CfnGuardian

Documentation

CfnGuardian is a AWS monitoring tool with a few capabilities:

  • creates cloudwatch alarms through cloudformation based upon resources defined in a YAML config
  • alerting through SNS using 4 levels of severity [ Critical, Warning, Task, Informational ]
  • has a standard set of default alarms across many AWS resources
  • creates cloudwatch log metric filters with default alarms
  • creates specfic aws events with sns targets
  • creates custom metrics for external checks through lambda functions such as
    • http endpoint availability
    • http status code matching
    • http body regex matching
    • domain expiry
    • ssl expiry
    • sql query
    • nrpe
    • sftp availability
    • sftp file download
    • tls version checking

Supported AWS Resources

  • ACM Certificates
  • AmazonMq(RabbitMQ and ActiveMQ)
  • ApiGateway
  • Application Targetgroups
  • Network TargetGroups
  • AutoScalingGroups
  • CloudFront Distributions
  • DocumentDB Clusters
  • DynamoDB Tables
  • EC2 Instances
  • ECS Clusters
  • ECS Services
  • EFS
  • Classic LoadBalancers
  • Lambda Functions
  • RDS Clusters
  • RDS Instances
  • Redshift Cluster
  • SQS Queues
  • LogGroup Metric Filters
  • ElasticSearch