forked from org-formation/org-formation-cli
-
Notifications
You must be signed in to change notification settings - Fork 0
/
budget-alarms.yml
82 lines (70 loc) · 2.73 KB
/
budget-alarms.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
AWSTemplateFormatVersion: '2010-09-09-OC'
# Include file that contains Organization Section.
# The Organization Section describes Accounts, Organizational Units, etc.
Organization: !Include ../organization.yml
# Any Binding that does not explicitly specify a region will default to this.
# Value can be either string or list
DefaultOrganizationBindingRegion: eu-central-1
# Bindings determine what resources are deployed where
# These bindings can be !Ref'd from the Resources in the resource section
# Any Resource that does not specify a binding will use this binding.
DefaultOrganizationBinding:
AccountsWithTag: budget-alarm-threshold
Parameters:
resourcePrefix:
Type: String
Default: my
alarmSubscriptionProtocol:
Type: String
Default: email
alarmSubscriptionEndpoint:
Type: String
Default: !GetAtt AWSAccount.Tags.account-owner-email
Resources:
# note that changing some attributes on Budget resources will result in an error.
# this unfortunately is a cloudformation error described here: https://github.com/aws-cloudformation/aws-cloudformation-coverage-roadmap/issues/365
# workaround is to delete the budget resource and then re-add it.
Budget:
Type: AWS::Budgets::Budget
Properties:
Budget:
BudgetName: !Sub '${resourcePrefix}-budget-${AWSAccount.Alias}' # AWSAccount.Alias resolves to IAM Alias of current account
BudgetLimit:
Amount: !GetAtt AWSAccount.Tags.budget-alarm-threshold # Resolves to value of tag of current account
Unit: USD
TimeUnit: MONTHLY
BudgetType: COST
NotificationsWithSubscribers:
- Notification:
NotificationType: FORECASTED
ComparisonOperator: GREATER_THAN
Threshold: 90
Subscribers:
- SubscriptionType: SNS
Address: !Ref BudgetAlarmTopic
- SubscriptionType: EMAIL
Address: [email protected]
BudgetAlarmTopic:
Type: AWS::SNS::Topic
Properties:
TopicName: !Sub '${resourcePrefix}-budget-alarm-notification'
DisplayName: !Sub
- 'Budget Alarm for ${AWSAccount.AccountName} (forecasted threshold greater than ${threshold})'
- { threshold: !GetAtt AWSAccount.Tags.budget-alarm-threshold}
Subscription:
- Protocol: !Ref alarmSubscriptionProtocol
Endpoint: !Ref alarmSubscriptionEndpoint
AlarmTopicPolicy:
Type: AWS::SNS::TopicPolicy
Properties:
Topics:
- !Ref BudgetAlarmTopic
PolicyDocument:
Version: 2012-10-17
Statement:
- Sid: AllowBudgetPublish
Effect: Allow
Principal:
Service: budgets.amazonaws.com
Action: sns:publish
Resource: !Ref BudgetAlarmTopic