-
Notifications
You must be signed in to change notification settings - Fork 85
/
Copy pathCloudWatchAutoAlarms-CrossAccountEvents.yaml
154 lines (142 loc) · 4.63 KB
/
CloudWatchAutoAlarms-CrossAccountEvents.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
AWSTemplateFormatVersion: '2010-09-09'
Description: CloudFormation template for CloudWatch Auto Alarms with EC2, Lambda, and RDS event rules.
Parameters:
EventState:
Description: State of the CloudWatch event rules (ENABLED or DISABLED).
Type: String
Default: ENABLED
AllowedValues:
- ENABLED
- DISABLED
CloudWatchAutoAlarmsArn:
Description: The ARN of the CloudWatchAutoAlarms Lambda function.
Type: String
CloudWatchAutoAlarmsEventBusArn:
Description: The ARN of the AWS Event Bus where CloudWatchAutoAlarms is deployed.
Type: String
Metadata:
AWS::CloudFormation::Interface:
ParameterGroups:
- Label:
default: "CloudWatch Event Configuration"
Parameters:
- EventState
- CloudWatchAutoAlarmsEventBusArn
- Label:
default: "CloudWatch Auto Alarms Lambda Info"
Parameters:
- CloudWatchAutoAlarmsArn
ParameterLabels:
EventState:
default: "CloudWatch Event State"
CloudWatchAutoAlarmsFunctionArn:
default: "CloudWatchAutoAlarms Lambda Function ARN"
CloudWatchAutoAlarmsEventBusArn:
default: "Event Bus ARN where CloudWatchAutoAlarms Lambda Function is deployed"
Resources:
EventBridgePutEventsRole:
Type: AWS::IAM::Role
Properties:
AssumeRolePolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Principal:
Service: "events.amazonaws.com"
Action: "sts:AssumeRole"
Policies:
- PolicyName: "PutEventsToCloudWatchAutoAlarmsBEventBus"
PolicyDocument:
Version: "2012-10-17"
Statement:
- Effect: Allow
Action: "events:PutEvents"
Resource: !Ref CloudWatchAutoAlarmsEventBusArn
CloudWatchAutoAlarmCloudwatchEventLambda:
Type: AWS::Events::Rule
Properties:
Name: Initiate-CloudWatchAutoAlarmsLambda
Description: Creates and deletes CloudWatch alarms for lambda functions with the CloudWatchAutoAlarms activation tag.
EventPattern:
{
"source": [
"aws.lambda"
],
"detail-type": [
"AWS API Call via CloudTrail"
],
"detail": {
"eventSource": [
"lambda.amazonaws.com"
],
"eventName": [
"TagResource20170331v2",
"DeleteFunction20150331"
]
}
}
State: !Ref EventState
Targets:
- Arn: !Ref CloudWatchAutoAlarmsEventBusArn
RoleArn: !GetAtt EventBridgePutEventsRole.Arn
Id: TargetCloudWatchAutoAlarms
CloudWatchAutoAlarmCloudwatchEventEC2:
Type: AWS::Events::Rule
Properties:
Name: Initiate-CloudWatchAutoAlarmsEC2
Description: Creates CloudWatch alarms on instance start via Lambda CloudWatchAutoAlarms and deletes them on instance termination.
EventPattern:
{
"source": [
"aws.ec2"
],
"detail-type": [
"EC2 Instance State-change Notification"
],
"detail": {
"state": [
"running",
"terminated"
]
}
}
State: !Ref EventState
Targets:
- Arn: !Ref CloudWatchAutoAlarmsEventBusArn
RoleArn: !GetAtt EventBridgePutEventsRole.Arn
Id: TargetCloudWatchAutoAlarms
CloudWatchAutoAlarmCloudwatchEventRDSCreate:
Type: AWS::Events::Rule
Properties:
Name: Initiate-CloudWatchAutoAlarmsRDSCreate
Description: Creates CloudWatch alarms for RDS instances with CloudWatchAutoAlarms activation tag.
EventPattern:
{
"detail-type": ["AWS API Call via CloudTrail"],
"detail": {
"eventSource": ["rds.amazonaws.com"],
"eventName": ["AddTagsToResource"]
}
}
State: !Ref EventState
Targets:
- Arn: !Ref CloudWatchAutoAlarmsEventBusArn
RoleArn: !GetAtt EventBridgePutEventsRole.Arn
Id: TargetCloudWatchAutoAlarms
CloudWatchAutoAlarmCloudwatchEventRDSDelete:
Type: AWS::Events::Rule
Properties:
Name: Initiate-CloudWatchAutoAlarmsRDSDelete
Description: Deletes CloudWatch alarms for corresponding RDS instance is deleted.
EventPattern:
{
"source": ["aws.rds"],
"detail": {
"EventCategories": ["creation", "deletion"]
}
}
State: !Ref EventState
Targets:
- Arn: !Ref CloudWatchAutoAlarmsEventBusArn
RoleArn: !GetAtt EventBridgePutEventsRole.Arn
Id: TargetCloudWatchAutoAlarms