From bf202793eb84d10f2442f3427c0e0634d01c952e Mon Sep 17 00:00:00 2001 From: Sandra Soinska Date: Mon, 4 Nov 2024 16:50:24 +0000 Subject: [PATCH 1/3] IPS-1120 piiredact function to be invoke on the alias --- infrastructure/template.yaml | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/infrastructure/template.yaml b/infrastructure/template.yaml index 63dd28b1..4c23b3a8 100644 --- a/infrastructure/template.yaml +++ b/infrastructure/template.yaml @@ -2158,7 +2158,7 @@ Resources: PIIRedactFunctionCloudWatchPermissions: Type: AWS::Lambda::Permission Properties: - FunctionName: !GetAtt PIIRedactFunction.Arn + FunctionName: !Ref PIIRedactFunction.Alias Action: lambda:InvokeFunction Principal: !Join [ ".", [ "logs", !Ref "AWS::Region", "amazonaws.com" ] ] SourceAccount: !Ref AWS::AccountId @@ -2168,7 +2168,7 @@ Resources: DependsOn: PIIRedactFunctionCloudWatchPermissions Properties: FilterName: "PII Redaction" - DestinationArn: !GetAtt PIIRedactFunction.Arn + DestinationArn: !Ref PIIRedactFunction.Alias FilterPattern: "" LogGroupName: !Ref NinoCheckStateMachineLogGroup @@ -2177,7 +2177,7 @@ Resources: DependsOn: PIIRedactFunctionCloudWatchPermissions Properties: FilterName: "PII Redaction" - DestinationArn: !GetAtt PIIRedactFunction.Arn + DestinationArn: !Ref PIIRedactFunction.Alias FilterPattern: "" LogGroupName: !Ref AbandonStateMachineLogGroup @@ -2186,7 +2186,7 @@ Resources: DependsOn: PIIRedactFunctionCloudWatchPermissions Properties: FilterName: "PII Redaction" - DestinationArn: !GetAtt PIIRedactFunction.Arn + DestinationArn: !Ref PIIRedactFunction.Alias FilterPattern: "" LogGroupName: !Ref NinoIssueCredentialLogGroup @@ -2195,7 +2195,7 @@ Resources: DependsOn: PIIRedactFunctionCloudWatchPermissions Properties: FilterName: "PII Redaction" - DestinationArn: !GetAtt PIIRedactFunction.Arn + DestinationArn: !Ref PIIRedactFunction.Alias FilterPattern: "" LogGroupName: !Ref CheckSessionStateMachineLogGroup @@ -2204,7 +2204,7 @@ Resources: DependsOn: PIIRedactFunctionCloudWatchPermissions Properties: FilterName: "PII Redaction" - DestinationArn: !GetAtt PIIRedactFunction.Arn + DestinationArn: !Ref PIIRedactFunction.Alias FilterPattern: "" LogGroupName: !Ref AuditEventStateMachineLogGroup From 3cecc624bb731458690c5cefc9eba2af84ec982c Mon Sep 17 00:00:00 2001 From: Sandra Soinska Date: Tue, 5 Nov 2024 10:56:39 +0000 Subject: [PATCH 2/3] IPS-1120 lambda deployment allowed value added --- infrastructure/template.yaml | 1 + 1 file changed, 1 insertion(+) diff --git a/infrastructure/template.yaml b/infrastructure/template.yaml index 4c23b3a8..a4d8a890 100644 --- a/infrastructure/template.yaml +++ b/infrastructure/template.yaml @@ -54,6 +54,7 @@ Parameters: - Canary10Percent10Minutes - Canary10Percent15Minutes - Canary10Percent30Minutes + - Linear10PercentEvery1Minute StepFunctionsDeploymentPreference: Description: "Specifies the configuration to enable gradual StepFunction deployments. It can be used to set deployment type and also allows skipping canary deployment by setting to 'ALL_AT_ONCE'" Type: String From 7bfb73447eae0aabe16d265c9749cb8cb1071e38 Mon Sep 17 00:00:00 2001 From: Sandra Soinska Date: Wed, 6 Nov 2024 11:20:18 +0000 Subject: [PATCH 3/3] IPS-1120 5xx error alarms added for state machines invoked via API GW --- infrastructure/template.yaml | 90 ++++++++++++++++++++++++++++++++++++ 1 file changed, 90 insertions(+) diff --git a/infrastructure/template.yaml b/infrastructure/template.yaml index a4d8a890..d99affd6 100644 --- a/infrastructure/template.yaml +++ b/infrastructure/template.yaml @@ -1685,6 +1685,96 @@ Resources: ComparisonOperator: GreaterThanOrEqualToThreshold TreatMissingData: notBreaching + AbandonStateMachineCanary5xxErrors: + Type: AWS::CloudWatch::Alarm + Condition: UseCanaryDeploymentAlarms + Properties: + ActionsEnabled: false + AlarmActions: + - !ImportValue platform-alarm-warning-alert-topic + OKActions: + - !ImportValue platform-alarm-warning-alert-topic + AlarmDescription: "AbandonStateMachine returning 5xx response." + Namespace: AWS/ApiGateway + MetricName: 5XXError + Dimensions: + - Name: ApiName + Value: !Sub "${AWS::StackName}-private" + - Name: Method + Value: POST + - Name: Stage + Value: !Ref Environment + - Name: Resource + Value: /abandon + Statistic: Sum + Unit: Count + Period: 60 + EvaluationPeriods: 3 + DatapointsToAlarm: 2 + Threshold: 1 + ComparisonOperator: GreaterThanOrEqualToThreshold + TreatMissingData: notBreaching + + NinoCheckStateMachineCanary5xxErrors: + Type: AWS::CloudWatch::Alarm + Condition: UseCanaryDeploymentAlarms + Properties: + ActionsEnabled: false + AlarmActions: + - !ImportValue platform-alarm-warning-alert-topic + OKActions: + - !ImportValue platform-alarm-warning-alert-topic + AlarmDescription: "NinoCheckStateMachine returning 5xx response." + Namespace: AWS/ApiGateway + MetricName: 5XXError + Dimensions: + - Name: ApiName + Value: !Sub "${AWS::StackName}-private" + - Name: Method + Value: POST + - Name: Stage + Value: !Ref Environment + - Name: Resource + Value: /check + Statistic: Sum + Unit: Count + Period: 60 + EvaluationPeriods: 3 + DatapointsToAlarm: 2 + Threshold: 1 + ComparisonOperator: GreaterThanOrEqualToThreshold + TreatMissingData: notBreaching + + NinoIssueCredentialStateMachineCanary5xxErrors: + Type: AWS::CloudWatch::Alarm + Condition: UseCanaryDeploymentAlarms + Properties: + ActionsEnabled: false + AlarmActions: + - !ImportValue platform-alarm-warning-alert-topic + OKActions: + - !ImportValue platform-alarm-warning-alert-topic + AlarmDescription: "NinoIssueCredentialStateMachine returning 5xx response." + Namespace: AWS/ApiGateway + MetricName: 5XXError + Dimensions: + - Name: ApiName + Value: !Sub "${AWS::StackName}-public" + - Name: Method + Value: POST + - Name: Stage + Value: !Ref Environment + - Name: Resource + Value: /credential/issue + Statistic: Sum + Unit: Count + Period: 60 + EvaluationPeriods: 3 + DatapointsToAlarm: 2 + Threshold: 1 + ComparisonOperator: GreaterThanOrEqualToThreshold + TreatMissingData: notBreaching + OTGFunctionCanaryErrors: Type: AWS::CloudWatch::Alarm Condition: UseCanaryDeploymentAlarms