-
Notifications
You must be signed in to change notification settings - Fork 0
/
template.yml
127 lines (124 loc) · 4.98 KB
/
template.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
AWSTemplateFormatVersion: "2010-09-09"
Transform: AWS::Serverless-2016-10-31
Description: A collection of utilities that integrate with AWS Health Events
Resources:
# This is a sink custom EventBridge event bus. It's intended to exist in one
# region in an AWS Organization's management account (or the delegated
# administrator account of an organization).
#
# Once the AWS Health Organizational view has been enabled for the
# organization, all health events for all accounts that belong to the
# organization will be delivered to AWS Health of the management/delegated
# account.
# https://docs.aws.amazon.com/health/latest/ug/aggregate-events.html
#
# AWS Health delivers health events to the default bus in the region where
# the event occurs.
#
# All health events within the management/delegated account (and thus all
# health events for the organization) are expected to be sent to this custom
# event bus. Thisis done by creating rules on the default event buses in all
# regions of the management/delegated account, which forward all AWS Health
# events to this bus.
#
# Any tooling that responds to AWS Health events can subscribe to the
# relevant events on this bus.
#
# This bus should always be called `HealthEvents-sink`, as that is what the
# rules on all default buses expect.
MgmtSinkEventBus:
Type: AWS::Events::EventBus
Properties:
Name: HealthEvents-sink
MgmtSinkEventBusPolicy:
# TODO Should have a Condition to limit this to events sent by events.amazonaws.com
# since it's only intended to get events from other event buses, not from
# any arbitrary sender
Type: AWS::Events::EventBusPolicy
Properties:
EventBusName: !Ref MgmtSinkEventBus
StatementId: AllowEventsToHealthSink
Statement:
Action: events:PutEvents
Condition:
StringEquals:
aws:ResourceAccount: ${aws:PrincipalAccount}
Effect: Allow
Principal: "*"
Resource: !GetAtt MgmtSinkEventBus.Arn
# Watches the default event bus for certain types of health events and sends
# notifications to Slack. See the Lambda function code for details about
# which event types are included.
SlackNotificationsFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: src/slack-notifications
Description: >-
Sends messages to Slack in response to AWS Health Events
Environment:
Variables:
AWS_NODEJS_CONNECTION_REUSE_ENABLED: "1"
Events:
PublicHealthEvent:
Properties:
EventBusName: !Ref MgmtSinkEventBus
Pattern:
detail-type:
- AWS Health Event
source:
- aws.health
Type: EventBridgeRule
Handler: index.handler
MemorySize: 192
Policies:
- Statement:
- Action: events:PutEvents
Effect: Allow
Resource: !Sub arn:${AWS::Partition}:events:${AWS::Region}:${AWS::AccountId}:event-bus/default
Version: "2012-10-17"
Runtime: nodejs22.x
Tags:
prx:meta:tagging-version: "2021-04-07"
prx:cloudformation:stack-name: !Ref AWS::StackName
prx:cloudformation:stack-id: !Ref AWS::StackId
prx:ops:environment: Production
prx:dev:application: Health Events Toolkit
Timeout: 20
SlackNotificationsLogGroup:
Type: AWS::Logs::LogGroup
DeletionPolicy: Delete
UpdateReplacePolicy: Delete
Properties:
LogGroupName: !Sub /aws/lambda/${SlackNotificationsFunction}
RetentionInDays: 14
Tags:
- { Key: prx:meta:tagging-version, Value: "2021-04-07" }
- { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName }
- { Key: prx:cloudformation:stack-id, Value: !Ref AWS::StackId }
- { Key: prx:ops:environment, Value: Production }
- { Key: prx:dev:application, Value: Health Events Toolkit }
SlackNotificationsErrorAlarm:
Type: AWS::CloudWatch::Alarm
Properties:
AlarmName: !Sub ERROR [Health Events] Slack Notifications <prod> FUNCTION ERRORS (${AWS::StackName})
AlarmDescription: >-
The Lambda function that relays AWS Health Events to Slack is
experiencing errors, which means there could be health events that are
not being seen. Check the Health Dashboard in AWS Console.
ComparisonOperator: GreaterThanThreshold
Dimensions:
- Name: FunctionName
Value: !Ref SlackNotificationsFunction
EvaluationPeriods: 1
MetricName: Errors
Namespace: AWS/Lambda
Period: 60
Statistic: Sum
Tags:
- { Key: prx:meta:tagging-version, Value: "2021-04-07" }
- { Key: prx:cloudformation:stack-name, Value: !Ref AWS::StackName }
- { Key: prx:cloudformation:stack-id, Value: !Ref AWS::StackId }
- { Key: prx:ops:environment, Value: Production }
- { Key: prx:dev:application, Value: Health Events Toolkit }
Threshold: 1
TreatMissingData: notBreaching