-
Notifications
You must be signed in to change notification settings - Fork 1
/
template.yaml
147 lines (143 loc) · 4.37 KB
/
template.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
AWSTemplateFormatVersion: '2010-09-09'
Transform: AWS::Serverless-2016-10-31
Description: 'AWS CloudFormation drift-detector to Slack'
Parameters:
DriftDetectionQueueName:
Description: 'SQS queue name'
Type: String
AllowedPattern: '^[-a-zA-Z0-9_]{1,75}$'
Default: 'DriftDetectionQueue'
SlackWebhook:
Description: 'Webhook used to post messages about drift detection'
Type: String
Cron:
Default: '0 0 */12 * ? *'
Description: 'Interval at which drift detector should scan stacks'
Type: String
ShowInSyncResources:
AllowedValues:
- 'true'
- 'false'
Default: 'false'
Description: 'Switch to display resources that have no drift (in sync)'
Type: String
ShowInSyncStacks:
AllowedValues:
- 'true'
- 'false'
Default: 'false'
Description: 'Switch to display stacks that have no drift (in sync)'
Type: String
StackRegex:
Default: '.*'
Description: 'Regex to define which stacks should scanned. This is using python style regex ("re" module). Example: to only monitor stacks with "prod" in their name, use ".*prod.*"'
Type: String
StackBatches:
Default: 10
Description: 'Number that indicates how many stacks should be send to sqs in one batch'
Type: Number
DriftDetectionMaxRetries:
Default: 5
Description: 'Number indicating how many retries to make after an unsuccessful drift detection'
Type: Number
Globals:
Function:
Timeout: 900
Metadata:
AWS::ServerlessRepo::Application:
Name: slack-drift-detector-notification
Description: 'Serverless stack which notifies you about drift detection on your Slack channel. You can specify which stacks should be checked, and at what interval.'
Author: pattern-match-team
SpdxLicenseId: Apache-2.0
LicenseUrl: docs/LICENCE
ReadmeUrl: docs/README.md
Labels: [ 'cloudformation', 'slack', 'drift' ]
HomePageUrl: https://driftdetector.com
SemanticVersion: 2.2.1
SourceCodeUrl: https://github.com/patternmatch/aws-drift-detector-slack
Resources:
DiscoverStacksFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: drift_detector/
Handler: discover_stacks.lambda_handler
Runtime: python3.7
Policies:
- SQSSendMessagePolicy:
QueueName:
Fn::GetAtt:
- DriftDetectionQueue
- QueueName
- Statement:
- Sid: DiscoverCloudFormationPolicy
Effect: Allow
Action:
- cloudformation:DescribeStacks
Resource: '*'
Environment:
Variables:
STACK_REGEX:
Ref: StackRegex
DRIFT_DETECTION_QUEUE:
Ref: DriftDetectionQueue
STACK_BATCHES:
Ref: StackBatches
Events:
RunOnSchedule:
Type: Schedule
Properties:
Schedule:
Fn::Sub: cron(${Cron})
DriftDetectorFunction:
Type: AWS::Serverless::Function
Properties:
CodeUri: drift_detector/
Handler: drift_detector.lambda_handler
Runtime: python3.7
Policies:
- ReadOnlyAccess
- SQSPollerPolicy:
QueueName:
Fn::GetAtt:
- DriftDetectionQueue
- QueueName
- LambdaInvokePolicy:
FunctionName:
Ref: SlackNotificationFuntion
Environment:
Variables:
SLACK_NOTIFICATION_FUNCTION:
Ref: SlackNotificationFuntion
DRIFT_DETECTION_MAX_RETRIES:
Ref: DriftDetectionMaxRetries
Events:
SQSEvent:
Type: SQS
Properties:
Queue:
Fn::GetAtt:
- DriftDetectionQueue
- Arn
BatchSize: 1
Enabled: true
SlackNotificationFuntion:
Type: AWS::Serverless::Function
Properties:
CodeUri: drift_detector/
Handler: slack_notification.lambda_handler
Runtime: python3.7
Environment:
Variables:
SLACK_WEBHOOK:
Ref: SlackWebhook
SHOW_IN_SYNC_RESOURCES:
Ref: ShowInSyncResources
SHOW_IN_SYNC_STACKS:
Ref: ShowInSyncStacks
DriftDetectionQueue:
Type: AWS::SQS::Queue
Properties:
QueueName: !Sub '${DriftDetectionQueueName}.fifo'
FifoQueue: true
VisibilityTimeout: 900
ContentBasedDeduplication: true