "tags": null, - "automatedPlaybookIds": [] - }, { "name": "Amazon Elasticache - High Redis Memory Fragmentation Ratio", "description": "This alert fires when the average Redis memory fragmentation ratio for within a 5 minute interval is high (>=1.5). Value equal to or greater than 1.5 Indicate significant memory fragmentation.", @@ -2500,6 +2455,51 @@ "tags": null, "automatedPlaybookIds": [] }, + { + "name": "Amazon RDS MSSQL - Authentication failures from the same client IP on multiple databases", + "description": "This alert fires when we detect specific client IP attempting authentication failures on more than or equal to 10 databases over a 15 minute time-period.", + "type": "MonitorsLibraryMonitorExport", + "monitorType": "Logs", + "evaluationDelay": "0m", + "alertName": null, + "runAs": null, + "notificationGroupFields": [], + "queries": [ + { + "rowId": "A", + "query": "account=* region=* namespace=aws/rds dbidentifier=* _sourceHost=/aws/rds/*Error Logon Login failed for user\n| json \"message\" nodrop | if (_raw matches \"{*\", message, _raw) as message\n| parse field=message \"* Logon Login failed for user '*'. Reason: * [CLIENT: *]\" as time, user, reason, client_ip\n| count_distinct(dbidentifier) as unique_db by client_ip\n| 10 as threshold\n| where unique_db >= threshold\n| sort by unique_db, client_ip asc\n| fields - threshold" + } + ], + "triggers": [ + { + "detectionMethod": "LogsStaticCondition", + "triggerType": "Critical", + "resolutionWindow": null, + "timeRange": "-15m", + "threshold": 1, + "thresholdType": "GreaterThanOrEqual", + "field": null + }, + { + "detectionMethod": "LogsStaticCondition", + "triggerType": "ResolvedCritical", + "resolutionWindow": "-15m", + "timeRange": "-15m", + "threshold": 1, + "thresholdType": "LessThan", + "field": null + } + ], + "timeZone": "Asia/Kolkata", + "notifications": [], + "isDisabled": true, + "groupNotifications": true, + "playbook": "", + "sloId": null, + "monitorTemplateId": null, + "tags": null, + "automatedPlaybookIds": [] + }, { "name": "AWS API Gateway - High WAF Errors", "description": "This alert fires where there are too many API requests (>5%) with WAF errors within 5 minutes.", From 5d62ccc350cd721bf5081a104d575f6331e7af9d Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Thu, 27 Jun 2024 15:39:00 +0530 Subject: [PATCH 13/34] Added new permission --- .../permissionchecker/AWSObservabilityCFTemplatePermissions.json | 1 + 1 file changed, 1 insertion(+) diff --git a/aws-observability/apps/permissionchecker/AWSObservabilityCFTemplatePermissions.json b/aws-observability/apps/permissionchecker/AWSObservabilityCFTemplatePermissions.json index 05b500b0..8d4d93aa 100644 --- a/aws-observability/apps/permissionchecker/AWSObservabilityCFTemplatePermissions.json +++ b/aws-observability/apps/permissionchecker/AWSObservabilityCFTemplatePermissions.json @@ -117,6 +117,7 @@ "s3:ListBucket", "s3:PutBucketNotification", "s3:PutBucketPolicy", + "s3:PutBucketPublicAccessBlock", "secretsmanager:DescribeSecret", "secretsmanager:GetRandomPassword", "secretsmanager:GetResourcePolicy", From dbfae0ff56c50bf658a2c505d100631c7b3142f2 Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Thu, 27 Jun 2024 15:59:08 +0530 Subject: [PATCH 14/34] corrected time_range value --- aws-observability-terraform/app-modules/rds/app.tf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws-observability-terraform/app-modules/rds/app.tf b/aws-observability-terraform/app-modules/rds/app.tf index 15e2d1bb..41884afb 100644 --- a/aws-observability-terraform/app-modules/rds/app.tf +++ b/aws-observability-terraform/app-modules/rds/app.tf @@ -576,7 +576,7 @@ module "rds_module" { }, { detection_method = "LogsStaticCondition", - time_range = "-5m", + time_range = "-15m", trigger_type = "ResolvedCritical", threshold = 1, threshold_type = "LessThan", From 162d32b77af16bc655ccdb765be6aaedd84e4134 Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Thu, 27 Jun 2024 17:07:45 +0530 Subject: [PATCH 15/34] deployed telemetry zip to multiple regions --- ...mologic_observability.master.template.yaml | 53 ++++++++++++++++++- 1 file changed, 51 insertions(+), 2 deletions(-) diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml index 4276c61b..9b07950b 100644 --- a/aws-observability/templates/sumologic_observability.master.template.yaml +++ b/aws-observability/templates/sumologic_observability.master.template.yaml @@ -485,6 +485,55 @@ Mappings: InventorySourceCategory: "aws/observability/inventory" XraySourceCategory: "aws/observability/xray" ELBLogsSourceCategory: "aws/observability/clb/logs" + RegionMap: + us-east-1: + bucketname: appdevzipfiles-us-east-1 + us-east-2: + bucketname: appdevzipfiles-us-east-2 + us-west-1: + bucketname: appdevzipfiles-us-west-1 + us-west-2: + bucketname: appdevzipfiles-us-west-2 + ap-south-1: + bucketname: appdevzipfiles-ap-south-1 + ap-northeast-2: + bucketname: appdevzipfiles-ap-northeast-2 + ap-southeast-1: + bucketname: appdevzipfiles-ap-southeast-1 + ap-southeast-2: + bucketname: appdevzipfiles-ap-southeast-2 + ap-northeast-1: + bucketname: appdevzipfiles-ap-northeast-1 + ca-central-1: + bucketname: appdevzipfiles-ca-central-1 + eu-central-1: + bucketname: appdevzipfiles-eu-central-1 + eu-west-1: + bucketname: appdevzipfiles-eu-west-1 + eu-west-2: + bucketname: appdevzipfiles-eu-west-2 + eu-west-3: + bucketname: appdevzipfiles-eu-west-3 + eu-north-1: + bucketname: appdevzipfiles-eu-north-1s + sa-east-1: + bucketname: appdevzipfiles-sa-east-1 + ap-east-1: + bucketname: appdevzipfiles-ap-east-1s + af-south-1: + bucketname: appdevzipfiles-af-south-1s + eu-south-1: + bucketname: appdevzipfiles-eu-south-1 + me-south-1: + bucketname: appdevzipfiles-me-south-1s + me-central-1: + bucketname: appdevzipfiles-me-central-1 + eu-central-2: + bucketname: appdevzipfiles-eu-central-2ss + ap-northeast-3: + bucketname: appdevzipfiles-ap-northeast-3s + ap-southeast-3: + bucketname: appdevzipfiles-ap-southeast-3 Resources: LambdaRole: @@ -542,8 +591,8 @@ Resources: Handler: lambda_function.lambda_handler Runtime: python3.12 Code: - S3Bucket: hsharma-codes - S3Key: 'telemetry.zip' + S3Bucket: !FindInMap [ RegionMap, !Ref 'AWS::Region', bucketname ] + S3Key: "sumologic-aws-observability/apps/SumoLogicAWSObservabilityHelper/telemetryv1.0.0.zip" MemorySize: 128 Timeout: 900 Role: !GetAtt LambdaRole.Arn From 79b5a214ef3ac2494d2667b856f3dd7394ed793e Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Thu, 27 Jun 2024 17:09:13 +0530 Subject: [PATCH 16/34] removing collection endpoint --- .../templates/sumologic_observability.master.template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml index 9b07950b..1780ec23 100644 --- a/aws-observability/templates/sumologic_observability.master.template.yaml +++ b/aws-observability/templates/sumologic_observability.master.template.yaml @@ -622,7 +622,7 @@ Resources: solutionName: 'AWSO' solutionVersion: 'v2.9.0' deploymentSource: 'cloudFormation' - TelemetryEndpoint: "https://collectors.sumologic.com/receiver/v1/http/ZaVnC4dhaV24CA_LXFO0iHFPLWH8VaEczkwtk-GZYMlTG_Dl2CPQ6YNbmKXf9K3dZQ2aAjTREC_C3TECzVQc1XN7zw5CI5lIR4O4-uYsk4bTELB1MU57AQ==" + TelemetryEndpoint: "" scanInterval: 60 ToUpdate: Fn::Base64: !Sub From 3125cd8856a1fe3d33d80a7323763e9c2aa4c22c Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Mon, 1 Jul 2024 13:29:58 +0530 Subject: [PATCH 17/34] CVE fixed sumo provider version 2.31.0 --- aws-observability-terraform/app-modules/versions.tf | 2 +- aws-observability-terraform/cloudformation-module/versions.tf | 2 +- aws-observability-terraform/examples/appmodule/versions.tf | 2 +- .../examples/sourcemodule/overrideSources/versions.tf | 2 +- .../examples/sourcemodule/testSource/versions.tf | 2 +- aws-observability-terraform/source-module/versions.tf | 2 +- aws-observability-terraform/versions.tf | 2 +- 7 files changed, 7 insertions(+), 7 deletions(-) diff --git a/aws-observability-terraform/app-modules/versions.tf b/aws-observability-terraform/app-modules/versions.tf index 104bf942..9be0b77a 100644 --- a/aws-observability-terraform/app-modules/versions.tf +++ b/aws-observability-terraform/app-modules/versions.tf @@ -7,7 +7,7 @@ terraform { version = ">= 2.1" } sumologic = { - version = ">= 2.28.3, < 3.0.0" + version = ">= 2.31.0, < 3.0.0" source = "SumoLogic/sumologic" } } diff --git a/aws-observability-terraform/cloudformation-module/versions.tf b/aws-observability-terraform/cloudformation-module/versions.tf index e4e1be74..261eae2c 100644 --- a/aws-observability-terraform/cloudformation-module/versions.tf +++ b/aws-observability-terraform/cloudformation-module/versions.tf @@ -9,7 +9,7 @@ terraform { version = "~> 2.1" } sumologic = { - version = "~> 2.6.2" + version = ">= 2.31.0, < 3.0.0" source = "SumoLogic/sumologic" } } diff --git a/aws-observability-terraform/examples/appmodule/versions.tf b/aws-observability-terraform/examples/appmodule/versions.tf index ede7a75c..9a357ee9 100644 --- a/aws-observability-terraform/examples/appmodule/versions.tf +++ b/aws-observability-terraform/examples/appmodule/versions.tf @@ -7,7 +7,7 @@ terraform { version = ">= 5.16.2, < 6.0.0" } sumologic = { - version = ">= 2.28.3, < 3.0.0" + version = ">= 2.31.0, < 3.0.0" source = "SumoLogic/sumologic" } time = { diff --git a/aws-observability-terraform/examples/sourcemodule/overrideSources/versions.tf b/aws-observability-terraform/examples/sourcemodule/overrideSources/versions.tf index ede7a75c..9a357ee9 100644 --- a/aws-observability-terraform/examples/sourcemodule/overrideSources/versions.tf +++ b/aws-observability-terraform/examples/sourcemodule/overrideSources/versions.tf @@ -7,7 +7,7 @@ terraform { version = ">= 5.16.2, < 6.0.0" } sumologic = { - version = ">= 2.28.3, < 3.0.0" + version = ">= 2.31.0, < 3.0.0" source = "SumoLogic/sumologic" } time = { diff --git a/aws-observability-terraform/examples/sourcemodule/testSource/versions.tf b/aws-observability-terraform/examples/sourcemodule/testSource/versions.tf index ede7a75c..9a357ee9 100644 --- a/aws-observability-terraform/examples/sourcemodule/testSource/versions.tf +++ b/aws-observability-terraform/examples/sourcemodule/testSource/versions.tf @@ -7,7 +7,7 @@ terraform { version = ">= 5.16.2, < 6.0.0" } sumologic = { - version = ">= 2.28.3, < 3.0.0" + version = ">= 2.31.0, < 3.0.0" source = "SumoLogic/sumologic" } time = { diff --git a/aws-observability-terraform/source-module/versions.tf b/aws-observability-terraform/source-module/versions.tf index ede7a75c..9a357ee9 100644 --- a/aws-observability-terraform/source-module/versions.tf +++ b/aws-observability-terraform/source-module/versions.tf @@ -7,7 +7,7 @@ terraform { version = ">= 5.16.2, < 6.0.0" } sumologic = { - version = ">= 2.28.3, < 3.0.0" + version = ">= 2.31.0, < 3.0.0" source = "SumoLogic/sumologic" } time = { diff --git a/aws-observability-terraform/versions.tf b/aws-observability-terraform/versions.tf index ede7a75c..9a357ee9 100644 --- a/aws-observability-terraform/versions.tf +++ b/aws-observability-terraform/versions.tf @@ -7,7 +7,7 @@ terraform { version = ">= 5.16.2, < 6.0.0" } sumologic = { - version = ">= 2.28.3, < 3.0.0" + version = ">= 2.31.0, < 3.0.0" source = "SumoLogic/sumologic" } time = { From e93b6ae2b37223f23d0798047cea68cc26c1c878 Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Mon, 1 Jul 2024 13:37:07 +0530 Subject: [PATCH 18/34] Updated Readme --- aws-observability-terraform/README.md | 4 ++-- aws-observability-terraform/app-modules/README.md | 4 ++-- .../examples/appmodule/README.md | 4 ++-- .../sourcemodule/overrideSources/README.md | 4 ++-- .../examples/sourcemodule/testSource/README.md | 4 ++-- .../source-module/README.md | 14 +++++++------- 6 files changed, 17 insertions(+), 17 deletions(-) diff --git a/aws-observability-terraform/README.md b/aws-observability-terraform/README.md index 14a8f502..2bd879e5 100644 --- a/aws-observability-terraform/README.md +++ b/aws-observability-terraform/README.md @@ -5,14 +5,14 @@ | [terraform](#requirement\_terraform) | >= 0.13.0 | | [aws](#requirement\_aws) | >= 5.16.2, < 6.0.0 | | [random](#requirement\_random) | >= 3.1.0 | -| [sumologic](#requirement\_sumologic) | >= 2.28.3, < 3.0.0 | +| [sumologic](#requirement\_sumologic) | >= 2.31.0, < 3.0.0 | | [time](#requirement\_time) | >= 0.11.1 | ## Providers | Name | Version | |------|---------| -| [sumologic](#provider\_sumologic) | 2.28.3 | +| [sumologic](#provider\_sumologic) | 2.31.0 | | [time](#provider\_time) | 0.11.1 | ## Modules diff --git a/aws-observability-terraform/app-modules/README.md b/aws-observability-terraform/app-modules/README.md index 5f6fd1ad..88be1531 100644 --- a/aws-observability-terraform/app-modules/README.md +++ b/aws-observability-terraform/app-modules/README.md @@ -4,13 +4,13 @@ |------|---------| | [terraform](#requirement\_terraform) | >= 0.13.0 | | [null](#requirement\_null) | >= 2.1 | -| [sumologic](#requirement\_sumologic) | >= 2.28.3, < 3.0.0 | +| [sumologic](#requirement\_sumologic) | >= 2.31.0, < 3.0.0 | ## Providers | Name | Version | |------|---------| -| [sumologic](#provider\_sumologic) | >= 2.28.3, < 3.0.0 | +| [sumologic](#provider\_sumologic) | >= 2.31.0, < 3.0.0 | | [time](#provider\_time) | n/a | ## Modules diff --git a/aws-observability-terraform/examples/appmodule/README.md b/aws-observability-terraform/examples/appmodule/README.md index 24549d38..124e6171 100644 --- a/aws-observability-terraform/examples/appmodule/README.md +++ b/aws-observability-terraform/examples/appmodule/README.md @@ -5,14 +5,14 @@ | [terraform](#requirement\_terraform) | >= 0.13.0 | | [aws](#requirement\_aws) | >= 3.42.0, < 4.0.0 | | [random](#requirement\_random) | >= 3.1.0 | -| [sumologic](#requirement\_sumologic) | >= 2.28.3, < 3.0.0 | +| [sumologic](#requirement\_sumologic) | >= 2.31.0, < 3.0.0 | | [time](#requirement\_time) | >= 0.11.1 | ## Providers | Name | Version | |------|---------| -| [sumologic](#provider\_sumologic) | >= 2.28.3, < 3.0.0 | +| [sumologic](#provider\_sumologic) | >= 2.31.0, < 3.0.0 | | [time](#provider\_time) | >= 0.11.1 | ## Modules diff --git a/aws-observability-terraform/examples/sourcemodule/overrideSources/README.md b/aws-observability-terraform/examples/sourcemodule/overrideSources/README.md index c76359d9..90cfc88c 100644 --- a/aws-observability-terraform/examples/sourcemodule/overrideSources/README.md +++ b/aws-observability-terraform/examples/sourcemodule/overrideSources/README.md @@ -5,14 +5,14 @@ | [terraform](#requirement\_terraform) | >= 0.13.0 | | [aws](#requirement\_aws) | >= 3.42.0, < 4.0.0 | | [random](#requirement\_random) | >= 3.1.0 | -| [sumologic](#requirement\_sumologic) | >= 2.28.3, < 3.0.0 | +| [sumologic](#requirement\_sumologic) | >= 2.31.0, < 