This repository has been archived by the owner on Sep 18, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 30
/
marbot-standalone-topic.yml
152 lines (152 loc) · 5.2 KB
/
marbot-standalone-topic.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
---
# Copyright widdix GmbH
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
AWSTemplateFormatVersion: '2010-09-09'
Description: 'marbot.io: Standalone SNS topic (https://github.com/marbot-io/monitoring-jump-start)'
Metadata:
'AWS::CloudFormation::Interface':
ParameterGroups:
- Label:
default: 'marbot endpoint'
Parameters:
- EndpointId
- Stage
Parameters:
EndpointId:
Description: 'Your marbot endpoint ID (to get this value: select a channel where marbot belongs to and send a message like this: "@marbot show me my endpoint id").'
Type: String
Stage:
Description: 'marbot stage (never change this!).'
Type: String
Default: v1
AllowedValues: [v1, dev]
Resources:
Topic:
Type: 'AWS::SNS::Topic'
Properties: {}
TopicPolicy:
Type: 'AWS::SNS::TopicPolicy'
Properties:
PolicyDocument:
Id: Id1
Version: '2012-10-17'
Statement:
- Sid: Sid1
Effect: Allow
Principal:
Service:
- 'events.amazonaws.com' # Allow EventBridge
- 'budgets.amazonaws.com' # Allow Budget Notifications
- 'rds.amazonaws.com' # Allow RDS Events
- 's3.amazonaws.com' # Allow S3 Event Notifications
- 'backup.amazonaws.com' # Allow Backup Events
- 'codestar-notifications.amazonaws.com' # Allow CodeStar Notifications
- 'devops-guru.amazonaws.com' # Allow DevOps Guru Notifications
Action: 'sns:Publish'
Resource: !Ref Topic
- Sid: Sid2
Effect: Allow
Principal:
AWS: '*' # Allow CloudWatch Alarms, ElastiCache Notifications, Elastic Beanstalk Notifications, Auto Scaling Notification
Action: 'sns:Publish'
Resource: !Ref Topic
Condition:
StringEquals:
'AWS:SourceOwner': !Ref 'AWS::AccountId'
- Sid: Sid3
Effect: Allow
Principal:
Service: 'ses.amazonaws.com' # Allow SES Notifications & Events
Action: 'sns:Publish'
Resource: !Ref Topic
Condition:
StringEquals:
'AWS:Referer': !Ref 'AWS::AccountId'
- Sid: Sid4 # Allow Amazon Inspector (https://docs.aws.amazon.com/inspector/latest/userguide/inspector_assessments.html#sns-topic)
Effect: Allow
Principal:
AWS:
- 'arn:aws:iam::646659390643:root'
- 'arn:aws:iam::316112463485:root'
- 'arn:aws:iam::166987590008:root'
- 'arn:aws:iam::758058086616:root'
- 'arn:aws:iam::162588757376:root'
- 'arn:aws:iam::526946625049:root'
- 'arn:aws:iam::454640832652:root'
- 'arn:aws:iam::406045910587:root'
- 'arn:aws:iam::537503971621:root'
- 'arn:aws:iam::357557129151:root'
- 'arn:aws:iam::146838936955:root'
- 'arn:aws:iam::453420244670:root'
Action: 'sns:Publish'
Resource: !Ref Topic
Topics:
- !Ref Topic
TopicEndpointSubscription:
DependsOn: TopicPolicy
Type: 'AWS::SNS::Subscription'
Properties:
DeliveryPolicy:
healthyRetryPolicy:
minDelayTarget: 1
maxDelayTarget: 60
numRetries: 100
numNoDelayRetries: 0
backoffFunction: exponential
throttlePolicy:
maxReceivesPerSecond: 1
Endpoint: !Sub 'https://api.marbot.io/${Stage}/endpoint/${EndpointId}'
Protocol: https
TopicArn: !Ref Topic
MonitoringJumpStartEvent:
DependsOn: TopicEndpointSubscription
Type: 'AWS::Events::Rule'
Properties:
Description: 'Monitoring Jump Start connection. (created by marbot)'
ScheduleExpression: 'rate(30 days)'
State: ENABLED
Targets:
- Arn: !Ref Topic
Id: marbot
Input: !Sub |
{
"Type": "monitoring-jump-start-connection",
"StackTemplate": "marbot-standalone-topic",
"StackVersion": "1.3.0",
"Partition": "${AWS::Partition}",
"AccountId": "${AWS::AccountId}",
"Region": "${AWS::Region}",
"StackId": "${AWS::StackId}",
"StackName": "${AWS::StackName}"
}
Outputs:
StackName:
Description: 'Stack name.'
Value: !Sub '${AWS::StackName}'
StackTemplate:
Description: 'Stack template.'
Value: 'marbot-standalone-topic'
StackVersion:
Description: 'Stack version.'
Value: '1.3.0'
TopicName:
Description: 'The name of the SNS topic.'
Value: !GetAtt 'Topic.TopicName'
Export:
Name: !Sub '${AWS::StackName}-TopicName'
TopicArn:
Description: 'The ARN of the SNS topic.'
Value: !Ref Topic
Export:
Name: !Sub '${AWS::StackName}-TopicArn'