Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

IPS-1120 piiredact function to be invoke on the alias #488

Closed
wants to merge 4 commits into from
Closed

IPS-1120 piiredact function to be invoke on the alias #488

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
bf20279
IPS-1120 piiredact function to be invoke on the alias
sandragds Nov 4, 2024
3cecc62
IPS-1120 lambda deployment allowed value added
sandragds Nov 5, 2024
7bfb734
IPS-1120 5xx error alarms added for state machines invoked via API GW
sandragds Nov 6, 2024
a905b62
Merge branch 'main' into IPS-1120-piiredact-invoke-on-alias
sandragds Jan 8, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
102 changes: 96 additions & 6 deletions infrastructure/template.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1694,6 +1694,96 @@ Resources:
ComparisonOperator: GreaterThanOrEqualToThreshold
TreatMissingData: notBreaching

AbandonStateMachineCanary5xxErrors:
Type: AWS::CloudWatch::Alarm
Condition: UseCanaryDeploymentAlarms
Properties:
ActionsEnabled: false
AlarmActions:
- !ImportValue platform-alarm-warning-alert-topic
OKActions:
- !ImportValue platform-alarm-warning-alert-topic
AlarmDescription: "AbandonStateMachine returning 5xx response."
Namespace: AWS/ApiGateway
MetricName: 5XXError
Dimensions:
- Name: ApiName
Value: !Sub "${AWS::StackName}-private"
- Name: Method
Value: POST
- Name: Stage
Value: !Ref Environment
- Name: Resource
Value: /abandon
Statistic: Sum
Unit: Count
Period: 60
EvaluationPeriods: 3
DatapointsToAlarm: 2
Threshold: 1
ComparisonOperator: GreaterThanOrEqualToThreshold
TreatMissingData: notBreaching

NinoCheckStateMachineCanary5xxErrors:
Type: AWS::CloudWatch::Alarm
Condition: UseCanaryDeploymentAlarms
Properties:
ActionsEnabled: false
AlarmActions:
- !ImportValue platform-alarm-warning-alert-topic
OKActions:
- !ImportValue platform-alarm-warning-alert-topic
AlarmDescription: "NinoCheckStateMachine returning 5xx response."
Namespace: AWS/ApiGateway
MetricName: 5XXError
Dimensions:
- Name: ApiName
Value: !Sub "${AWS::StackName}-private"
- Name: Method
Value: POST
- Name: Stage
Value: !Ref Environment
- Name: Resource
Value: /check
Statistic: Sum
Unit: Count
Period: 60
EvaluationPeriods: 3
DatapointsToAlarm: 2
Threshold: 1
ComparisonOperator: GreaterThanOrEqualToThreshold
TreatMissingData: notBreaching

NinoIssueCredentialStateMachineCanary5xxErrors:
Type: AWS::CloudWatch::Alarm
Condition: UseCanaryDeploymentAlarms
Properties:
ActionsEnabled: false
AlarmActions:
- !ImportValue platform-alarm-warning-alert-topic
OKActions:
- !ImportValue platform-alarm-warning-alert-topic
AlarmDescription: "NinoIssueCredentialStateMachine returning 5xx response."
Namespace: AWS/ApiGateway
MetricName: 5XXError
Dimensions:
- Name: ApiName
Value: !Sub "${AWS::StackName}-public"
- Name: Method
Value: POST
- Name: Stage
Value: !Ref Environment
- Name: Resource
Value: /credential/issue
Statistic: Sum
Unit: Count
Period: 60
EvaluationPeriods: 3
DatapointsToAlarm: 2
Threshold: 1
ComparisonOperator: GreaterThanOrEqualToThreshold
TreatMissingData: notBreaching

OTGFunctionCanaryErrors:
Type: AWS::CloudWatch::Alarm
Condition: UseCanaryDeploymentAlarms
Expand Down Expand Up @@ -2171,7 +2261,7 @@ Resources:
PIIRedactFunctionCloudWatchPermissions:
Type: AWS::Lambda::Permission
Properties:
FunctionName: !GetAtt PIIRedactFunction.Arn
FunctionName: !Ref PIIRedactFunction.Alias
Action: lambda:InvokeFunction
Principal: !Join [ ".", [ "logs", !Ref "AWS::Region", "amazonaws.com" ] ]
SourceAccount: !Ref AWS::AccountId
Expand All @@ -2181,7 +2271,7 @@ Resources:
DependsOn: PIIRedactFunctionCloudWatchPermissions
Properties:
FilterName: "PII Redaction"
DestinationArn: !GetAtt PIIRedactFunction.Arn
DestinationArn: !Ref PIIRedactFunction.Alias
FilterPattern: ""
LogGroupName: !Ref NinoCheckStateMachineLogGroup

Expand All @@ -2190,7 +2280,7 @@ Resources:
DependsOn: PIIRedactFunctionCloudWatchPermissions
Properties:
FilterName: "PII Redaction"
DestinationArn: !GetAtt PIIRedactFunction.Arn
DestinationArn: !Ref PIIRedactFunction.Alias
FilterPattern: ""
LogGroupName: !Ref AbandonStateMachineLogGroup

Expand All @@ -2199,7 +2289,7 @@ Resources:
DependsOn: PIIRedactFunctionCloudWatchPermissions
Properties:
FilterName: "PII Redaction"
DestinationArn: !GetAtt PIIRedactFunction.Arn
DestinationArn: !Ref PIIRedactFunction.Alias
FilterPattern: ""
LogGroupName: !Ref NinoIssueCredentialLogGroup

Expand All @@ -2208,7 +2298,7 @@ Resources:
DependsOn: PIIRedactFunctionCloudWatchPermissions
Properties:
FilterName: "PII Redaction"
DestinationArn: !GetAtt PIIRedactFunction.Arn
DestinationArn: !Ref PIIRedactFunction.Alias
FilterPattern: ""
LogGroupName: !Ref CheckSessionStateMachineLogGroup

Expand All @@ -2217,7 +2307,7 @@ Resources:
DependsOn: PIIRedactFunctionCloudWatchPermissions
Properties:
FilterName: "PII Redaction"
DestinationArn: !GetAtt PIIRedactFunction.Arn
DestinationArn: !Ref PIIRedactFunction.Alias
FilterPattern: ""
LogGroupName: !Ref AuditEventStateMachineLogGroup

Expand Down
Loading