3.0.0 | | [time](#requirement\_time) | >= 0.11.1 | ## Providers | Name | Version | |------|---------| -| [sumologic](#provider\_sumologic) | >= 2.28.3, < 3.0.0 | +| [sumologic](#provider\_sumologic) | >= 2.31.0, < 3.0.0 | | [time](#provider\_time) | >= 0.11.1 | ## Modules diff --git a/aws-observability-terraform/examples/sourcemodule/testSource/README.md b/aws-observability-terraform/examples/sourcemodule/testSource/README.md index f7360228..9fc197d4 100644 --- a/aws-observability-terraform/examples/sourcemodule/testSource/README.md +++ b/aws-observability-terraform/examples/sourcemodule/testSource/README.md @@ -5,14 +5,14 @@ | [terraform](#requirement\_terraform) | >= 0.13.0 | | [aws](#requirement\_aws) | >= 3.42.0, < 4.0.0 | | [random](#requirement\_random) | >= 3.1.0 | -| [sumologic](#requirement\_sumologic) | >= 2.28.3, < 3.0.0 | +| [sumologic](#requirement\_sumologic) | >= 2.31.0, < 3.0.0 | | [time](#requirement\_time) | >= 0.11.1 | ## Providers | Name | Version | |------|---------| -| [sumologic](#provider\_sumologic) | >= 2.28.3, < 3.0.0 | +| [sumologic](#provider\_sumologic) | >= 2.31.0, < 3.0.0 | | [time](#provider\_time) | >= 0.11.1 | ## Modules diff --git a/aws-observability-terraform/source-module/README.md b/aws-observability-terraform/source-module/README.md index 059798ce..8e22a733 100644 --- a/aws-observability-terraform/source-module/README.md +++ b/aws-observability-terraform/source-module/README.md @@ -1,12 +1,12 @@ ## Requirements -| Name | Version | -|------|---------| -| [terraform](#requirement\_terraform) | >= 0.13.0 | +| Name | Version | +|------|--------------------| +| [terraform](#requirement\_terraform) | >= 0.13.0 | | [aws](#requirement\_aws) | >= 5.16.2, < 6.0.0 | -| [random](#requirement\_random) | >= 3.1.0 | -| [sumologic](#requirement\_sumologic) | >= 2.28.3, < 3.0.0 | -| [time](#requirement\_time) | >= 0.11.1 | +| [random](#requirement\_random) | >= 3.1.0 | +| [sumologic](#requirement\_sumologic) | >= 2.31.0, < 3.0.0 | +| [time](#requirement\_time) | >= 0.11.1 | ## Providers @@ -15,7 +15,7 @@ | [aws](#provider\_aws) | >= 5.16.2, < 6.0.0 | | [null](#provider\_null) | n/a | | [random](#provider\_random) | >= 3.1.0 | -| [sumologic](#provider\_sumologic) | >= 2.28.3, < 3.0.0 | +| [sumologic](#provider\_sumologic) | >= 2.31.0, < 3.0.0 | | [time](#provider\_time) | >= 0.11.1 | ## Modules From 107407c12ae3159a4fc70e02af085542ee3ee54a Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Thu, 4 Jul 2024 11:07:03 +0530 Subject: [PATCH 19/34] renameing PrimeInvoker as per convention --- .../templates/sumologic_observability.master.template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml index 1780ec23..0d6336f9 100644 --- a/aws-observability/templates/sumologic_observability.master.template.yaml +++ b/aws-observability/templates/sumologic_observability.master.template.yaml @@ -606,7 +606,7 @@ Resources: Action: 'lambda:InvokeFunction' Principal: 'cloudformation.amazonaws.com' - Primerinvoke: + PrimerInvoke: Condition: send_telemetry_to_sumo Type: AWS::CloudFormation::CustomResource Version: "1.0" From 3f7a477ecdce21b5b9e10301d73789c92db1362f Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Fri, 5 Jul 2024 13:59:22 +0530 Subject: [PATCH 20/34] Updated sumologic-s3-logging-auto-enable version --- aws-observability-terraform/source-module/main.tf | 4 ++-- aws-observability/apps/autoenable/auto_enable.template.yaml | 4 ++-- .../permissioncheck.nested.template.test.yaml | 2 +- .../permissionchecker/permissioncheck.nested.template.yaml | 2 +- 4 files changed, 6 insertions(+), 6 deletions(-) diff --git a/aws-observability-terraform/source-module/main.tf b/aws-observability-terraform/source-module/main.tf index b6aa36af..1bacbd4a 100644 --- a/aws-observability-terraform/source-module/main.tf +++ b/aws-observability-terraform/source-module/main.tf @@ -98,7 +98,7 @@ module "elb_module" { } auto_enable_access_logs = var.auto_enable_access_logs - app_semantic_version = "1.0.10" + app_semantic_version = "1.0.11" auto_enable_access_logs_options = { filter = "'Type': 'application'|'type': 'application'" remove_on_delete_stack = true @@ -142,7 +142,7 @@ module "classic_lb_module" { } } auto_enable_access_logs = var.auto_enable_classic_lb_access_logs - app_semantic_version = "1.0.10" + app_semantic_version = "1.0.11" auto_enable_access_logs_options = { bucket_prefix = local.auto_classic_lb_path_exp auto_enable_logging = "ELB" diff --git a/aws-observability/apps/autoenable/auto_enable.template.yaml b/aws-observability/apps/autoenable/auto_enable.template.yaml index 13d2a519..9998cf91 100644 --- a/aws-observability/apps/autoenable/auto_enable.template.yaml +++ b/aws-observability/apps/autoenable/auto_enable.template.yaml @@ -124,7 +124,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable - SemanticVersion: 1.0.10 + SemanticVersion: 1.0.11 Parameters: BucketName: !Ref ALBS3LogsBucketName BucketPrefix: "elasticloadbalancing" @@ -139,7 +139,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable - SemanticVersion: 1.0.10 + SemanticVersion: 1.0.11 Parameters: BucketName: !Ref ELBS3LogsBucketName BucketPrefix: !Ref ELBS3LogsBucketPrefix diff --git a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml index ad5d19b6..15dcefc6 100644 --- a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml +++ b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml @@ -537,7 +537,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable - SemanticVersion: 1.0.10 + SemanticVersion: 1.0.11 Parameters: BucketName: !Ref CommonS3Bucket BucketPrefix: "elasticloadbalancing" diff --git a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml index bf01adc2..fe928e61 100644 --- a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml +++ b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml @@ -535,7 +535,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable - SemanticVersion: 1.0.10 + SemanticVersion: 1.0.11 Parameters: BucketName: !Ref CommonS3Bucket BucketPrefix: "elasticloadbalancing" From 45f6f3759c06f5c6efcb0c235e5769a44d394b14 Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Tue, 9 Jul 2024 09:50:39 +0530 Subject: [PATCH 21/34] Fixed CF testcases for awso 2.9.0 --- .../templates/test/TestTemplate.yaml | 357 ++++++++---------- 1 file changed, 164 insertions(+), 193 deletions(-) diff --git a/aws-observability/templates/test/TestTemplate.yaml b/aws-observability/templates/test/TestTemplate.yaml index 2f84bd3a..12dba354 100644 --- a/aws-observability/templates/test/TestTemplate.yaml +++ b/aws-observability/templates/test/TestTemplate.yaml @@ -24,6 +24,10 @@ Tests: - AssertType: ResourceExistence Assert: Resources: + - LambdaRole + - LambdaPermission + - PrimerInvoke + - TelemetryLambda - CreateCommonResources - AutoEnableOptions - sumoEC2MetricsAppStack @@ -41,18 +45,19 @@ Tests: - CreateCommonResources.AddAccountField - CreateCommonResources.AddRegionField - CreateCommonResources.AddNamespaceField - - sumoDynamoDBMetricsAppStack.AddTableNameField - - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerNameField - - sumoLambdaMetricsAppStack.AddFunctionNameField - - sumoApiGatewayMetricsAppStack.AddApiNameField - - sumoApiGatewayMetricsAppStack.AddApiIdField - - sumoSNSAppStack.AddTopicNameField - - sumoSQSAppStack.AddQueueNameField - - sumoRdsMetricsAppStack.AddDBIdentifierField - - sumoEC2MetricsAppStack.AddInstanceIdField - - sumoECSMetricsAppStack.AddClusterNameField - - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField + - CreateCommonResources.AddApiIdField + - CreateCommonResources.AddApiNameField + - CreateCommonResources.AddCacheClusterIdField + - CreateCommonResources.AddClusterNameField + - CreateCommonResources.AddDBIdentifierField + - CreateCommonResources.AddFunctionNameField + - CreateCommonResources.AddInstanceIdField + - CreateCommonResources.AddLoadBalancerField + - CreateCommonResources.AddLoadBalancerNameField + - CreateCommonResources.AddNETLoadBalancerField + - CreateCommonResources.AddQueueNameField + - CreateCommonResources.AddTableNameField + - CreateCommonResources.AddTopicNameField - CreateCommonResources.LambdaRole - CreateCommonResources.LambdaHelper - CreateCommonResources.AccountCheck @@ -105,16 +110,16 @@ Tests: - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.ExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableAccessLogsForExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoEnableS3LogsElbAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.ExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableAccessLogsForExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.InvokeLambdaConnector @@ -157,7 +162,6 @@ Tests: - sumoLambdaMetricsAppStack.GenericCloudWatchLogsFieldExtractionRule - sumoElasticCacheMetricsAppStack.sumoApp - sumoNlbMetricsAppStack - - sumoNlbMetricsAppStack.AddLoadBalancerField - sumoNlbMetricsAppStack.MetricRule - sumoNlbMetricsAppStack.sumoApp - sumoEC2MetricsAppStack.sumoAppCW @@ -187,9 +191,9 @@ Tests: - CreateCommonResources.Namespaces - CreateCommonResources.LambdaRoleARN - CreateCommonResources.BucketName - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - CreateCommonResources.KinesisMetricsRoleARN - CreateCommonResources.KinesisMetricsDeliveryStreamARN @@ -345,6 +349,10 @@ Tests: - AssertType: ResourceExistence Assert: Resources: + - LambdaRole + - LambdaPermission + - PrimerInvoke + - TelemetryLambda - CreateCommonResources - AutoEnableOptions - sumoEC2MetricsAppStack @@ -362,18 +370,19 @@ Tests: - CreateCommonResources.AddAccountField - CreateCommonResources.AddRegionField - CreateCommonResources.AddNamespaceField - - sumoDynamoDBMetricsAppStack.AddTableNameField - - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerNameField - - sumoLambdaMetricsAppStack.AddFunctionNameField - - sumoApiGatewayMetricsAppStack.AddApiNameField - - sumoApiGatewayMetricsAppStack.AddApiIdField - - sumoSNSAppStack.AddTopicNameField - - sumoSQSAppStack.AddQueueNameField - - sumoRdsMetricsAppStack.AddDBIdentifierField - - sumoEC2MetricsAppStack.AddInstanceIdField - - sumoECSMetricsAppStack.AddClusterNameField - - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField + - CreateCommonResources.AddApiIdField + - CreateCommonResources.AddApiNameField + - CreateCommonResources.AddCacheClusterIdField + - CreateCommonResources.AddClusterNameField + - CreateCommonResources.AddDBIdentifierField + - CreateCommonResources.AddFunctionNameField + - CreateCommonResources.AddInstanceIdField + - CreateCommonResources.AddLoadBalancerField + - CreateCommonResources.AddLoadBalancerNameField + - CreateCommonResources.AddNETLoadBalancerField + - CreateCommonResources.AddQueueNameField + - CreateCommonResources.AddTableNameField + - CreateCommonResources.AddTopicNameField - CreateCommonResources.LambdaRole - CreateCommonResources.LambdaHelper - CreateCommonResources.AccountCheck @@ -426,16 +435,16 @@ Tests: - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.ExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableAccessLogsForExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoEnableS3LogsElbAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.ExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableAccessLogsForExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.InvokeLambdaConnector @@ -478,7 +487,6 @@ Tests: - sumoLambdaMetricsAppStack.GenericCloudWatchLogsFieldExtractionRule - sumoElasticCacheMetricsAppStack.sumoApp - sumoNlbMetricsAppStack - - sumoNlbMetricsAppStack.AddLoadBalancerField - sumoNlbMetricsAppStack.MetricRule - sumoNlbMetricsAppStack.sumoApp - sumoEC2MetricsAppStack.sumoAppCW @@ -508,9 +516,9 @@ Tests: - CreateCommonResources.Namespaces - CreateCommonResources.LambdaRoleARN - CreateCommonResources.BucketName - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - CreateCommonResources.KinesisMetricsRoleARN - CreateCommonResources.KinesisMetricsDeliveryStreamARN @@ -674,6 +682,10 @@ Tests: - AssertType: ResourceExistence Assert: Resources: + - LambdaRole + - LambdaPermission + - PrimerInvoke + - TelemetryLambda - CreateCommonResources - AutoEnableOptions - sumoEC2MetricsAppStack @@ -692,18 +704,19 @@ Tests: - CreateCommonResources.AddRegionField - CreateCommonResources.AddNamespaceField - CreateCommonResources.AddAccountIdField - - sumoDynamoDBMetricsAppStack.AddTableNameField - - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerNameField - - sumoLambdaMetricsAppStack.AddFunctionNameField - - sumoApiGatewayMetricsAppStack.AddApiNameField - - sumoApiGatewayMetricsAppStack.AddApiIdField - - sumoSNSAppStack.AddTopicNameField - - sumoSQSAppStack.AddQueueNameField - - sumoRdsMetricsAppStack.AddDBIdentifierField - - sumoEC2MetricsAppStack.AddInstanceIdField - - sumoECSMetricsAppStack.AddClusterNameField - - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField + - CreateCommonResources.AddApiIdField + - CreateCommonResources.AddApiNameField + - CreateCommonResources.AddCacheClusterIdField + - CreateCommonResources.AddClusterNameField + - CreateCommonResources.AddDBIdentifierField + - CreateCommonResources.AddFunctionNameField + - CreateCommonResources.AddInstanceIdField + - CreateCommonResources.AddLoadBalancerField + - CreateCommonResources.AddLoadBalancerNameField + - CreateCommonResources.AddNETLoadBalancerField + - CreateCommonResources.AddQueueNameField + - CreateCommonResources.AddTableNameField + - CreateCommonResources.AddTopicNameField - CreateCommonResources.SumoLogicALBS3Policy - CreateCommonResources.SumoLogicELBS3Policy - CreateCommonResources.SumoLogicCloudTrailS3Policy @@ -759,16 +772,16 @@ Tests: - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.ExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableAccessLogsForExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoEnableS3LogsElbAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.ExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableAccessLogsForExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.InvokeLambdaConnector @@ -811,7 +824,6 @@ Tests: - sumoElasticCacheMetricsAppStack.sumoApp - sumoLambdaMetricsAppStack.GenericCloudWatchLogsFieldExtractionRule - sumoNlbMetricsAppStack - - sumoNlbMetricsAppStack.AddLoadBalancerField - sumoNlbMetricsAppStack.MetricRule - sumoNlbMetricsAppStack.sumoApp - sumoEC2MetricsAppStack.sumoAppCW @@ -837,9 +849,9 @@ Tests: - CreateCommonResources.Namespaces - CreateCommonResources.LambdaRoleARN - CreateCommonResources.BucketName - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - CreateCommonResources.KinesisMetricsRoleARN - CreateCommonResources.KinesisMetricsDeliveryStreamARN @@ -1198,6 +1210,10 @@ Tests: - AssertType: ResourceExistence Assert: Resources: + - LambdaRole + - LambdaPermission + - PrimerInvoke + - TelemetryLambda - CreateCommonResources - AutoEnableOptions - sumoEC2MetricsAppStack @@ -1216,18 +1232,6 @@ Tests: - CreateCommonResources.AddRegionField - CreateCommonResources.AddNamespaceField - CreateCommonResources.AddAccountIdField - - sumoDynamoDBMetricsAppStack.AddTableNameField - - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerNameField - - sumoLambdaMetricsAppStack.AddFunctionNameField - - sumoApiGatewayMetricsAppStack.AddApiNameField - - sumoApiGatewayMetricsAppStack.AddApiIdField - - sumoSNSAppStack.AddTopicNameField - - sumoSQSAppStack.AddQueueNameField - - sumoRdsMetricsAppStack.AddDBIdentifierField - - sumoEC2MetricsAppStack.AddInstanceIdField - - sumoECSMetricsAppStack.AddClusterNameField - - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField - CreateCommonResources.SumoLogicALBS3Policy - CreateCommonResources.SumoLogicELBS3Policy - CreateCommonResources.LambdaRole @@ -1294,7 +1298,6 @@ Tests: - sumoLambdaMetricsAppStack.LambdaCloudWatchLogsFieldExtractionRule - sumoLambdaMetricsAppStack.GenericCloudWatchLogsFieldExtractionRule - sumoNlbMetricsAppStack - - sumoNlbMetricsAppStack.AddLoadBalancerField - sumoNlbMetricsAppStack.MetricRule - CreateCommonResources.AccountAliasValue - RootCauseAppStack.AccountAliasValue @@ -1481,6 +1484,10 @@ Tests: - AssertType: ResourceExistence Assert: Resources: + - LambdaRole + - LambdaPermission + - PrimerInvoke + - TelemetryLambda - CreateCommonResources - sumoEC2MetricsAppStack - sumoAlbMetricsAppStack @@ -1499,18 +1506,6 @@ Tests: - CreateCommonResources.AddRegionField - CreateCommonResources.AddNamespaceField - CreateCommonResources.AddAccountIdField - - sumoDynamoDBMetricsAppStack.AddTableNameField - - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerNameField - - sumoLambdaMetricsAppStack.AddFunctionNameField - - sumoApiGatewayMetricsAppStack.AddApiNameField - - sumoApiGatewayMetricsAppStack.AddApiIdField - - sumoSNSAppStack.AddTopicNameField - - sumoSQSAppStack.AddQueueNameField - - sumoRdsMetricsAppStack.AddDBIdentifierField - - sumoEC2MetricsAppStack.AddInstanceIdField - - sumoECSMetricsAppStack.AddClusterNameField - - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField - CreateCommonResources.LambdaRole - CreateCommonResources.LambdaHelper - CreateCommonResources.AccountCheck @@ -1572,7 +1567,6 @@ Tests: - sumoLambdaMetricsAppStack.GenericCloudWatchLogsFieldExtractionRule - sumoEC2MetricsAppStack.FieldExtractionRule - sumoNlbMetricsAppStack - - sumoNlbMetricsAppStack.AddLoadBalancerField - sumoNlbMetricsAppStack.MetricRule - CreateCommonResources.AccountAliasValue - RootCauseAppStack.AccountAliasValue @@ -1733,6 +1727,10 @@ Tests: - AssertType: ResourceExistence Assert: Resources: + - LambdaRole + - LambdaPermission + - PrimerInvoke + - TelemetryLambda - CreateCommonResources - AutoEnableOptions - sumoEC2MetricsAppStack @@ -1751,18 +1749,6 @@ Tests: - CreateCommonResources.AddRegionField - CreateCommonResources.AddNamespaceField - CreateCommonResources.AddAccountIdField - - sumoDynamoDBMetricsAppStack.AddTableNameField - - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerNameField - - sumoLambdaMetricsAppStack.AddFunctionNameField - - sumoApiGatewayMetricsAppStack.AddApiNameField - - sumoApiGatewayMetricsAppStack.AddApiIdField - - sumoSNSAppStack.AddTopicNameField - - sumoSQSAppStack.AddQueueNameField - - sumoRdsMetricsAppStack.AddDBIdentifierField - - sumoEC2MetricsAppStack.AddInstanceIdField - - sumoECSMetricsAppStack.AddClusterNameField - - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField - CreateCommonResources.SumoLogicALBS3Policy - CreateCommonResources.SumoLogicCloudTrailS3Policy - CreateCommonResources.LambdaRole @@ -1785,8 +1771,8 @@ Tests: - CreateCommonResources.CloudTrailSource - CreateCommonResources.CloudTrailSNSSubscription - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.ExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableAccessLogsForExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.SumoLambdaRole - sumoAlbMetricsAppStack.SumoALBMetricsUpdateSource - sumoRdsMetricsAppStack.ClusterMetricRule @@ -1806,7 +1792,6 @@ Tests: - sumoECSMetricsAppStack.FieldExtractionRule - sumoElasticCacheMetricsAppStack.FieldExtractionRule - sumoNlbMetricsAppStack - - sumoNlbMetricsAppStack.AddLoadBalancerField - sumoNlbMetricsAppStack.MetricRule - CreateCommonResources.AccountAliasValue - RootCauseAppStack.RootCauseRole @@ -1834,7 +1819,7 @@ Tests: - CreateCommonResources.Namespaces - CreateCommonResources.LambdaRoleARN - CreateCommonResources.BucketName - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda - sumoLambdaMetricsAppStack.ExistingCloudWatchLogSourceName - sumoAlbMetricsAppStack.ExistingMetricSourceName - CreateCommonResources.CollectorName @@ -1960,6 +1945,10 @@ Tests: - AssertType: ResourceExistence Assert: Resources: + - LambdaRole + - LambdaPermission + - PrimerInvoke + - TelemetryLambda - CreateCommonResources - AutoEnableOptions - sumoEC2MetricsAppStack @@ -1978,18 +1967,6 @@ Tests: - CreateCommonResources.AddRegionField - CreateCommonResources.AddNamespaceField - CreateCommonResources.AddAccountIdField - - sumoDynamoDBMetricsAppStack.AddTableNameField - - sumoElbMetricsAppStack.AddLoadBalancerNameField - - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoLambdaMetricsAppStack.AddFunctionNameField - - sumoApiGatewayMetricsAppStack.AddApiNameField - - sumoApiGatewayMetricsAppStack.AddApiIdField - - sumoSNSAppStack.AddTopicNameField - - sumoSQSAppStack.AddQueueNameField - - sumoRdsMetricsAppStack.AddDBIdentifierField - - sumoEC2MetricsAppStack.AddInstanceIdField - - sumoECSMetricsAppStack.AddClusterNameField - - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField - CreateCommonResources.SumoLogicELBS3Policy - CreateCommonResources.SumoLogicCloudTrailS3Policy - CreateCommonResources.LambdaRole @@ -2012,14 +1989,15 @@ Tests: - CreateCommonResources.CloudTrailSource - CreateCommonResources.CloudTrailSNSSubscription - AutoEnableOptions.AutoEnableS3LogsElbAWSResources - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.ExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableAccessLogsForExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole - sumoRdsMetricsAppStack.ClusterMetricRule - sumoRdsMetricsAppStack.InstanceMetricRule - sumoLambdaMetricsAppStack.SumoHTTPUpdateSource - sumoLambdaMetricsAppStack.LambdaFieldExtractionRule - sumoElbMetricsAppStack.ElbLogsFieldExtractionRule + - sumoElbMetricsAppStack.SumoELBMetricsUpdateSource - sumoApiGatewayMetricsAppStack.CloudTrailLogsFieldExtractionRule - sumoApiGatewayMetricsAppStack.AccessLogsFieldExtractionRule - sumoApiGatewayMetricsAppStack.MetricRule @@ -2033,7 +2011,6 @@ Tests: - sumoElasticCacheMetricsAppStack.FieldExtractionRule - sumoEC2MetricsAppStack.FieldExtractionRule - sumoNlbMetricsAppStack - - sumoNlbMetricsAppStack.AddLoadBalancerField - sumoNlbMetricsAppStack.MetricRule - CreateCommonResources.AccountAliasValue - RootCauseAppStack.RootCauseRole @@ -2062,7 +2039,7 @@ Tests: - CreateCommonResources.LambdaRoleARN - CreateCommonResources.BucketName - sumoAlbMetricsAppStack.ExistingMetricSourceName - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda - sumoLambdaMetricsAppStack.ExistingCloudWatchLogSourceName - CreateCommonResources.CollectorName - CreateCommonResources.AccountAlias @@ -2185,6 +2162,10 @@ Tests: - AssertType: ResourceExistence Assert: Resources: + - LambdaRole + - LambdaPermission + - PrimerInvoke + - TelemetryLambda - CreateCommonResources - sumoEC2MetricsAppStack - sumoAlbMetricsAppStack @@ -2202,18 +2183,6 @@ Tests: - CreateCommonResources.AddRegionField - CreateCommonResources.AddNamespaceField - CreateCommonResources.AddAccountIdField - - sumoDynamoDBMetricsAppStack.AddTableNameField - - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerNameField - - sumoLambdaMetricsAppStack.AddFunctionNameField - - sumoApiGatewayMetricsAppStack.AddApiNameField - - sumoApiGatewayMetricsAppStack.AddApiIdField - - sumoSNSAppStack.AddTopicNameField - - sumoSQSAppStack.AddQueueNameField - - sumoRdsMetricsAppStack.AddDBIdentifierField - - sumoEC2MetricsAppStack.AddInstanceIdField - - sumoECSMetricsAppStack.AddClusterNameField - - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField - CreateCommonResources.SumoLogicALBS3Policy - CreateCommonResources.SumoLogicELBS3Policy - CreateCommonResources.SumoLogicCloudTrailS3Policy @@ -2263,7 +2232,6 @@ Tests: - sumoElasticCacheMetricsAppStack.FieldExtractionRule - sumoEC2MetricsAppStack.FieldExtractionRule - sumoNlbMetricsAppStack - - sumoNlbMetricsAppStack.AddLoadBalancerField - sumoNlbMetricsAppStack.MetricRule - CreateCommonResources.AccountAliasValue - RootCauseAppStack.AccountAliasValue @@ -2414,6 +2382,10 @@ Tests: - AssertType: ResourceExistence Assert: Resources: + - LambdaRole + - LambdaPermission + - PrimerInvoke + - TelemetryLambda - CreateCommonResources - AutoEnableOptions - sumoEC2MetricsAppStack @@ -2432,18 +2404,19 @@ Tests: - CreateCommonResources.AddRegionField - CreateCommonResources.AddNamespaceField - CreateCommonResources.AddAccountIdField - - sumoDynamoDBMetricsAppStack.AddTableNameField - - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerNameField - - sumoLambdaMetricsAppStack.AddFunctionNameField - - sumoApiGatewayMetricsAppStack.AddApiNameField - - sumoApiGatewayMetricsAppStack.AddApiIdField - - sumoSNSAppStack.AddTopicNameField - - sumoSQSAppStack.AddQueueNameField - - sumoRdsMetricsAppStack.AddDBIdentifierField - - sumoEC2MetricsAppStack.AddInstanceIdField - - sumoECSMetricsAppStack.AddClusterNameField - - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField + - CreateCommonResources.AddApiIdField + - CreateCommonResources.AddApiNameField + - CreateCommonResources.AddCacheClusterIdField + - CreateCommonResources.AddClusterNameField + - CreateCommonResources.AddDBIdentifierField + - CreateCommonResources.AddFunctionNameField + - CreateCommonResources.AddInstanceIdField + - CreateCommonResources.AddLoadBalancerField + - CreateCommonResources.AddLoadBalancerNameField + - CreateCommonResources.AddNETLoadBalancerField + - CreateCommonResources.AddQueueNameField + - CreateCommonResources.AddTableNameField + - CreateCommonResources.AddTopicNameField - CreateCommonResources.LambdaRole - CreateCommonResources.LambdaHelper - CreateCommonResources.AccountCheck @@ -2455,9 +2428,9 @@ Tests: - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.ExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableAccessLogsForExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.SumoLambdaRole - sumoEC2MetricsAppStack.sumoApp - sumoEC2MetricsAppStack.sumoOverview @@ -2487,7 +2460,6 @@ Tests: - sumoECSMetricsAppStack.sumoApp - sumoElasticCacheMetricsAppStack.FieldExtractionRule - sumoElasticCacheMetricsAppStack.sumoApp - - sumoNlbMetricsAppStack.AddLoadBalancerField - sumoNlbMetricsAppStack - sumoNlbMetricsAppStack.MetricRule - sumoNlbMetricsAppStack.sumoApp @@ -2536,7 +2508,7 @@ Tests: - CreateCommonResources.LambdaRoleARN - sumoLambdaMetricsAppStack.ExistingCloudTrailLogSourceName - sumoAlbMetricsAppStack.ExistingLogSourceName - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - CreateCommonResources.KinesisMetricsRoleARN - CreateCommonResources.KinesisMetricsDeliveryStreamARN @@ -2670,6 +2642,10 @@ Tests: - AssertType: ResourceExistence Assert: Resources: + - LambdaRole + - LambdaPermission + - PrimerInvoke + - TelemetryLambda - CreateCommonResources - AutoEnableOptions - sumoEC2MetricsAppStack @@ -2688,18 +2664,19 @@ Tests: - CreateCommonResources.AddRegionField - CreateCommonResources.AddNamespaceField - CreateCommonResources.AddAccountIdField - - sumoDynamoDBMetricsAppStack.AddTableNameField - - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerNameField - - sumoLambdaMetricsAppStack.AddFunctionNameField - - sumoApiGatewayMetricsAppStack.AddApiNameField - - sumoApiGatewayMetricsAppStack.AddApiIdField - - sumoSNSAppStack.AddTopicNameField - - sumoSQSAppStack.AddQueueNameField - - sumoRdsMetricsAppStack.AddDBIdentifierField - - sumoEC2MetricsAppStack.AddInstanceIdField - - sumoECSMetricsAppStack.AddClusterNameField - - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField + - CreateCommonResources.AddApiIdField + - CreateCommonResources.AddApiNameField + - CreateCommonResources.AddCacheClusterIdField + - CreateCommonResources.AddClusterNameField + - CreateCommonResources.AddDBIdentifierField + - CreateCommonResources.AddFunctionNameField + - CreateCommonResources.AddInstanceIdField + - CreateCommonResources.AddLoadBalancerField + - CreateCommonResources.AddLoadBalancerNameField + - CreateCommonResources.AddNETLoadBalancerField + - CreateCommonResources.AddQueueNameField + - CreateCommonResources.AddTableNameField + - CreateCommonResources.AddTopicNameField - CreateCommonResources.LambdaRole - CreateCommonResources.LambdaHelper - CreateCommonResources.AccountCheck @@ -2711,9 +2688,9 @@ Tests: - AutoEnableOptions.AutoEnableS3LogsElbAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.ExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableAccessLogsForExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole - sumoEC2MetricsAppStack.sumoApp - sumoEC2MetricsAppStack.sumoOverview @@ -2743,7 +2720,6 @@ Tests: - sumoECSMetricsAppStack.sumoApp - sumoElasticCacheMetricsAppStack.FieldExtractionRule - sumoElasticCacheMetricsAppStack.sumoApp - - sumoNlbMetricsAppStack.AddLoadBalancerField - sumoNlbMetricsAppStack - sumoNlbMetricsAppStack.MetricRule - sumoNlbMetricsAppStack.sumoApp @@ -2792,7 +2768,7 @@ Tests: - CreateCommonResources.LambdaRoleARN - sumoLambdaMetricsAppStack.ExistingCloudTrailLogSourceName - sumoElbMetricsAppStack.ExistingLogSourceName - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - CreateCommonResources.KinesisMetricsRoleARN - CreateCommonResources.KinesisMetricsDeliveryStreamARN @@ -2935,6 +2911,10 @@ Tests: - AssertType: ResourceExistence Assert: Resources: + - LambdaRole + - LambdaPermission + - PrimerInvoke + - TelemetryLambda - CreateCommonResources - sumoEC2MetricsAppStack - sumoAlbMetricsAppStack @@ -2952,18 +2932,6 @@ Tests: - CreateCommonResources.AddRegionField - CreateCommonResources.AddNamespaceField - CreateCommonResources.AddAccountIdField - - sumoDynamoDBMetricsAppStack.AddTableNameField - - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerNameField - - sumoLambdaMetricsAppStack.AddFunctionNameField - - sumoApiGatewayMetricsAppStack.AddApiNameField - - sumoApiGatewayMetricsAppStack.AddApiIdField - - sumoSNSAppStack.AddTopicNameField - - sumoSQSAppStack.AddQueueNameField - - sumoRdsMetricsAppStack.AddDBIdentifierField - - sumoEC2MetricsAppStack.AddInstanceIdField - - sumoECSMetricsAppStack.AddClusterNameField - - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField - CreateCommonResources.SumoLogicALBS3Policy - CreateCommonResources.SumoLogicELBS3Policy - CreateCommonResources.SumoLogicCloudTrailS3Policy @@ -3016,7 +2984,6 @@ Tests: - sumoElasticCacheMetricsAppStack.FieldExtractionRule - sumoEC2MetricsAppStack.FieldExtractionRule - sumoNlbMetricsAppStack - - sumoNlbMetricsAppStack.AddLoadBalancerField - sumoNlbMetricsAppStack.MetricRule - CreateCommonResources.KinesisFirehoseLogsStack - CreateCommonResources.KinesisFirehoseLogsSource @@ -3199,7 +3166,7 @@ Tests: Section3aNLBLogsSourceName: '' Section3bNLBSourceUpdated: 'No' - - TestName: ELBAutoEnableCheck + - TestName: elbautoenablecheck Regions: - ap-southeast-1 Skip: false @@ -3220,6 +3187,10 @@ Tests: - AssertType: ResourceExistence Assert: Resources: + - LambdaRole + - LambdaPermission + - PrimerInvoke + - TelemetryLambda - CreateCommonResources - AutoEnableOptions - sumoEC2MetricsAppStack @@ -3237,18 +3208,19 @@ Tests: - CreateCommonResources.AddAccountField - CreateCommonResources.AddRegionField - CreateCommonResources.AddNamespaceField - - sumoDynamoDBMetricsAppStack.AddTableNameField - - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerNameField - - sumoLambdaMetricsAppStack.AddFunctionNameField - - sumoApiGatewayMetricsAppStack.AddApiNameField - - sumoApiGatewayMetricsAppStack.AddApiIdField - - sumoSNSAppStack.AddTopicNameField - - sumoSQSAppStack.AddQueueNameField - - sumoRdsMetricsAppStack.AddDBIdentifierField - - sumoEC2MetricsAppStack.AddInstanceIdField - - sumoECSMetricsAppStack.AddClusterNameField - - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField + - CreateCommonResources.AddApiIdField + - CreateCommonResources.AddApiNameField + - CreateCommonResources.AddCacheClusterIdField + - CreateCommonResources.AddClusterNameField + - CreateCommonResources.AddDBIdentifierField + - CreateCommonResources.AddFunctionNameField + - CreateCommonResources.AddInstanceIdField + - CreateCommonResources.AddLoadBalancerField + - CreateCommonResources.AddLoadBalancerNameField + - CreateCommonResources.AddNETLoadBalancerField + - CreateCommonResources.AddQueueNameField + - CreateCommonResources.AddTableNameField + - CreateCommonResources.AddTopicNameField - CreateCommonResources.LambdaRole - CreateCommonResources.LambdaHelper - CreateCommonResources.AccountCheck @@ -3297,16 +3269,16 @@ Tests: - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.ExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableAccessLogsForExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoEnableS3LogsElbAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.ExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableAccessLogsForExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.InvokeLambdaConnector @@ -3348,7 +3320,6 @@ Tests: - sumoEC2MetricsAppStack.FieldExtractionRule - sumoElasticCacheMetricsAppStack.sumoApp - sumoNlbMetricsAppStack - - sumoNlbMetricsAppStack.AddLoadBalancerField - sumoNlbMetricsAppStack.MetricRule - sumoNlbMetricsAppStack.sumoApp - sumoEC2MetricsAppStack.sumoAppCW @@ -3383,9 +3354,9 @@ Tests: - CreateCommonResources.Namespaces - CreateCommonResources.LambdaRoleARN - CreateCommonResources.BucketName - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - CreateCommonResources.KinesisMetricsRoleARN - CreateCommonResources.KinesisMetricsDeliveryStreamARN From 1ab9155640cd983fd7a635d2cf0105d74798406d Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Tue, 9 Jul 2024 14:30:42 +0530 Subject: [PATCH 22/34] Removed on DependsOn from region,namespace and accountid fields --- aws-observability/apps/common/resources.template.yaml | 3 --- 1 file changed, 3 deletions(-) diff --git a/aws-observability/apps/common/resources.template.yaml b/aws-observability/apps/common/resources.template.yaml index 014769e4..ccc277f9 100755 --- a/aws-observability/apps/common/resources.template.yaml +++ b/aws-observability/apps/common/resources.template.yaml @@ -862,7 +862,6 @@ Resources: AddRegionField: Type: Custom::SumoLogicFieldsSchema - DependsOn: AddAccountField Properties: ServiceToken: !GetAtt LambdaHelper.Arn FieldName: "region" @@ -873,7 +872,6 @@ Resources: AddNamespaceField: Type: Custom::SumoLogicFieldsSchema - DependsOn: AddRegionField Properties: ServiceToken: !GetAtt LambdaHelper.Arn FieldName: "namespace" @@ -884,7 +882,6 @@ Resources: AddAccountIdField: Type: Custom::SumoLogicFieldsSchema - DependsOn: AddNamespaceField Properties: ServiceToken: !GetAtt LambdaHelper.Arn FieldName: "accountid" From 51b79b62c43c8759596aaa8e86d03a84e44d6d1a Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Wed, 10 Jul 2024 15:34:53 +0530 Subject: [PATCH 23/34] Fixed testcases and CVEs --- aws-observability-terraform/go.mod | 74 +++++++++--------- aws-observability-terraform/go.sum | 77 +++++++++++++++++++ .../source-module/main_s3_bucket.tf | 2 + .../test/appmodule/app_test.go | 8 +- .../test/sourcemodule/source_test.go | 6 +- 5 files changed, 123 insertions(+), 44 deletions(-) diff --git a/aws-observability-terraform/go.mod b/aws-observability-terraform/go.mod index 050880bc..cd73c161 100644 --- a/aws-observability-terraform/go.mod +++ b/aws-observability-terraform/go.mod @@ -3,23 +3,23 @@ module github.com/SumoLogic/sumologic-solution-templates/aws-observability-terra go 1.22.0 require ( - github.com/aws/aws-sdk-go v1.53.17 - github.com/gruntwork-io/terratest v0.46.15 + github.com/aws/aws-sdk-go v1.54.16 + github.com/gruntwork-io/terratest v0.46.16 github.com/stretchr/testify v1.9.0 ) require ( - cloud.google.com/go v0.114.0 // indirect - cloud.google.com/go/auth v0.5.1 // indirect + cloud.google.com/go v0.115.0 // indirect + cloud.google.com/go/auth v0.6.1 // indirect cloud.google.com/go/auth/oauth2adapt v0.2.2 // indirect - cloud.google.com/go/compute/metadata v0.3.0 // indirect - cloud.google.com/go/iam v1.1.8 // indirect - cloud.google.com/go/storage v1.41.0 // indirect + cloud.google.com/go/compute/metadata v0.4.0 // indirect + cloud.google.com/go/iam v1.1.10 // indirect + cloud.google.com/go/storage v1.43.0 // indirect filippo.io/edwards25519 v1.1.0 // indirect github.com/agext/levenshtein v1.2.3 // indirect github.com/apparentlymart/go-textseg/v15 v15.0.0 // indirect github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d // indirect - github.com/boombuler/barcode v1.0.1 // indirect + github.com/boombuler/barcode v1.0.2 // indirect github.com/cpuguy83/go-md2man/v2 v2.0.4 // indirect github.com/davecgh/go-spew v1.1.1 // indirect github.com/emicklei/go-restful/v3 v3.12.1 // indirect @@ -39,29 +39,29 @@ require ( github.com/google/s2a-go v0.1.7 // indirect github.com/google/uuid v1.6.0 // indirect github.com/googleapis/enterprise-certificate-proxy v0.3.2 // indirect - github.com/googleapis/gax-go/v2 v2.12.4 // indirect - github.com/gorilla/websocket v1.5.1 // indirect - github.com/gruntwork-io/go-commons v0.17.1 // indirect + github.com/googleapis/gax-go/v2 v2.12.5 // indirect + github.com/gorilla/websocket v1.5.3 // indirect + github.com/gruntwork-io/go-commons v0.17.2 // indirect github.com/hashicorp/errwrap v1.1.0 // indirect github.com/hashicorp/go-cleanhttp v0.5.2 // indirect github.com/hashicorp/go-getter v1.7.5 // indirect github.com/hashicorp/go-multierror v1.1.1 // indirect github.com/hashicorp/go-safetemp v1.0.0 // indirect github.com/hashicorp/go-version v1.7.0 // indirect - github.com/hashicorp/hcl/v2 v2.20.1 // indirect + github.com/hashicorp/hcl/v2 v2.21.0 // indirect github.com/hashicorp/terraform-json v0.22.1 // indirect github.com/imdario/mergo v0.3.16 // indirect github.com/jinzhu/copier v0.4.0 // indirect github.com/jmespath/go-jmespath v0.4.0 // indirect github.com/josharian/intern v1.0.0 // indirect github.com/json-iterator/go v1.1.12 // indirect - github.com/klauspost/compress v1.17.8 // indirect + github.com/klauspost/compress v1.17.9 // indirect github.com/mailru/easyjson v0.7.7 // indirect github.com/mattn/go-zglob v0.0.4 // indirect github.com/mitchellh/go-homedir v1.1.0 // indirect github.com/mitchellh/go-testing-interface v1.14.1 // indirect github.com/mitchellh/go-wordwrap v1.0.1 // indirect - github.com/moby/spdystream v0.2.0 // indirect + github.com/moby/spdystream v0.4.0 // indirect github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd // indirect github.com/modern-go/reflect2 v1.0.2 // indirect github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect @@ -76,36 +76,36 @@ require ( github.com/xrash/smetrics v0.0.0-20240521201337-686a1a2994c1 // indirect github.com/zclconf/go-cty v1.14.4 // indirect go.opencensus.io v0.24.0 // indirect - go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 // indirect - go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 // indirect - go.opentelemetry.io/otel v1.27.0 // indirect - go.opentelemetry.io/otel/metric v1.27.0 // indirect - go.opentelemetry.io/otel/trace v1.27.0 // indirect - golang.org/x/crypto v0.24.0 // indirect - golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 // indirect - golang.org/x/mod v0.18.0 // indirect - golang.org/x/net v0.26.0 // indirect + go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 // indirect + go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 // indirect + go.opentelemetry.io/otel v1.28.0 // indirect + go.opentelemetry.io/otel/metric v1.28.0 // indirect + go.opentelemetry.io/otel/trace v1.28.0 // indirect + golang.org/x/crypto v0.25.0 // indirect + golang.org/x/exp v0.0.0-20240707233637-46b078467d37 // indirect + golang.org/x/mod v0.19.0 // indirect + golang.org/x/net v0.27.0 // indirect golang.org/x/oauth2 v0.21.0 // indirect golang.org/x/sync v0.7.0 // indirect - golang.org/x/sys v0.21.0 // indirect - golang.org/x/term v0.21.0 // indirect + golang.org/x/sys v0.22.0 // indirect + golang.org/x/term v0.22.0 // indirect golang.org/x/text v0.16.0 // indirect golang.org/x/time v0.5.0 // indirect - golang.org/x/tools v0.22.0 // indirect - google.golang.org/api v0.183.0 // indirect - google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 // indirect - google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 // indirect - google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 // indirect - google.golang.org/grpc v1.64.0 // indirect - google.golang.org/protobuf v1.34.1 // indirect + golang.org/x/tools v0.23.0 // indirect + google.golang.org/api v0.187.0 // indirect + google.golang.org/genproto v0.0.0-20240708141625-4ad9e859172b // indirect + google.golang.org/genproto/googleapis/api v0.0.0-20240708141625-4ad9e859172b // indirect + google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b // indirect + google.golang.org/grpc v1.65.0 // indirect + google.golang.org/protobuf v1.34.2 // indirect gopkg.in/inf.v0 v0.9.1 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect gopkg.in/yaml.v3 v3.0.1 // indirect - k8s.io/api v0.30.1 // indirect - k8s.io/apimachinery v0.30.1 // indirect - k8s.io/client-go v0.30.1 // indirect - k8s.io/klog/v2 v2.120.1 // indirect - k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a // indirect + k8s.io/api v0.30.2 // indirect + k8s.io/apimachinery v0.30.2 // indirect + k8s.io/client-go v0.30.2 // indirect + k8s.io/klog/v2 v2.130.1 // indirect + k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f // indirect k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 // indirect sigs.k8s.io/json v0.0.0-20221116044647-bc3834ca7abd // indirect sigs.k8s.io/structured-merge-diff/v4 v4.4.1 // indirect diff --git a/aws-observability-terraform/go.sum b/aws-observability-terraform/go.sum index c75bbf69..def0f357 100644 --- a/aws-observability-terraform/go.sum +++ b/aws-observability-terraform/go.sum @@ -32,6 +32,8 @@ cloud.google.com/go v0.102.1/go.mod h1:XZ77E9qnTEnrgEOvr4xzfdX5TRo7fB4T2F4O6+34h cloud.google.com/go v0.104.0/go.mod h1:OO6xxXdJyvuJPcEPBLN9BJPD+jep5G1+2U5B5gkRYtA= cloud.google.com/go v0.114.0 h1:OIPFAdfrFDFO2ve2U7r/H5SwSbBzEdrBdE7xkgwc+kY= cloud.google.com/go v0.114.0/go.mod h1:ZV9La5YYxctro1HTPug5lXH/GefROyW8PPD4T8n9J8E= +cloud.google.com/go v0.115.0 h1:CnFSK6Xo3lDYRoBKEcAtia6VSC837/ZkJuRduSFnr14= +cloud.google.com/go v0.115.0/go.mod h1:8jIM5vVgoAEoiVxQ/O4BFTfHqulPZgs/ufEzMcFMdWU= cloud.google.com/go/aiplatform v1.22.0/go.mod h1:ig5Nct50bZlzV6NvKaTwmplLLddFx0YReh9WfTO5jKw= cloud.google.com/go/aiplatform v1.24.0/go.mod h1:67UUvRBKG6GTayHKV8DBv2RtR1t93YRu5B1P3x99mYY= cloud.google.com/go/analytics v0.11.0/go.mod h1:DjEWCu41bVbYcKyvlws9Er60YE4a//bK6mnhWvQeFNI= @@ -48,6 +50,8 @@ cloud.google.com/go/assuredworkloads v1.6.0/go.mod h1:yo2YOk37Yc89Rsd5QMVECvjaMK cloud.google.com/go/assuredworkloads v1.7.0/go.mod h1:z/736/oNmtGAyU47reJgGN+KVoYoxeLBoj4XkKYscNI= cloud.google.com/go/auth v0.5.1 h1:0QNO7VThG54LUzKiQxv8C6x1YX7lUrzlAa1nVLF8CIw= cloud.google.com/go/auth v0.5.1/go.mod h1:vbZT8GjzDf3AVqCcQmqeeM32U9HBFc32vVVAbwDsa6s= +cloud.google.com/go/auth v0.6.1 h1:T0Zw1XM5c1GlpN2HYr2s+m3vr1p2wy+8VN+Z1FKxW38= +cloud.google.com/go/auth v0.6.1/go.mod h1:eFHG7zDzbXHKmjJddFG/rBlcGp6t25SwRUiEQSlO4x4= cloud.google.com/go/auth/oauth2adapt v0.2.2 h1:+TTV8aXpjeChS9M+aTtN/TjdQnzJvmzKFt//oWu7HX4= cloud.google.com/go/auth/oauth2adapt v0.2.2/go.mod h1:wcYjgpZI9+Yu7LyYBg4pqSiaRkfEK3GQcpb7C/uyF1Q= cloud.google.com/go/automl v1.5.0/go.mod h1:34EjfoFGMZ5sgJ9EoLsRtdPSNZLcfflJR39VbVNS2M0= @@ -72,8 +76,12 @@ cloud.google.com/go/compute v1.6.0/go.mod h1:T29tfhtVbq1wvAPo0E3+7vhgmkOYeXjhFvz cloud.google.com/go/compute v1.6.1/go.mod h1:g85FgpzFvNULZ+S8AYq87axRKuf2Kh7deLqV/jJ3thU= cloud.google.com/go/compute v1.7.0/go.mod h1:435lt8av5oL9P3fv1OEzSbSUe+ybHXGMPQHHZWZxy9U= cloud.google.com/go/compute v1.10.0/go.mod h1:ER5CLbMxl90o2jtNbGSbtfOpQKR0t15FOtRsugnLrlU= +cloud.google.com/go/compute v1.27.2 h1:5cE5hdrwJV/92ravlwIFRGnyH9CpLGhh4N0ZDVTU+BA= +cloud.google.com/go/compute v1.27.2/go.mod h1:YQuHkNEwP3bIz4LBYQqf4DIMfFtTDtnEgnwG0mJQQ9I= cloud.google.com/go/compute/metadata v0.3.0 h1:Tz+eQXMEqDIKRsmY3cHTL6FVaynIjX2QxYC4trgAKZc= cloud.google.com/go/compute/metadata v0.3.0/go.mod h1:zFmK7XCadkQkj6TtorcaGlCW1hT1fIilQDwofLpJ20k= +cloud.google.com/go/compute/metadata v0.4.0 h1:vHzJCWaM4g8XIcm8kopr3XmDA4Gy/lblD3EhhSux05c= +cloud.google.com/go/compute/metadata v0.4.0/go.mod h1:SIQh1Kkb4ZJ8zJ874fqVkslA29PRXuleyj6vOzlbK7M= cloud.google.com/go/containeranalysis v0.5.1/go.mod h1:1D92jd8gRR/c0fGMlymRgxWD3Qw9C1ff6/T7mLgVL8I= cloud.google.com/go/containeranalysis v0.6.0/go.mod h1:HEJoiEIu+lEXM+k7+qLCci0h33lX3ZqoYFdmPcoO7s4= cloud.google.com/go/datacatalog v1.3.0/go.mod h1:g9svFY6tuR+j+hrTw3J2dNcmI0dzmSiyOzm8kpLq0a0= @@ -113,6 +121,8 @@ cloud.google.com/go/iam v0.3.0/go.mod h1:XzJPvDayI+9zsASAFO68Hk07u3z+f+JrT2xXNdp cloud.google.com/go/iam v0.5.0/go.mod