--- # Copyright 2018 widdix GmbH # # Licensed under the Apache License, Version 2.0 (the "License"); # you may not use this file except in compliance with the License. # You may obtain a copy of the License at # # http://www.apache.org/licenses/LICENSE-2.0 # # Unless required by applicable law or agreed to in writing, software # distributed under the License is distributed on an "AS IS" BASIS, # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. # See the License for the specific language governing permissions and # limitations under the License. AWSTemplateFormatVersion: '2010-09-09' Description: 'cfn-modules: Alerting' # cfn-modules:implements(ExposeArn) Parameters: Email: Description: 'Optional email address that will receive alerts' Type: String Default: '' HttpEndpoint: Description: 'Optional HTTP endpoint that will receive alerts via POST requests' Type: String Default: '' HttpsEndpoint: Description: 'Optional HTTPS endpoint that will receive alerts via POST requests (e.g., marbot.io - a chatbot for AWS monitoring in Slack and Microsoft Teams)' Type: String Default: '' FallbackEmail: Description: 'Optional email address that will receive alerts if alerts can not be delivered' Type: String Default: '' Conditions: HasEmail: !Not [!Equals [!Ref Email, '']] HasHttpEndpoint: !Not [!Equals [!Ref HttpEndpoint, '']] HasHttpsEndpoint: !Not [!Equals [!Ref HttpsEndpoint, '']] HasFallbackEmail: !Not [!Equals [!Ref FallbackEmail, '']] Resources: Topic: Type: 'AWS::SNS::Topic' Properties: {} TopicPolicy: Type: 'AWS::SNS::TopicPolicy' Properties: PolicyDocument: Id: Id1 Version: '2012-10-17' Statement: - Sid: Sid1 Effect: Allow Principal: Service: - 'events.amazonaws.com' # Allow CloudWatch Events - 'budgets.amazonaws.com' # Allow Budget Notifications - 'rds.amazonaws.com' # Allow RDS Events - 's3.amazonaws.com' # Allow S3 Event Notifications - 'backup.amazonaws.com' # Allow Backup Events Action: 'sns:Publish' Resource: !Ref Topic - Sid: Sid2 Effect: Allow Principal: AWS: '*' # Allow CloudWatch Alarms, ElastiCache Notifications, Elastic Beanstalk Notifications, Auto Scaling Notification Action: 'sns:Publish' Resource: !Ref Topic Condition: StringEquals: 'AWS:SourceOwner': !Ref 'AWS::AccountId' - Sid: Sid3 Effect: Allow Principal: Service: 'ses.amazonaws.com' # Allow SES Notifications & Events Action: 'sns:Publish' Resource: !Ref Topic Condition: StringEquals: 'AWS:Referer': !Ref 'AWS::AccountId' Topics: - !Ref Topic FallbackTopic: Type: 'AWS::SNS::Topic' Properties: {} NumberOfNotificationsFailedTooHighAlarm: Type: 'AWS::CloudWatch::Alarm' Properties: AlarmDescription: 'Alerts could not be delivered' Namespace: 'AWS/SNS' MetricName: NumberOfNotificationsFailed Statistic: Sum Period: 60 EvaluationPeriods: 1 ComparisonOperator: GreaterThanThreshold Threshold: 0 AlarmActions: - !Ref FallbackTopic Dimensions: - Name: TopicName Value: !GetAtt Topic.TopicName TreatMissingData: notBreaching EmailSubscription: Condition: HasEmail Type: 'AWS::SNS::Subscription' Properties: Endpoint: !Ref Email Protocol: email TopicArn: !Ref Topic HttpEndpointSubscription: Condition: HasHttpEndpoint Type: 'AWS::SNS::Subscription' Properties: DeliveryPolicy: healthyRetryPolicy: minDelayTarget: 1 maxDelayTarget: 60 numRetries: 100 numNoDelayRetries: 0 backoffFunction: exponential throttlePolicy: maxReceivesPerSecond: 1 Endpoint: !Ref HttpEndpoint Protocol: http TopicArn: !Ref Topic HttpsEndpointSubscription: Condition: HasHttpsEndpoint Type: 'AWS::SNS::Subscription' Properties: DeliveryPolicy: healthyRetryPolicy: minDelayTarget: 1 maxDelayTarget: 60 numRetries: 100 numNoDelayRetries: 0 backoffFunction: exponential throttlePolicy: maxReceivesPerSecond: 1 Endpoint: !Ref HttpsEndpoint Protocol: https TopicArn: !Ref Topic FallbackEmailSubscription: Condition: HasFallbackEmail Type: 'AWS::SNS::Subscription' Properties: Endpoint: !Ref FallbackEmail Protocol: email TopicArn: !Ref FallbackTopic Outputs: ModuleId: Value: 'alerting' ModuleVersion: Value: '1.2.2' StackName: Value: !Ref 'AWS::StackName' Arn: Value: !Ref Topic Export: Name: !Sub '${AWS::StackName}-Arn'