h1:wPU9Vt0P4UmCux7mqtRu6jcpPAb74cP1fh50J3QpkUc= cloud.google.com/go/iam v1.1.8 h1:r7umDwhj+BQyz0ScZMp4QrGXjSTI3ZINnpgU2nlB/K0= cloud.google.com/go/iam v1.1.8/go.mod h1:GvE6lyMmfxXauzNq8NbgJbeVQNspG+tcdL/W8QO1+zE= +cloud.google.com/go/iam v1.1.10 h1:ZSAr64oEhQSClwBL670MsJAW5/RLiC6kfw3Bqmd5ZDI= +cloud.google.com/go/iam v1.1.10/go.mod h1:iEgMq62sg8zx446GCaijmA2Miwg5o3UbO+nI47WHJps= cloud.google.com/go/language v1.4.0/go.mod h1:F9dRpNFQmJbkaop6g0JhSBXCNlO90e1KWx5iDdxbWic= cloud.google.com/go/language v1.6.0/go.mod h1:6dJ8t3B+lUYfStgls25GusK04NLh3eDLQnWM3mdEbhI= cloud.google.com/go/lifesciences v0.5.0/go.mod h1:3oIKy8ycWGPUyZDR/8RNnTOYevhaMLqh5vLUXs9zvT8= @@ -175,6 +185,8 @@ cloud.google.com/go/storage v1.23.0/go.mod h1:vOEEDNFnciUMhBeT6hsJIn3ieU5cFRmzeL cloud.google.com/go/storage v1.27.0/go.mod h1:x9DOL8TK/ygDUMieqwfhdpQryTeEkhGKMi80i/iqR2s= cloud.google.com/go/storage v1.41.0 h1:RusiwatSu6lHeEXe3kglxakAmAbfV+rhtPqA6i8RBx0= cloud.google.com/go/storage v1.41.0/go.mod h1:J1WCa/Z2FcgdEDuPUY8DxT5I+d9mFKsCepp5vR6Sq80= +cloud.google.com/go/storage v1.43.0 h1:CcxnSohZwizt4LCzQHWvBf1/kvtHUn7gk9QERXPyXFs= +cloud.google.com/go/storage v1.43.0/go.mod h1:ajvxEa7WmZS1PxvKRq4bq0tFT3vMd502JwstCcYv0Q0= cloud.google.com/go/talent v1.1.0/go.mod h1:Vl4pt9jiHKvOgF9KoZo6Kob9oV4lwd/ZD5Cto54zDRw= cloud.google.com/go/talent v1.2.0/go.mod h1:MoNF9bhFQbiJ6eFD3uSsg0uBALw4n4gaCaEjBw9zo8g= cloud.google.com/go/videointelligence v1.6.0/go.mod h1:w0DIDlVRKtwPCn/C4iwZIJdvC69yInhW0cfi+p546uU= @@ -202,11 +214,15 @@ github.com/armon/go-socks5 v0.0.0-20160902184237-e75332964ef5/go.mod h1:wHh0iHkY github.com/aws/aws-sdk-go v1.44.122/go.mod h1:y4AeaBuwd2Lk+GepC1E9v0qOiTws0MIWAX4oIKwKHZo= github.com/aws/aws-sdk-go v1.53.17 h1:TwtYMzVBTaqPVj/pcemHRIgk01OycWEcEUyUUX0tpCI= github.com/aws/aws-sdk-go v1.53.17/go.mod h1:LF8svs817+Nz+DmiMQKTO3ubZ/6IaTpq3TjupRn3Eqk= +github.com/aws/aws-sdk-go v1.54.16 h1:+B9zGaVwOUU6AO9Sy99VjTMDPthWx10HjB08hjaBHIc= +github.com/aws/aws-sdk-go v1.54.16/go.mod h1:eRwEWoyTWFMVYVQzKMNHWP5/RV4xIUGMQfXQHfHkpNU= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d h1:xDfNPAt8lFiC1UJrqV3uuy861HCTo708pDMbjHHdCas= github.com/bgentry/go-netrc v0.0.0-20140422174119-9fd32a8b3d3d/go.mod h1:6QX/PXZ00z/TKoufEY6K/a0k6AhaJrQKdFe6OfVXsa4= github.com/boombuler/barcode v1.0.1-0.20190219062509-6c824513bacc/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/boombuler/barcode v1.0.1 h1:NDBbPmhS+EqABEs5Kg3n/5ZNjy73Pz7SIV+KCeqyXcs= github.com/boombuler/barcode v1.0.1/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= +github.com/boombuler/barcode v1.0.2 h1:79yrbttoZrLGkL/oOI8hBrUKucwOL0oOjUgEguGMcJ4= +github.com/boombuler/barcode v1.0.2/go.mod h1:paBWMcWSl3LHKBqUq+rly7CNSldXjb2rDl3JlRe0mD8= github.com/census-instrumentation/opencensus-proto v0.2.1/go.mod h1:f6KPmirojxKA12rnyqOA5BBL4O983OfeGPqjHWSTneU= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.1.1/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= @@ -375,15 +391,23 @@ github.com/googleapis/gax-go/v2 v2.5.1/go.mod h1:h6B0KMMFNtI2ddbGJn3T3ZbwkeT6yqE github.com/googleapis/gax-go/v2 v2.6.0/go.mod h1:1mjbznJAPHFpesgE5ucqfYEscaz5kMdcIDwU/6+DDoY= github.com/googleapis/gax-go/v2 v2.12.4 h1:9gWcmF85Wvq4ryPFvGFaOgPIs1AQX0d0bcbGw4Z96qg= github.com/googleapis/gax-go/v2 v2.12.4/go.mod h1:KYEYLorsnIGDi/rPC8b5TdlB9kbKoFubselGIoBMCwI= +github.com/googleapis/gax-go/v2 v2.12.5 h1:8gw9KZK8TiVKB6q3zHY3SBzLnrGp6HQjyfYBYGmXdxA= +github.com/googleapis/gax-go/v2 v2.12.5/go.mod h1:BUDKcWo+RaKq5SC9vVYL0wLADa3VcfswbOMMRmB9H3E= github.com/googleapis/go-type-adapters v1.0.0/go.mod h1:zHW75FOG2aur7gAO2B+MLby+cLsWGBF62rFAi7WjWO4= github.com/gorilla/websocket v1.4.2/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/gorilla/websocket v1.5.1 h1:gmztn0JnHVt9JZquRuzLw3g4wouNVzKL15iLr/zn/QY= github.com/gorilla/websocket v1.5.1/go.mod h1:x3kM2JMyaluk02fnUJpQuwD2dCS5NDG2ZHL0uE0tcaY= +github.com/gorilla/websocket v1.5.3 h1:saDtZ6Pbx/0u+bgYQ3q96pZgCzfhKXGPqt7kZ72aNNg= +github.com/gorilla/websocket v1.5.3/go.mod h1:YR8l580nyteQvAITg2hZ9XVh4b55+EU/adAjf1fMHhE= github.com/grpc-ecosystem/grpc-gateway v1.16.0/go.mod h1:BDjrQk3hbvj6Nolgz8mAMFbcEtjT1g+wF4CSlocrBnw= github.com/gruntwork-io/go-commons v0.17.1 h1:2KS9wAqrgeOTWj33DSHzDNJ1FCprptWdLFqej+wB8x0= github.com/gruntwork-io/go-commons v0.17.1/go.mod h1:S98JcR7irPD1bcruSvnqupg+WSJEJ6xaM89fpUZVISk= +github.com/gruntwork-io/go-commons v0.17.2 h1:14dsCJ7M5Vv2X3BIPKeG9Kdy6vTMGhM8L4WZazxfTuY= +github.com/gruntwork-io/go-commons v0.17.2/go.mod h1:zs7Q2AbUKuTarBPy19CIxJVUX/rBamfW8IwuWKniWkE= github.com/gruntwork-io/terratest v0.46.15 h1:qfqjTFveymaqe7aAWn3LjlK0SwVGpRfoOut5ggNyfQ8= github.com/gruntwork-io/terratest v0.46.15/go.mod h1:9bd22zAojjBBiYdsp+AR1iyl2iB6bRUVm2Yf1AFhfrA= +github.com/gruntwork-io/terratest v0.46.16 h1:l+HHuU7lNLwoAl2sP8zkYJy0uoE2Mwha2nw+rim+OhQ= +github.com/gruntwork-io/terratest v0.46.16/go.mod h1:oywHw1cFKXSYvKPm27U7quZVzDUlA22H2xUrKCe26xM= github.com/hashicorp/errwrap v1.0.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= github.com/hashicorp/errwrap v1.1.0 h1:OxrOeh75EUXMY8TBjag2fzXGZ40LB6IKw45YeGUDY2I= github.com/hashicorp/errwrap v1.1.0/go.mod h1:YH+1FKiLXxHSkmPseP+kNlulaMuP3n2brvKWEqk/Jc4= @@ -402,6 +426,8 @@ github.com/hashicorp/golang-lru v0.5.0/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ github.com/hashicorp/golang-lru v0.5.1/go.mod h1:/m3WP610KZHVQ1SGc6re/UDhFvYD7pJ4Ao+sR/qLZy8= github.com/hashicorp/hcl/v2 v2.20.1 h1:M6hgdyz7HYt1UN9e61j+qKJBqR3orTWbI1HKBJEdxtc= github.com/hashicorp/hcl/v2 v2.20.1/go.mod h1:TZDqQ4kNKCbh1iJp99FdPiUaVDDUPivbqxZulxDYqL4= +github.com/hashicorp/hcl/v2 v2.21.0 h1:lve4q/o/2rqwYOgUg3y3V2YPyD1/zkCLGjIV74Jit14= +github.com/hashicorp/hcl/v2 v2.21.0/go.mod h1:62ZYHrXgPoX8xBnzl8QzbWq4dyDsDtfCRgIq1rbJEvA= github.com/hashicorp/terraform-json v0.22.1 h1:xft84GZR0QzjPVWs4lRUwvTcPnegqlyS7orfb5Ltvec= github.com/hashicorp/terraform-json v0.22.1/go.mod h1:JbWSQCLFSXFFhg42T7l9iJwdGXBYV8fmmD6o/ML4p3A= github.com/ianlancetaylor/demangle v0.0.0-20181102032728-5e5cf60278f6/go.mod h1:aSSvb/t6k1mPoxDqO4vJh6VOCGPwU4O0C2/Eqndh1Sc= @@ -425,6 +451,8 @@ github.com/kisielk/gotool v1.0.0/go.mod h1:XhKaO+MFFWcvkIS/tQcRk01m1F5IRFswLeQ+o github.com/klauspost/compress v1.15.11/go.mod h1:QPwzmACJjUTFsnSHH934V6woptycfrDDJnH7hvFVbGM= github.com/klauspost/compress v1.17.8 h1:YcnTYrq7MikUT7k0Yb5eceMmALQPYBW/Xltxn0NAMnU= github.com/klauspost/compress v1.17.8/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= +github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= +github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= github.com/kr/pretty v0.3.1 h1:flRD4NNwYAUpkphVc1HcthR4KEIFJ65n8Mw5qdRn3LE= github.com/kr/pretty v0.3.1/go.mod h1:hoEshYVHaxMs3cyo3Yncou5ZscifuDolrwPKZanG3xk= @@ -447,6 +475,8 @@ github.com/mitchellh/go-wordwrap v1.0.1 h1:TLuKupo69TCn6TQSyGxwI1EblZZEsQ0vMlAFQ github.com/mitchellh/go-wordwrap v1.0.1/go.mod h1:R62XHJLzvMFRBbcrT7m7WgmE1eOyTSsCt+hzestvNj0= github.com/moby/spdystream v0.2.0 h1:cjW1zVyyoiM0T7b6UoySUFqzXMoqRckQtXwGPiBhOM8= github.com/moby/spdystream v0.2.0/go.mod h1:f7i0iNDQJ059oMTcWxx8MA/zKFIuD/lY+0GqbN2Wy8c= +github.com/moby/spdystream v0.4.0 h1:Vy79D6mHeJJjiPdFEL2yku1kl0chZpJfZcPpb16BRl8= +github.com/moby/spdystream v0.4.0/go.mod h1:xBAYlnt/ay+11ShkdFKNAG7LsyK/tmNBVvVOwrfMgdI= github.com/modern-go/concurrent v0.0.0-20180228061459-e0a39a4cb421/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd h1:TRLaZ9cD/w8PVh93nsPXa1VrQ6jlwL5oN8l14QlcNfg= github.com/modern-go/concurrent v0.0.0-20180306012644-bacd9c7ef1dd/go.mod h1:6dJC0mAP4ikYIbvyc7fijjWJddQyLn8Ig3JB5CqoB9Q= @@ -507,6 +537,7 @@ github.com/zclconf/go-cty v1.14.4 h1:uXXczd9QDGsgu0i/QFR/hzI5NYCHLf6NQw/atrbnhq8 github.com/zclconf/go-cty v1.14.4/go.mod h1:VvMs5i0vgZdhYawQNq5kePSpLAoz8u1xvZgrPIxfnZE= github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b h1:FosyBZYxY34Wul7O/MSKey3txpPYyCqVO5ZyceuQJEI= github.com/zclconf/go-cty-debug v0.0.0-20191215020915-b22d67c1ba0b/go.mod h1:ZRKQfBXbGkpdV6QMzT3rU1kSTAnfu1dO8dPKjYprgj8= +github.com/zclconf/go-cty-debug v0.0.0-20240509010212-0d6042c53940 h1:4r45xpDWB6ZMSMNJFMOjqrGHynW3DIBuR2H9j0ug+Mo= go.opencensus.io v0.21.0/go.mod h1:mSImk1erAIZhrmZN+AvHh14ztQfjbGwt4TtuofqLduU= go.opencensus.io v0.22.0/go.mod h1:+kGneAE2xo2IficOXnaByMWTGM9T73dGwxeWcUqIpI8= go.opencensus.io v0.22.2/go.mod h1:yxeiOL68Rb0Xd1ddK5vPZ/oVn4vY4Ynel7k9FzqtOIw= @@ -518,16 +549,26 @@ go.opencensus.io v0.24.0 h1:y73uSU6J157QMP2kn2r30vwW1A2W2WFwSCGnAVxeaD0= go.opencensus.io v0.24.0/go.mod h1:vNK8G9p7aAivkbmorf4v+7Hgx+Zs0yY+0fOtgBfjQKo= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0 h1:vS1Ao/R55RNV4O7TA2Qopok8yN+X0LIP6RVWLFkprck= go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.52.0/go.mod h1:BMsdeOxN04K0L5FNUBfjFdvwWGNe/rkmSwH4Aelu/X0= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0 h1:9G6E0TXzGFVfTnawRzrPl83iHOAV7L8NJiR8RSGYV1g= +go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc v0.53.0/go.mod h1:azvtTADFQJA8mX80jIH/akaE7h+dbm/sVuaHqN13w74= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0 h1:9l89oX4ba9kHbBol3Xin3leYJ+252h0zszDtBwyKe2A= go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.52.0/go.mod h1:XLZfZboOJWHNKUv7eH0inh0E9VV6eWDFB/9yJyTLPp0= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0 h1:4K4tsIXefpVJtvA/8srF4V4y0akAoPHkIslgAkjixJA= +go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp v0.53.0/go.mod h1:jjdQuTGVsXV4vSs+CJ2qYDeDPf9yIJV23qlIzBm73Vg= go.opentelemetry.io/otel v1.27.0 h1:9BZoF3yMK/O1AafMiQTVu0YDj5Ea4hPhxCs7sGva+cg= go.opentelemetry.io/otel v1.27.0/go.mod h1:DMpAK8fzYRzs+bi3rS5REupisuqTheUlSZJ1WnZaPAQ= +go.opentelemetry.io/otel v1.28.0 h1:/SqNcYk+idO0CxKEUOtKQClMK/MimZihKYMruSMViUo= +go.opentelemetry.io/otel v1.28.0/go.mod h1:q68ijF8Fc8CnMHKyzqL6akLO46ePnjkgfIMIjUIX9z4= go.opentelemetry.io/otel/metric v1.27.0 h1:hvj3vdEKyeCi4YaYfNjv2NUje8FqKqUY8IlF0FxV/ik= go.opentelemetry.io/otel/metric v1.27.0/go.mod h1:mVFgmRlhljgBiuk/MP/oKylr4hs85GZAylncepAX/ak= +go.opentelemetry.io/otel/metric v1.28.0 h1:f0HGvSl1KRAU1DLgLGFjrwVyismPlnuU6JD6bOeuA5Q= +go.opentelemetry.io/otel/metric v1.28.0/go.mod h1:Fb1eVBFZmLVTMb6PPohq3TO9IIhUisDsbJoL/+uQW4s= go.opentelemetry.io/otel/sdk v1.24.0 h1:YMPPDNymmQN3ZgczicBY3B6sf9n62Dlj9pWD3ucgoDw= go.opentelemetry.io/otel/sdk v1.24.0/go.mod h1:KVrIYw6tEubO9E96HQpcmpTKDVn9gdv35HoYiQWGDFg= go.opentelemetry.io/otel/trace v1.27.0 h1:IqYb813p7cmbHk0a5y6pD5JPakbVfftRXABGt5/Rscw= go.opentelemetry.io/otel/trace v1.27.0/go.mod h1:6RiD1hkAprV4/q+yd2ln1HG9GoPx39SuvvstaLBl+l4= +go.opentelemetry.io/otel/trace v1.28.0 h1:GhQ9cUuQGmNDd5BTCP2dAvv75RdMxEfTmYejp+lkx9g= +go.opentelemetry.io/otel/trace v1.28.0/go.mod h1:jPyXzNPg6da9+38HEwElrQiHlVMTnVfM3/yv2OlIHaI= go.opentelemetry.io/proto/otlp v0.7.0/go.mod h1:PqfVotwruBrMGOCsRd/89rSnXhoiJIqeYNgFYFoEGnI= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= golang.org/x/crypto v0.0.0-20190510104115-cbcb75029529/go.mod h1:yigFU9vqHzYiE8UmvKecakEJjdnWj3jj499lnFckfCI= @@ -537,6 +578,8 @@ golang.org/x/crypto v0.0.0-20200622213623-75b288015ac9/go.mod h1:LzIPMQfyMNhhGPh golang.org/x/crypto v0.0.0-20210921155107-089bfa567519/go.mod h1:GvvjBRRGRdwPK5ydBHafDWAxML/pGHZbMvKqRZ5+Abc= golang.org/x/crypto v0.24.0 h1:mnl8DM0o513X8fdIkmyFE/5hTYxbwYOjDS/+rK6qpRI= golang.org/x/crypto v0.24.0/go.mod h1:Z1PMYSOR5nyMcyAVAIQSKCDwalqy85Aqn1x3Ws4L5DM= +golang.org/x/crypto v0.25.0 h1:ypSNr+bnYL2YhwoMt2zPxHFmbAN1KZs/njMG3hxUp30= +golang.org/x/crypto v0.25.0/go.mod h1:T+wALwcMOSE0kXgUAnPAHqTLW+XHgcELELW8VaDgm/M= golang.org/x/exp v0.0.0-20190121172915-509febef88a4/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190306152737-a1d7652674e8/go.mod h1:CJ0aWSM057203Lf6IL+f9T1iT9GByDxfZKAQTCR3kQA= golang.org/x/exp v0.0.0-20190510132918-efd6b22b2522/go.mod h1:ZjyILWgesfNpC6sMxTJOJm9Kp84zZh5NQWvqDGG3Qr8= @@ -549,6 +592,8 @@ golang.org/x/exp v0.0.0-20200207192155-f17229e696bd/go.mod h1:J/WKrq2StrnmMY6+EH golang.org/x/exp v0.0.0-20200224162631-6cc2880d07d6/go.mod h1:3jZMyOhIsHpP37uCMkUooju7aAi5cS1Q23tOzKc+0MU= golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8 h1:LoYXNGAShUG3m/ehNk4iFctuhGX/+R1ZpfJ4/ia80JM= golang.org/x/exp v0.0.0-20240604190554-fc45aab8b7f8/go.mod h1:jj3sYF3dwk5D+ghuXyeI3r5MFf+NT2An6/9dOA95KSI= +golang.org/x/exp v0.0.0-20240707233637-46b078467d37 h1:uLDX+AfeFCct3a2C7uIWBKMJIR3CJMhcgfrUAqjRK6w= +golang.org/x/exp v0.0.0-20240707233637-46b078467d37/go.mod h1:M4RDyNAINzryxdtnbRXRL/OHtkFuWGRjvuhBJpk2IlY= golang.org/x/image v0.0.0-20190227222117-0694c2d4d067/go.mod h1:kZ7UVZpmo3dzQBMxlp+ypCbDeSB+sBbTgSJuh5dn5js= golang.org/x/image v0.0.0-20190802002840-cff245a6509b/go.mod h1:FeLwcggjj3mMvU+oOTbSwawSJRM1uh48EjtB4UJZlP0= golang.org/x/lint v0.0.0-20181026193005-c67002cb31c3/go.mod h1:UVdnD1Gm6xHRNCYTkRU2/jEulfH38KcIWyp/GAMgvoE= @@ -577,6 +622,8 @@ golang.org/x/mod v0.4.2/go.mod h1:s0Qsj1ACt9ePp/hMypM3fl4fZqREWJwdYDEqhRiZZUA= golang.org/x/mod v0.6.0-dev.0.20220419223038-86c51ed26bb4/go.mod h1:jJ57K6gSWd91VN4djpZkiMVwK6gcyfeH4XE8wZrZaV4= golang.org/x/mod v0.18.0 h1:5+9lSbEzPSdWkH32vYPBwEpX8KwDbM52Ud9xBUvNlb0= golang.org/x/mod v0.18.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= +golang.org/x/mod v0.19.0 h1:fEdghXQSo20giMthA7cd28ZC+jts4amQ3YMXiP5oMQ8= +golang.org/x/mod v0.19.0/go.mod h1:hTbmBsO62+eylJbnUtE2MGJUyE7QWk4xUqPFrRgJ+7c= golang.org/x/net v0.0.0-20180724234803-3673e40ba225/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20180826012351-8a410e7b638d/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= golang.org/x/net v0.0.0-20190108225652-1e06a53dbb7e/go.mod h1:mL1N/T3taQHkDXs73rZJwtUhF3w3ftmwwsq0BUmARs4= @@ -626,6 +673,8 @@ golang.org/x/net v0.0.0-20221014081412-f15817d10f9b/go.mod h1:YDH+HFinaLZZlnHAfS golang.org/x/net v0.1.0/go.mod h1:Cx3nUiGt4eDBEyega/BKRp+/AlGL8hYe7U9odMt2Cco= golang.org/x/net v0.26.0 h1:soB7SVo0PWrY4vPW/+ay0jKDNScG2X9wFeYlXIvJsOQ= golang.org/x/net v0.26.0/go.mod h1:5YKkiSynbBIh3p6iOc/vibscux0x38BZDkn8sCUPxHE= +golang.org/x/net v0.27.0 h1:5K3Njcw06/l2y9vpGCSdcxWOYHOUk3dVNGDXN+FvAys= +golang.org/x/net v0.27.0/go.mod h1:dDi0PyhWNoiUOrAS8uXv/vnScO4wnHQO4mj9fn/RytE= golang.org/x/oauth2 v0.0.0-20180821212333-d2e6202438be/go.mod h1:N/0e6XlmueqKjAGxoOufVs8QHGRruUQn6yWY3a++T0U= golang.org/x/oauth2 v0.0.0-20190226205417-e64efc72b421/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= golang.org/x/oauth2 v0.0.0-20190604053449-0f29369cfe45/go.mod h1:gOpvHmFTYa4IltrdGE7lF6nIHvwfUNPOp7c8zoXwtLw= @@ -734,11 +783,15 @@ golang.org/x/sys v0.0.0-20220728004956-3c1f35247d10/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.1.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.21.0 h1:rF+pYz3DAGSQAxAu1CbC7catZg4ebC4UIeIhKxBZvws= golang.org/x/sys v0.21.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/sys v0.22.0 h1:RI27ohtqKCnwULzJLqkv897zojh5/DwS/ENaMzUOaWI= +golang.org/x/sys v0.22.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= golang.org/x/term v0.0.0-20201126162022-7de9c90e9dd1/go.mod h1:bj7SfCRtBDWHUb9snDiAeCFNEtKQo2Wmx5Cou7ajbmo= golang.org/x/term v0.0.0-20210927222741-03fcf44c2211/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.1.0/go.mod h1:jbD1KX2456YbFQfuXm/mYQcufACuNUgVhRMnK/tPxf8= golang.org/x/term v0.21.0 h1:WVXCp+/EBEHOj53Rvu+7KiT/iElMrO8ACK16SMZ3jaA= golang.org/x/term v0.21.0/go.mod h1:ooXLefLobQVslOqselCNF4SxFAaoS6KujMbsGzSDmX0= +golang.org/x/term v0.22.0 h1:BbsgPEJULsl2fV/AT3v15Mjva5yXKQDyKf+TbDz7QJk= +golang.org/x/term v0.22.0/go.mod h1:F3qCibpT5AMpCRfhfT53vVJwhLtIVHhB9XDjfFvnMI4= golang.org/x/text v0.0.0-20170915032832-14c0d48ead0c/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.1-0.20180807135948-17ff2d5776d2/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= @@ -812,6 +865,8 @@ golang.org/x/tools v0.1.5/go.mod h1:o0xws9oXOQQZyjljx8fwUC0k7L1pTE6eaCbjGeHmOkk= golang.org/x/tools v0.1.12/go.mod h1:hNGJHUnrk76NpqgfD5Aqm5Crs+Hm0VOH/i9J2+nxYbc= golang.org/x/tools v0.22.0 h1:gqSGLZqv+AI9lIQzniJ0nZDRG5GBPsSi+DRNHWNz6yA= golang.org/x/tools v0.22.0/go.mod h1:aCwcsjqvq7Yqt6TNyX7QMU2enbQ/Gt0bo6krSeEri+c= +golang.org/x/tools v0.23.0 h1:SGsXPZ+2l4JsgaCKkx+FQ9YZ5XEtA1GZYuoDjenLjvg= +golang.org/x/tools v0.23.0/go.mod h1:pnu6ufv6vQkll6szChhK3C3L/ruaIv5eBeztNG8wtsI= golang.org/x/xerrors v0.0.0-20190717185122-a985d3407aa7/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191011141410-1b5146add898/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= @@ -872,6 +927,8 @@ google.golang.org/api v0.98.0/go.mod h1:w7wJQLTM+wvQpNf5JyEcBoxK0RH7EDrh/L4qfsuJ google.golang.org/api v0.100.0/go.mod h1:ZE3Z2+ZOr87Rx7dqFsdRQkRBk36kDtp/h+QpHbB7a70= google.golang.org/api v0.183.0 h1:PNMeRDwo1pJdgNcFQ9GstuLe/noWKIc89pRWRLMvLwE= google.golang.org/api v0.183.0/go.mod h1:q43adC5/pHoSZTx5h2mSmdF7NcyfW9JuDyIOJAgS9ZQ= +google.golang.org/api v0.187.0 h1:Mxs7VATVC2v7CY+7Xwm4ndkX71hpElcvx0D1Ji/p1eo= +google.golang.org/api v0.187.0/go.mod h1:KIHlTc4x7N7gKKuVsdmfBXN13yEEWXWFURWY6SBp2gk= google.golang.org/appengine v1.1.0/go.mod h1:EbEs0AVv82hx2wNQdGPgUI5lhzA/G0D9YwlJXL52JkM= google.golang.org/appengine v1.4.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= google.golang.org/appengine v1.5.0/go.mod h1:xpcJRLb0r/rnEns0DIKYYv+WjYCduHsrkT7/EB5XEv4= @@ -982,10 +1039,16 @@ google.golang.org/genproto v0.0.0-20221014213838-99cd37c6964a/go.mod h1:1vXfmgAz google.golang.org/genproto v0.0.0-20221025140454-527a21cfbd71/go.mod h1:9qHF0xnpdSfF6knlcsnpzUu5y+rpwgbvsyGAZPBMg4s= google.golang.org/genproto v0.0.0-20240604185151-ef581f913117 h1:HCZ6DlkKtCDAtD8ForECsY3tKuaR+p4R3grlK80uCCc= google.golang.org/genproto v0.0.0-20240604185151-ef581f913117/go.mod h1:lesfX/+9iA+3OdqeCpoDddJaNxVB1AB6tD7EfqMmprc= +google.golang.org/genproto v0.0.0-20240708141625-4ad9e859172b h1:dSTjko30weBaMj3eERKc0ZVXW4GudCswM3m+P++ukU0= +google.golang.org/genproto v0.0.0-20240708141625-4ad9e859172b/go.mod h1:FfBgJBJg9GcpPvKIuHSZ/aE1g2ecGL74upMzGZjiGEY= google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117 h1:+rdxYoE3E5htTEWIe15GlN6IfvbURM//Jt0mmkmm6ZU= google.golang.org/genproto/googleapis/api v0.0.0-20240604185151-ef581f913117/go.mod h1:OimBR/bc1wPO9iV4NC2bpyjy3VnAwZh5EBPQdtaE5oo= +google.golang.org/genproto/googleapis/api v0.0.0-20240708141625-4ad9e859172b h1:y/kpOWeX2pWERnbsvh/hF+Zmo69wVmjyZhstreXQQeA= +google.golang.org/genproto/googleapis/api v0.0.0-20240708141625-4ad9e859172b/go.mod h1:mw8MG/Qz5wfgYr6VqVCiZcHe/GJEfI+oGGDCohaVgB0= google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117 h1:1GBuWVLM/KMVUv1t1En5Gs+gFZCNd360GGb4sSxtrhU= google.golang.org/genproto/googleapis/rpc v0.0.0-20240604185151-ef581f913117/go.mod h1:EfXuqaE1J41VCDicxHzUDm+8rk+7ZdXzHV0IhO/I6s0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b h1:04+jVzTs2XBnOZcPsLnmrTGqltqJbZQ1Ey26hjYdQQ0= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240708141625-4ad9e859172b/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= google.golang.org/grpc v1.19.0/go.mod h1:mqu4LbDTu4XGKhr4mRzUsmM4RtVoemTSY81AxZiDr8c= google.golang.org/grpc v1.20.1/go.mod h1:10oTOabMzJvdu6/UiuZezV6QK5dSlG84ov/aaiqXj38= google.golang.org/grpc v1.21.1/go.mod h1:oYelfM1adQP15Ek0mdvEgi9Df8B9CZIaU1084ijfRaM= @@ -1023,6 +1086,8 @@ google.golang.org/grpc v1.50.0/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCD google.golang.org/grpc v1.50.1/go.mod h1:ZgQEeidpAuNRZ8iRrlBKXZQP1ghovWIVhdJRyCDK+GI= google.golang.org/grpc v1.64.0 h1:KH3VH9y/MgNQg1dE7b3XfVK0GsPSIzJwdF617gUSbvY= google.golang.org/grpc v1.64.0/go.mod h1:oxjF8E3FBnjp+/gVFYdWacaLDx9na1aqy9oovLpxQYg= +google.golang.org/grpc v1.65.0 h1:bs/cUb4lp1G5iImFFd3u5ixQzweKizoZJAwBNLR42lc= +google.golang.org/grpc v1.65.0/go.mod h1:WgYC2ypjlB0EiQi6wdKixMqukr6lBc0Vo+oOgjrM5ZQ= google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.1.0/go.mod h1:6Kw0yEErY5E/yWrBtf03jp27GLLJujG4z/JK95pnjjw= google.golang.org/protobuf v0.0.0-20200109180630-ec00e32a8dfd/go.mod h1:DFci5gLYBciE7Vtevhsrf46CRTquxDuWsQurQQe4oz8= google.golang.org/protobuf v0.0.0-20200221191635-4d8936d0db64/go.mod h1:kwYJMbMJ01Woi6D6+Kah6886xMZcty6N08ah7+eCXa0= @@ -1041,6 +1106,8 @@ google.golang.org/protobuf v1.28.0/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqw google.golang.org/protobuf v1.28.1/go.mod h1:HV8QOd/L58Z+nl8r43ehVNZIU/HEI6OcFqwMG9pJV4I= google.golang.org/protobuf v1.34.1 h1:9ddQBjfCyZPOHPUiPxpYESBLc+T8P3E+Vo4IbKZgFWg= google.golang.org/protobuf v1.34.1/go.mod h1:c6P6GXX6sHbq/GpV6MGZEdwhWPcYBgnhAHhKbcUYpos= +google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= +google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20180628173108-788fd7840127/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= gopkg.in/check.v1 v1.0.0-20201130134442-10cb98267c6c h1:Hei/4ADfdWqJk1ZMxUNpqntNwaWcugrBjAiHlqqRiVk= @@ -1066,14 +1133,24 @@ honnef.co/go/tools v0.0.1-2020.1.3/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9 honnef.co/go/tools v0.0.1-2020.1.4/go.mod h1:X/FiERA/W4tHapMX5mGpAtMSVEeEUOyHaw9vFzvIQ3k= k8s.io/api v0.30.1 h1:kCm/6mADMdbAxmIh0LBjS54nQBE+U4KmbCfIkF5CpJY= k8s.io/api v0.30.1/go.mod h1:ddbN2C0+0DIiPntan/bye3SW3PdwLa11/0yqwvuRrJM= +k8s.io/api v0.30.2 h1:+ZhRj+28QT4UOH+BKznu4CBgPWgkXO7XAvMcMl0qKvI= +k8s.io/api v0.30.2/go.mod h1:ULg5g9JvOev2dG0u2hig4Z7tQ2hHIuS+m8MNZ+X6EmI= k8s.io/apimachinery v0.30.1 h1:ZQStsEfo4n65yAdlGTfP/uSHMQSoYzU/oeEbkmF7P2U= k8s.io/apimachinery v0.30.1/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= +k8s.io/apimachinery v0.30.2 h1:fEMcnBj6qkzzPGSVsAZtQThU62SmQ4ZymlXRC5yFSCg= +k8s.io/apimachinery v0.30.2/go.mod h1:iexa2somDaxdnj7bha06bhb43Zpa6eWH8N8dbqVjTUc= k8s.io/client-go v0.30.1 h1:uC/Ir6A3R46wdkgCV3vbLyNOYyCJ8oZnjtJGKfytl/Q= k8s.io/client-go v0.30.1/go.mod h1:wrAqLNs2trwiCH/wxxmT/x3hKVH9PuV0GGW0oDoHVqc= +k8s.io/client-go v0.30.2 h1:sBIVJdojUNPDU/jObC+18tXWcTJVcwyqS9diGdWHk50= +k8s.io/client-go v0.30.2/go.mod h1:JglKSWULm9xlJLx4KCkfLLQ7XwtlbflV6uFFSHTMgVs= k8s.io/klog/v2 v2.120.1 h1:QXU6cPEOIslTGvZaXvFWiP9VKyeet3sawzTOvdXb4Vw= k8s.io/klog/v2 v2.120.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= +k8s.io/klog/v2 v2.130.1 h1:n9Xl7H1Xvksem4KFG4PYbdQCQxqc/tTUyrgXaOhHSzk= +k8s.io/klog/v2 v2.130.1/go.mod h1:3Jpz1GvMt720eyJH1ckRHK1EDfpxISzJ7I9OYgaDtPE= k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a h1:zD1uj3Jf+mD4zmA7W+goE5TxDkI7OGJjBNBzq5fJtLA= k8s.io/kube-openapi v0.0.0-20240521193020-835d969ad83a/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= +k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f h1:2sXuKesAYbRHxL3aE2PN6zX/gcJr22cjrsej+W784Tc= +k8s.io/kube-openapi v0.0.0-20240709000822-3c01b740850f/go.mod h1:UxDHUPsUwTOOxSU+oXURfFBcAS6JwiRXTYqYwfuGowc= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0 h1:jgGTlFYnhF1PM1Ax/lAlxUPE+KfCIXHaathvJg1C3ak= k8s.io/utils v0.0.0-20240502163921-fe8a2dddb1d0/go.mod h1:OLgZIPagt7ERELqWJFomSt595RzquPNLL48iOWgYOg0= rsc.io/binaryregexp v0.2.0/go.mod h1:qTv7/COck+e2FymRvadv62gMdZztPaShugOCi3I+8D8= diff --git a/aws-observability-terraform/source-module/main_s3_bucket.tf b/aws-observability-terraform/source-module/main_s3_bucket.tf index d40932ba..60486dca 100644 --- a/aws-observability-terraform/source-module/main_s3_bucket.tf +++ b/aws-observability-terraform/source-module/main_s3_bucket.tf @@ -11,6 +11,8 @@ resource "aws_s3_bucket" "s3_bucket" { } resource "aws_s3_bucket_policy" "dump_access_logs_to_s3" { + for_each = toset(local.create_common_bucket ? ["s3_bucket"] : []) + bucket = aws_s3_bucket.s3_bucket["s3_bucket"].id policy = templatefile("${path.module}/templates/s3_bucket_policy.tmpl", { BUCKET_NAME = local.common_bucket_name diff --git a/aws-observability-terraform/test/appmodule/app_test.go b/aws-observability-terraform/test/appmodule/app_test.go index 6eb2ecb5..de2ad463 100644 --- a/aws-observability-terraform/test/appmodule/app_test.go +++ b/aws-observability-terraform/test/appmodule/app_test.go @@ -9,7 +9,7 @@ import ( // It takes around 20 mins to execute following 4 test scenerios. // Main function -// Testing scenerio 1 - default scenerio +// Testing scenario 1 - default scenario func TestAppModule1(t *testing.T) { // t.Parallel() @@ -35,7 +35,7 @@ func TestAppModule1(t *testing.T) { } -// Testing scenerio 2 - Install in Admin Recom folder,share - true, override - Monitor folder name, enable log + metric monitor +// Testing scenario 2 - Install in Admin Recom folder,share - true, override - Monitor folder name, enable log + metric monitor func TestAppModule2(t *testing.T) { // t.Parallel() @@ -71,7 +71,7 @@ func TestAppModule2(t *testing.T) { }) } -// Testing scenerio 3 - Install in Personal folder, share is false, override - App folder, enable log and metric monitor +// Testing scenario 3 - Install in Personal folder, share is false, override - App folder, enable log and metric monitor func TestAppModule3(t *testing.T) { // t.Parallel() @@ -101,7 +101,7 @@ func TestAppModule3(t *testing.T) { }) } -// Testing scenerio 4 - Install in Admin Recom folder,share - false, override - App folder name, Monitor folder name, enable metric monitor +// Testing scenario 4 - Install in Admin Recom folder,share - false, override - App folder name, Monitor folder name, enable metric monitor func TestAppModule4(t *testing.T) { // t.Parallel() diff --git a/aws-observability-terraform/test/sourcemodule/source_test.go b/aws-observability-terraform/test/sourcemodule/source_test.go index d19fde20..2b50ece4 100644 --- a/aws-observability-terraform/test/sourcemodule/source_test.go +++ b/aws-observability-terraform/test/sourcemodule/source_test.go @@ -27,7 +27,7 @@ func TestSourceModule1(t *testing.T) { // Assert count of Expected resources. test_structure.RunTestStage(t, "AssertCount", func() { - AssertResourceCounts(t, resourceCount, 82, 0, 0) + AssertResourceCounts(t, resourceCount, 99, 0, 0) }) // Load the Terraform Options saved by the earlier deploy_terraform stage @@ -132,7 +132,7 @@ func TestSourceModule2(t *testing.T) { // Assert count of Expected resources. test_structure.RunTestStage(t, "AssertCount", func() { - AssertResourceCounts(t, resourceCount, 16, 0, 0) + AssertResourceCounts(t, resourceCount, 32, 0, 0) }) // At the end of the test, un-deploy the solution using Terraform @@ -169,7 +169,7 @@ func TestSourceModule3(t *testing.T) { // Assert count of Expected resources. test_structure.RunTestStage(t, "AssertCount", func() { - AssertResourceCounts(t, resourceCount, 80, 0, 0) + AssertResourceCounts(t, resourceCount, 99, 0, 0) }) // Load the Terraform Options saved by the earlier deploy_terraform stage terraformOptions := test_structure.LoadTerraformOptions(t, TerraformDir) From 0ff95d3e66560afceef4daf6951eb53eec73b9f9 Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Tue, 16 Jul 2024 16:41:21 +0530 Subject: [PATCH 24/34] updated sam version --- aws-observability/apps/autoenable/auto_enable.template.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/aws-observability/apps/autoenable/auto_enable.template.yaml b/aws-observability/apps/autoenable/auto_enable.template.yaml index 9998cf91..b8e4ced6 100644 --- a/aws-observability/apps/autoenable/auto_enable.template.yaml +++ b/aws-observability/apps/autoenable/auto_enable.template.yaml @@ -124,7 +124,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable - SemanticVersion: 1.0.11 + SemanticVersion: 1.0.12 Parameters: BucketName: !Ref ALBS3LogsBucketName BucketPrefix: "elasticloadbalancing" @@ -139,7 +139,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable - SemanticVersion: 1.0.11 + SemanticVersion: 1.0.12 Parameters: BucketName: !Ref ELBS3LogsBucketName BucketPrefix: !Ref ELBS3LogsBucketPrefix @@ -160,4 +160,4 @@ Resources: DestinationArnValue: !Ref AutoSubscribeDestinationARN LogGroupPattern: !Ref AutoSubscribeLambdaLogGroupPattern UseExistingLogs: !If [auto_subscribe_exisitng_log_groups, "true", "false"] - RoleArn: !Ref AutoSubscribeRoleArn + RoleArn: !Ref AutoSubscribeRoleArn \ No newline at end of file From a17f627a966df2b37e766276fda5215190497a12 Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Tue, 16 Jul 2024 19:13:32 +0530 Subject: [PATCH 25/34] updating auto-enable sam version --- aws-observability-terraform/source-module/main.tf | 4 ++-- .../permissioncheck.nested.template.test.yaml | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/aws-observability-terraform/source-module/main.tf b/aws-observability-terraform/source-module/main.tf index 1bacbd4a..b8807b38 100644 --- a/aws-observability-terraform/source-module/main.tf +++ b/aws-observability-terraform/source-module/main.tf @@ -98,7 +98,7 @@ module "elb_module" { } auto_enable_access_logs = var.auto_enable_access_logs - app_semantic_version = "1.0.11" + app_semantic_version = "1.0.12" auto_enable_access_logs_options = { filter = "'Type': 'application'|'type': 'application'" remove_on_delete_stack = true @@ -142,7 +142,7 @@ module "classic_lb_module" { } } auto_enable_access_logs = var.auto_enable_classic_lb_access_logs - app_semantic_version = "1.0.11" + app_semantic_version = "1.0.12" auto_enable_access_logs_options = { bucket_prefix = local.auto_classic_lb_path_exp auto_enable_logging = "ELB" diff --git a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml index 15dcefc6..f6587c2b 100644 --- a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml +++ b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml @@ -537,7 +537,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable - SemanticVersion: 1.0.11 + SemanticVersion: 1.0.12 Parameters: BucketName: !Ref CommonS3Bucket BucketPrefix: "elasticloadbalancing" From b2bd9b4c5fb299cd87cebbcb8c7634f21677b979 Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Tue, 16 Jul 2024 19:14:54 +0530 Subject: [PATCH 26/34] sam auto-enable version update --- .../apps/permissionchecker/permissioncheck.nested.template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml index fe928e61..53be785f 100644 --- a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml +++ b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml @@ -535,7 +535,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-s3-logging-auto-enable - SemanticVersion: 1.0.11 + SemanticVersion: 1.0.12 Parameters: BucketName: !Ref CommonS3Bucket BucketPrefix: "elasticloadbalancing" From 10902333b1a63dc753d1cab4b8c0652f4241735b Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Tue, 16 Jul 2024 19:15:27 +0530 Subject: [PATCH 27/34] added missing fields and fer to script --- aws-observability-terraform/fields.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/aws-observability-terraform/fields.sh b/aws-observability-terraform/fields.sh index b427421f..7fa7d749 100644 --- a/aws-observability-terraform/fields.sh +++ b/aws-observability-terraform/fields.sh @@ -23,9 +23,9 @@ else fi # awso_list contains fields required for AWS Obervablity Solution. Update the list if new field is added to the solution. -declare -ra awso_list=(account accountid apiname cacheclusterid clustername dbclusteridentifier dbidentifier dbinstanceidentifier functionname instanceid loadbalancer loadbalancername namespace networkloadbalancer region tablename topicname queuename) +declare -ra awso_list=(account accountid apiid apiname cacheclusterid clustername dbclusteridentifier dbidentifier dbinstanceidentifier functionname instanceid loadbalancer loadbalancername namespace networkloadbalancer region tablename topicname queuename) # awso_fer_list contains FERs required for AWS Obervablity Solution. Update the list if new FER is added to the solution. -declare -ra awso_fer_list=(AwsObservabilityAlbAccessLogsFER AwsObservabilityApiGatewayCloudTrailLogsFER AwsObservabilityDynamoDBCloudTrailLogsFER AwsObservabilityEC2CloudTrailLogsFER AwsObservabilityECSCloudTrailLogsFER AwsObservabilityElastiCacheCloudTrailLogsFER AwsObservabilityElbAccessLogsFER AwsObservabilityFieldExtractionRule AwsObservabilityGenericCloudWatchLogsFER AwsObservabilityLambdaCloudWatchLogsFER AwsObservabilityRdsCloudTrailLogsFER AwsObservabilitySNSCloudTrailLogsFER AwsObservabilitySQSCloudTrailLogsFER) +declare -ra awso_fer_list=(AwsObservabilityAlbAccessLogsFER AwsObservabilityApiGatewayAccessLogsFER AwsObservabilityApiGatewayCloudTrailLogsFER AwsObservabilityDynamoDBCloudTrailLogsFER AwsObservabilityEC2CloudTrailLogsFER AwsObservabilityECSCloudTrailLogsFER AwsObservabilityElastiCacheCloudTrailLogsFER AwsObservabilityElbAccessLogsFER AwsObservabilityFieldExtractionRule AwsObservabilityGenericCloudWatchLogsFER AwsObservabilityLambdaCloudWatchLogsFER AwsObservabilityRdsCloudTrailLogsFER AwsObservabilitySNSCloudTrailLogsFER AwsObservabilitySQSCloudTrailLogsFER) function get_remaining_fields() { local RESPONSE From 69c7bc2ebef1c08cd274439e6e8a9fc40f1849f8 Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Wed, 17 Jul 2024 17:59:36 +0530 Subject: [PATCH 28/34] Regression CF testcases fixes for awso 2.9.0 --- .../templates/test/TestTemplate.yaml | 89 +++++++++---------- 1 file changed, 40 insertions(+), 49 deletions(-) diff --git a/aws-observability/templates/test/TestTemplate.yaml b/aws-observability/templates/test/TestTemplate.yaml index 12dba354..a8417c59 100644 --- a/aws-observability/templates/test/TestTemplate.yaml +++ b/aws-observability/templates/test/TestTemplate.yaml @@ -110,16 +110,16 @@ Tests: - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableAccessLogsForExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.ExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoEnableS3LogsElbAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableAccessLogsForExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.ExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.InvokeLambdaConnector @@ -191,9 +191,9 @@ Tests: - CreateCommonResources.Namespaces - CreateCommonResources.LambdaRoleARN - CreateCommonResources.BucketName - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - CreateCommonResources.KinesisMetricsRoleARN - CreateCommonResources.KinesisMetricsDeliveryStreamARN @@ -435,16 +435,16 @@ Tests: - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableAccessLogsForExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.ExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoEnableS3LogsElbAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableAccessLogsForExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.ExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.InvokeLambdaConnector @@ -516,9 +516,9 @@ Tests: - CreateCommonResources.Namespaces - CreateCommonResources.LambdaRoleARN - CreateCommonResources.BucketName - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - CreateCommonResources.KinesisMetricsRoleARN - CreateCommonResources.KinesisMetricsDeliveryStreamARN @@ -772,16 +772,16 @@ Tests: - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableAccessLogsForExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.ExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoEnableS3LogsElbAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableAccessLogsForExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.ExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.InvokeLambdaConnector @@ -849,9 +849,9 @@ Tests: - CreateCommonResources.Namespaces - CreateCommonResources.LambdaRoleARN - CreateCommonResources.BucketName - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - CreateCommonResources.KinesisMetricsRoleARN - CreateCommonResources.KinesisMetricsDeliveryStreamARN @@ -1023,6 +1023,10 @@ Tests: - AssertType: ResourceExistence Assert: Resources: + - LambdaRole + - LambdaPermission + - PrimerInvoke + - TelemetryLambda - CreateCommonResources - sumoEC2MetricsAppStack - sumoAlbMetricsAppStack @@ -1040,19 +1044,7 @@ Tests: - CreateCommonResources.AddRegionField - CreateCommonResources.AddNamespaceField - CreateCommonResources.AddAccountIdField - - sumoDynamoDBMetricsAppStack.AddTableNameField - - sumoAlbMetricsAppStack.AddLoadBalancerField - - sumoElbMetricsAppStack.AddLoadBalancerNameField - - sumoLambdaMetricsAppStack.AddFunctionNameField - - sumoApiGatewayMetricsAppStack.AddApiNameField - - sumoApiGatewayMetricsAppStack.AddApiIdField - sumoApiGatewayMetricsAppStack.MetricRule - - sumoSNSAppStack.AddTopicNameField - - sumoSQSAppStack.AddQueueNameField - - sumoRdsMetricsAppStack.AddDBIdentifierField - - sumoEC2MetricsAppStack.AddInstanceIdField - - sumoECSMetricsAppStack.AddClusterNameField - - sumoElasticCacheMetricsAppStack.AddCacheClusterIdField - CreateCommonResources.LambdaRole - CreateCommonResources.LambdaHelper - CreateCommonResources.AccountCheck @@ -1062,7 +1054,6 @@ Tests: - sumoRdsMetricsAppStack.ClusterMetricRule - sumoRdsMetricsAppStack.InstanceMetricRule - sumoNlbMetricsAppStack - - sumoNlbMetricsAppStack.AddLoadBalancerField - sumoNlbMetricsAppStack.MetricRule - CreateCommonResources.AccountAliasValue - RootCauseAppStack.AccountAliasValue @@ -1771,8 +1762,8 @@ Tests: - CreateCommonResources.CloudTrailSource - CreateCommonResources.CloudTrailSNSSubscription - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableAccessLogsForExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.ExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.SumoLambdaRole - sumoAlbMetricsAppStack.SumoALBMetricsUpdateSource - sumoRdsMetricsAppStack.ClusterMetricRule @@ -1819,7 +1810,7 @@ Tests: - CreateCommonResources.Namespaces - CreateCommonResources.LambdaRoleARN - CreateCommonResources.BucketName - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda - sumoLambdaMetricsAppStack.ExistingCloudWatchLogSourceName - sumoAlbMetricsAppStack.ExistingMetricSourceName - CreateCommonResources.CollectorName @@ -1989,8 +1980,8 @@ Tests: - CreateCommonResources.CloudTrailSource - CreateCommonResources.CloudTrailSNSSubscription - AutoEnableOptions.AutoEnableS3LogsElbAWSResources - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableAccessLogsForExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.ExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole - sumoRdsMetricsAppStack.ClusterMetricRule - sumoRdsMetricsAppStack.InstanceMetricRule @@ -2039,7 +2030,7 @@ Tests: - CreateCommonResources.LambdaRoleARN - CreateCommonResources.BucketName - sumoAlbMetricsAppStack.ExistingMetricSourceName - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda - sumoLambdaMetricsAppStack.ExistingCloudWatchLogSourceName - CreateCommonResources.CollectorName - CreateCommonResources.AccountAlias @@ -2428,9 +2419,9 @@ Tests: - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableAccessLogsForExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.ExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.SumoLambdaRole - sumoEC2MetricsAppStack.sumoApp - sumoEC2MetricsAppStack.sumoOverview @@ -2508,7 +2499,7 @@ Tests: - CreateCommonResources.LambdaRoleARN - sumoLambdaMetricsAppStack.ExistingCloudTrailLogSourceName - sumoAlbMetricsAppStack.ExistingLogSourceName - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - CreateCommonResources.KinesisMetricsRoleARN - CreateCommonResources.KinesisMetricsDeliveryStreamARN @@ -2688,9 +2679,9 @@ Tests: - AutoEnableOptions.AutoEnableS3LogsElbAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableAccessLogsForExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.ExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole - sumoEC2MetricsAppStack.sumoApp - sumoEC2MetricsAppStack.sumoOverview @@ -2768,7 +2759,7 @@ Tests: - CreateCommonResources.LambdaRoleARN - sumoLambdaMetricsAppStack.ExistingCloudTrailLogSourceName - sumoElbMetricsAppStack.ExistingLogSourceName - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - CreateCommonResources.KinesisMetricsRoleARN - CreateCommonResources.KinesisMetricsDeliveryStreamARN @@ -3269,16 +3260,16 @@ Tests: - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.AutoEnableAlbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableAccessLogsForExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.ExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoEnableS3LogsElbAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsInvokePermission - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.AutoEnableElbLogEventsRuleTrigger - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableAccessLogsForExistingAWSResources + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.ExistingAWSResources - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.SumoLambdaRole - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources - AutoEnableOptions.AutoSubscribeLambdaLogGroupsAWSResources.InvokeLambdaConnector @@ -3354,9 +3345,9 @@ Tests: - CreateCommonResources.Namespaces - CreateCommonResources.LambdaRoleARN - CreateCommonResources.BucketName - - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsAlbAWSResources.EnableNewAWSResourcesLambda - - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExistingAWSResourcesLambda + - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableExisitngAWSResourcesLambda - AutoEnableOptions.AutoEnableS3LogsElbAWSResources.EnableNewAWSResourcesLambda - CreateCommonResources.KinesisMetricsRoleARN - CreateCommonResources.KinesisMetricsDeliveryStreamARN From 3986c850898be289c43ea8d1ad0d3e9aad33faf1 Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Thu, 18 Jul 2024 13:02:15 +0530 Subject: [PATCH 29/34] Added new missing permission --- .../permissionchecker/AWSObservabilityCFTemplatePermissions.json | 1 + 1 file changed, 1 insertion(+) diff --git a/aws-observability/apps/permissionchecker/AWSObservabilityCFTemplatePermissions.json b/aws-observability/apps/permissionchecker/AWSObservabilityCFTemplatePermissions.json index 8d4d93aa..24a67f78 100644 --- a/aws-observability/apps/permissionchecker/AWSObservabilityCFTemplatePermissions.json +++ b/aws-observability/apps/permissionchecker/AWSObservabilityCFTemplatePermissions.json @@ -82,6 +82,7 @@ "lambda:GetFunction", "lambda:GetFunctionConfiguration", "lambda:InvokeFunction", + "lambda:ListTags", "lambda:RemovePermission", "lambda:TagResource", "lambda:UpdateFunctionCode", From ff15b3e101b917539bdae3ee6a420f0a503e1488 Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Thu, 18 Jul 2024 17:26:09 +0530 Subject: [PATCH 30/34] Bumping up awso version to v2.9.0 --- .../scripts/AWSOAutoSetupScript/DeployAWSOPosix.sh | 2 +- .../scripts/AWSOAutoSetupScript/DeployAWSOPosixTest.sh | 2 +- .../scripts/AWSOAutoSetupScript/DeployAWSOWin.ps1 | 2 +- .../scripts/AWSOAutoSetupScript/DeployAWSOWinTest.ps1 | 2 +- aws-observability/scripts/DeployTemplate/DeployTemplate.sh | 2 +- aws-observability/scripts/JsonToS3.sh | 2 +- aws-observability/scripts/TestTemplate.sh | 2 +- aws-observability/sync.sh | 2 +- .../templates/sumologic_observability.mp.test.yaml | 4 ++-- aws-observability/templates/sumologic_observability.mp.yaml | 4 ++-- 10 files changed, 12 insertions(+), 12 deletions(-) diff --git a/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOPosix.sh b/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOPosix.sh index 47468688..72c47023 100644 --- a/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOPosix.sh +++ b/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOPosix.sh @@ -51,7 +51,7 @@ then AWS_REGION=us-east-1; fi -masterTemplateURL="https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/aws-observability-versions/v2.8.0/sumologic_observability.master.template.yaml" +masterTemplateURL="https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/aws-observability-versions/v2.9.0/sumologic_observability.master.template.yaml" #identify sumo deployment associated with sumo accessId and accessKey export apiUrl="https://api.sumologic.com" diff --git a/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOPosixTest.sh b/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOPosixTest.sh index df649a22..ed20ce7c 100644 --- a/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOPosixTest.sh +++ b/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOPosixTest.sh @@ -51,7 +51,7 @@ then AWS_REGION=us-east-1; fi -masterTemplateURL="https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/aws-observability-versions/v2.8.0/sumologic_observability.master.template.yaml" +masterTemplateURL="https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/aws-observability-versions/v2.9.0/sumologic_observability.master.template.yaml" #identify sumo deployment associated with sumo accessId and accessKey export apiUrl="https://api.sumologic.com" diff --git a/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOWin.ps1 b/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOWin.ps1 index 518e8272..c4838e8e 100644 --- a/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOWin.ps1 +++ b/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOWin.ps1 @@ -41,7 +41,7 @@ $now=Get-Date echo "AWS Observability Script initiated at : $now" #identify sumo deployment associated with sumo accessId and accessKey -$masterTemplateURL="https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/aws-observability-versions/v2.8.0/sumologic_observability.master.template.yaml" +$masterTemplateURL="https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/aws-observability-versions/v2.9.0/sumologic_observability.master.template.yaml" $apiUrl="https://api.sumologic.com" $deployment="us1" [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 diff --git a/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOWinTest.ps1 b/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOWinTest.ps1 index f261c38c..10e6acf5 100644 --- a/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOWinTest.ps1 +++ b/aws-observability/scripts/AWSOAutoSetupScript/DeployAWSOWinTest.ps1 @@ -41,7 +41,7 @@ $now=Get-Date echo "AWS Observability Script initiated at : $now" #identify sumo deployment associated with sumo accessId and accessKey -$masterTemplateURL="https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/aws-observability-versions/v2.8.0/sumologic_observability.master.template.yaml" +$masterTemplateURL="https://sumologic-appdev-aws-sam-apps.s3.amazonaws.com/aws-observability-versions/v2.9.0/sumologic_observability.master.template.yaml" $apiUrl="https://api.sumologic.com" $deployment="us1" [Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 diff --git a/aws-observability/scripts/DeployTemplate/DeployTemplate.sh b/aws-observability/scripts/DeployTemplate/DeployTemplate.sh index b97f03c6..7a90fdad 100755 --- a/aws-observability/scripts/DeployTemplate/DeployTemplate.sh +++ b/aws-observability/scripts/DeployTemplate/DeployTemplate.sh @@ -19,7 +19,7 @@ export parameters_path=parameters-${ENV_NAME}.json # Downloading the template to local for use. Remove if the template with same name if already present. rm sumologic_observability_template.yaml -aws s3 cp s3://sumologic-appdev-aws-sam-apps/aws-observability-versions/v2.8.0/sumologic_observability.master.template.yaml sumologic_observability_template.yaml +aws s3 cp s3://sumologic-appdev-aws-sam-apps/aws-observability-versions/v2.9.0/sumologic_observability.master.template.yaml sumologic_observability_template.yaml # Deploy the template. If the Stack name already exist, stack will be updated else created. aws cloudformation deploy --profile ${AWS_PROFILE} --region ${AWS_REGION} \ diff --git a/aws-observability/scripts/JsonToS3.sh b/aws-observability/scripts/JsonToS3.sh index 614f88d8..f2cf6a50 100644 --- a/aws-observability/scripts/JsonToS3.sh +++ b/aws-observability/scripts/JsonToS3.sh @@ -5,7 +5,7 @@ echo "Start S3 upload Script....." export AWS_PROFILE="prod" export bucket_name=sumologic-appdev-aws-sam-apps -export version=v2.8.0 +export version=v2.9.0 export match_case="App" if [[ ${AWS_PROFILE} == 'default' ]] diff --git a/aws-observability/scripts/TestTemplate.sh b/aws-observability/scripts/TestTemplate.sh index 1cb344df..36197e39 100644 --- a/aws-observability/scripts/TestTemplate.sh +++ b/aws-observability/scripts/TestTemplate.sh @@ -1,7 +1,7 @@ #!/bin/sh export folder_name=rootcause -export template_version="v2.8.0" +export template_version="v2.9.0" export template_bucket="sumologic-appdev-aws-sam-apps" export lambda_arn="arn:aws:lambda:ap-south-1:668508221233:function:LambdaFucntion-LambdaHelper-1C1GGLRYPWBB0" diff --git a/aws-observability/sync.sh b/aws-observability/sync.sh index 11a96d1a..fc721909 100644 --- a/aws-observability/sync.sh +++ b/aws-observability/sync.sh @@ -6,7 +6,7 @@ APPS_TEMPLATES_DIR=./apps APPS_JSON_DIR=./json # Bucket name -CF_VERSION=v2.8.0 +CF_VERSION=v2.9.0 BUCKET_REGION=us-east-1 BUCKET=sumologic-appdev-aws-sam-apps S3_KEY_PREFIX=aws-observability-versions/${CF_VERSION} diff --git a/aws-observability/templates/sumologic_observability.mp.test.yaml b/aws-observability/templates/sumologic_observability.mp.test.yaml index 0689cfe9..10a92749 100755 --- a/aws-observability/templates/sumologic_observability.mp.test.yaml +++ b/aws-observability/templates/sumologic_observability.mp.test.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: '2010-09-09' -Description: "Version - v2.8.0. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will automate the setup of the AWS Observability Solution. For more information on each parameter, please see the AWS Observability Setup Guide: https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/01_Deploy_and_Use_AWS_Observability/05_Deploy_AWS_Observability" +Description: "Version - v2.9.0. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will automate the setup of the AWS Observability Solution. For more information on each parameter, please see the AWS Observability Setup Guide: https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/01_Deploy_and_Use_AWS_Observability/05_Deploy_AWS_Observability" Metadata: 'AWS::CloudFormation::Interface': @@ -500,7 +500,7 @@ Mappings: CommonData: NestedTemplate: BucketName: "sumologic-appdev-aws-sam-apps" - Version: "v2.8.0" + Version: "v2.9.0" CollectorDetails: SumoLogicAccountID: 246946804217 CollectorNamePrefix: "aws-observability" diff --git a/aws-observability/templates/sumologic_observability.mp.yaml b/aws-observability/templates/sumologic_observability.mp.yaml index a9fb7bdf..9451b9b4 100755 --- a/aws-observability/templates/sumologic_observability.mp.yaml +++ b/aws-observability/templates/sumologic_observability.mp.yaml @@ -1,5 +1,5 @@ AWSTemplateFormatVersion: '2010-09-09' -Description: "Version - v2.8.0. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will automate the setup of the AWS Observability Solution. For more information on each parameter, please see the AWS Observability Setup Guide: https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/01_Deploy_and_Use_AWS_Observability/05_Deploy_AWS_Observability" +Description: "Version - v2.9.0. Note: Before deploying this template, please select the appropriate region. This CloudFormation template will automate the setup of the AWS Observability Solution. For more information on each parameter, please see the AWS Observability Setup Guide: https://help.sumologic.com/Observability_Solution/AWS_Observability_Solution/01_Deploy_and_Use_AWS_Observability/05_Deploy_AWS_Observability" Metadata: 'AWS::CloudFormation::Interface': @@ -498,7 +498,7 @@ Mappings: CommonData: NestedTemplate: BucketName: "sumologic-appdev-aws-sam-apps" - Version: "v2.8.0" + Version: "v2.9.0" CollectorDetails: SumoLogicAccountID: 926226587429 CollectorNamePrefix: "aws-observability" From de66df237b820eb80f626909f1050e9005a9cd81 Mon Sep 17 00:00:00 2001 From: Akhil Dangore Date: Tue, 23 Jul 2024 12:22:38 +0530 Subject: [PATCH 31/34] Optimized permissions policy --- ...abilityCFTemplateOptimizedPermissions.json | 87 +++++++++++++++++++ 1 file changed, 87 insertions(+) create mode 100644 aws-observability/apps/permissionchecker/AWSObservabilityCFTemplateOptimizedPermissions.json diff --git a/aws-observability/apps/permissionchecker/AWSObservabilityCFTemplateOptimizedPermissions.json b/aws-observability/apps/permissionchecker/AWSObservabilityCFTemplateOptimizedPermissions.json new file mode 100644 index 00000000..a3aeb380 --- /dev/null +++ b/aws-observability/apps/permissionchecker/AWSObservabilityCFTemplateOptimizedPermissions.json @@ -0,0 +1,87 @@ +{ + "Version": "2012-10-17", + "Statement": [ + { + "Sid": "AWSObservability", + "Effect": "Allow", + "Action": [ + "cloudformation:CreateChangeSet", + "cloudformation:CreateStack", + "cloudformation:DeleteStack", + "cloudformation:DescribeStackEvents", + "cloudformation:DescribeStacks", + "cloudformation:GetStackPolicy", + "cloudformation:GetTemplate", + "cloudformation:ListStackResources", + "cloudformation:ListStacks", + "cloudtrail:CreateTrail", + "cloudtrail:DeleteTrail", + "cloudtrail:DescribeTrails", + "cloudtrail:StartLogging", + "cloudwatch:DeleteAlarms", + "cloudwatch:DeleteMetricStream", + "cloudwatch:PutMetricAlarm", + "events:DeleteRule", + "events:DescribeRule", + "events:PutRule", + "events:PutTargets", + "events:RemoveTargets", + "firehose:CreateDeliveryStream", + "firehose:DeleteDeliveryStream", + "firehose:DescribeDeliveryStream", + "iam:AttachRolePolicy", + "iam:CreateRole", + "iam:DeleteRole", + "iam:DeleteRolePolicy", + "iam:DetachRolePolicy", + "iam:GetRole", + "iam:GetRolePolicy", + "iam:PutRolePolicy", + "iam:UpdateRole", + "iam:PassRole", + "iam:TagRole", + "lambda:AddPermission", + "lambda:CreateFunction", + "lambda:DeleteFunction", + "lambda:GetFunction", + "lambda:InvokeFunction", + "lambda:RemovePermission", + "lambda:ListTags", + "lambda:TagResource", + "lambda:UpdateFunctionCode", + "lambda:UpdateFunctionConfiguration", + "logs:CreateLogGroup", + "logs:CreateLogStream", + "logs:DeleteLogGroup", + "logs:DeleteLogStream", + "logs:DeleteSubscriptionFilter", + "logs:DescribeLogGroups", + "logs:DescribeSubscriptionFilters", + "logs:PutRetentionPolicy", + "logs:PutSubscriptionFilter", + "s3:CreateBucket", + "s3:DeleteBucket", + "s3:DeleteBucketPolicy", + "s3:GetBucketPolicy", + "s3:PutBucketNotification", + "s3:PutBucketPolicy", + "s3:PutBucketPublicAccessBlock", + "s3:GetObject", + "s3:ListBucket", + "serverlessrepo:CreateCloudFormationTemplate", + "serverlessrepo:GetCloudFormationTemplate", + "sns:CreateTopic", + "sns:DeleteTopic", + "sns:GetTopicAttributes", + "sns:ListSubscriptionsByTopic", + "sns:SetTopicAttributes", + "sns:Subscribe", + "sns:Unsubscribe", + "sqs:CreateQueue", + "sqs:DeleteQueue", + "sqs:GetQueueAttributes" + ], + "Resource": "*" + } + ] +} \ No newline at end of file From a84108d73b12b07e25587d73fda6dd970d34acc1 Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Thu, 25 Jul 2024 16:39:26 +0530 Subject: [PATCH 32/34] Updating log-group-connector sam version to 1.0.12 --- aws-observability-terraform/source-module/main.tf | 4 ++-- aws-observability/apps/autoenable/auto_enable.template.yaml | 2 +- .../permissioncheck.nested.template.test.yaml | 2 +- .../permissionchecker/permissioncheck.nested.template.yaml | 2 +- 4 files changed, 5 insertions(+), 5 deletions(-) diff --git a/aws-observability-terraform/source-module/main.tf b/aws-observability-terraform/source-module/main.tf index b8807b38..eb933a96 100644 --- a/aws-observability-terraform/source-module/main.tf +++ b/aws-observability-terraform/source-module/main.tf @@ -234,7 +234,7 @@ module "cloudwatch_logs_lambda_log_forwarder_module" { } auto_enable_logs_subscription = var.auto_enable_logs_subscription - app_semantic_version = "1.0.11" + app_semantic_version = "1.0.12" auto_enable_logs_subscription_options = { filter = var.auto_enable_logs_subscription_options.filter } @@ -263,7 +263,7 @@ module "kinesis_firehose_for_logs_module" { } auto_enable_logs_subscription = var.auto_enable_logs_subscription - app_semantic_version = "1.0.11" + app_semantic_version = "1.0.12" auto_enable_logs_subscription_options = { filter = var.auto_enable_logs_subscription_options.filter } diff --git a/aws-observability/apps/autoenable/auto_enable.template.yaml b/aws-observability/apps/autoenable/auto_enable.template.yaml index b8e4ced6..ead02638 100644 --- a/aws-observability/apps/autoenable/auto_enable.template.yaml +++ b/aws-observability/apps/autoenable/auto_enable.template.yaml @@ -154,7 +154,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-loggroup-connector - SemanticVersion: 1.0.11 + SemanticVersion: 1.0.12 Parameters: DestinationArnType: !Ref AutoSubscribeDestinationARNType DestinationArnValue: !Ref AutoSubscribeDestinationARN diff --git a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml index f6587c2b..0d45dbde 100644 --- a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml +++ b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.test.yaml @@ -672,7 +672,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-loggroup-connector - SemanticVersion: 1.0.11 + SemanticVersion: 1.0.12 Parameters: DestinationArnType: "Lambda" DestinationArnValue: !GetAtt CloudWatchEventFunction.Outputs.SumoCWLogsLambdaArn diff --git a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml index 53be785f..a34e94fc 100644 --- a/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml +++ b/aws-observability/apps/permissionchecker/permissioncheck.nested.template.yaml @@ -670,7 +670,7 @@ Resources: Properties: Location: ApplicationId: arn:aws:serverlessrepo:us-east-1:956882708938:applications/sumologic-loggroup-connector - SemanticVersion: 1.0.11 + SemanticVersion: 1.0.12 Parameters: DestinationArnType: "Lambda" DestinationArnValue: !GetAtt CloudWatchEventFunction.Outputs.SumoCWLogsLambdaArn From 0da2df5c92eade781cdf25d9133a5b98952f2114 Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Wed, 31 Jul 2024 16:19:27 +0530 Subject: [PATCH 33/34] Adding telemetry endpoint --- .../templates/sumologic_observability.master.template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/aws-observability/templates/sumologic_observability.master.template.yaml b/aws-observability/templates/sumologic_observability.master.template.yaml index 0d6336f9..f314b925 100644 --- a/aws-observability/templates/sumologic_observability.master.template.yaml +++ b/aws-observability/templates/sumologic_observability.master.template.yaml @@ -622,7 +622,7 @@ Resources: solutionName: 'AWSO' solutionVersion: 'v2.9.0' deploymentSource: 'cloudFormation' - TelemetryEndpoint: "" + TelemetryEndpoint: "https://endpoint1.collection.us2.sumologic.com/receiver/v1/http/ZaVnC4dhaV1S68eao6UYB3LFtqQ7ur1xYlT1EHCfXdhvi6uPNc0aUXIpvq5i_aHewOp5xxxwnGZ5MmSWDR6qV5td4exMM4pZE4Tk6rqKvgextLx7I6IRpg==" scanInterval: 60 ToUpdate: Fn::Base64: !Sub From 8e64f7e5e3fcf0259632e238a9f6fd686acc4d18 Mon Sep 17 00:00:00 2001 From: Himanshu Sharma Date: Fri, 2 Aug 2024 11:56:00 +0530 Subject: [PATCH 34/34] skipping cfn lint tests --- .github/workflows/cf-test.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cf-test.yml b/.github/workflows/cf-test.yml index 73deeab1..a69417db 100644 --- a/.github/workflows/cf-test.yml +++ b/.github/workflows/cf-test.yml @@ -14,7 +14,7 @@ jobs: - name: Print the Cloud Formation Linter Version & run Linter. run: | - cfn-lint aws-observability/**/*.yaml --ignore-templates aws-observability/**/*TestTemplate.yaml + cfn-lint aws-observability/**/*.yaml --ignore-templates aws-observability/**/*TestTemplate.yaml --ignore-checks W3011 CFSecurityChecksCheckovt: name: "Security Checks (checkov)"