2022-05-16 11:44:03 +01:00
|
|
|
from typing import Tuple
|
2022-05-08 17:20:04 +01:00
|
|
|
|
|
|
|
|
import boto3
|
2022-05-18 15:49:36 +01:00
|
|
|
from flask import current_app
|
2022-05-08 17:20:04 +01:00
|
|
|
|
|
|
|
|
from app import app
|
2022-05-18 15:49:36 +01:00
|
|
|
from app.alarms import get_or_create_alarm
|
2022-06-17 14:02:10 +01:00
|
|
|
from app.brm.brn import BRN
|
2022-05-08 17:20:04 +01:00
|
|
|
from app.extensions import db
|
2022-05-18 15:49:36 +01:00
|
|
|
from app.models.alarms import AlarmState
|
2024-12-06 18:02:59 +00:00
|
|
|
from app.models.mirrors import Proxy
|
2022-05-08 17:20:04 +01:00
|
|
|
from app.terraform import BaseAutomation
|
|
|
|
|
|
|
|
|
|
|
2022-05-18 15:49:36 +01:00
|
|
|
def _cloudfront_quota() -> None:
|
2022-06-22 16:34:18 +01:00
|
|
|
# It would be nice to learn this from the Service Quotas API, however
|
|
|
|
|
# at the time of writing this comment, the current value for this quota
|
|
|
|
|
# is not available from the API. It just doesn't return anything.
|
2024-12-06 18:15:47 +00:00
|
|
|
max_count = int(current_app.config.get("AWS_CLOUDFRONT_MAX_DISTRIBUTIONS", 200))
|
|
|
|
|
deployed_count = len(Proxy.query.filter(Proxy.destroyed.is_(None)).all())
|
2022-06-22 16:34:18 +01:00
|
|
|
message = f"{deployed_count} distributions deployed of {max_count} quota"
|
2022-05-18 15:49:36 +01:00
|
|
|
alarm = get_or_create_alarm(
|
2022-06-22 16:34:18 +01:00
|
|
|
BRN(
|
|
|
|
|
group_id=0,
|
|
|
|
|
product="mirror",
|
|
|
|
|
provider="cloudfront",
|
|
|
|
|
resource_type="quota",
|
2024-12-06 18:15:47 +00:00
|
|
|
resource_id="distributions",
|
2022-06-22 16:34:18 +01:00
|
|
|
),
|
2024-12-06 18:15:47 +00:00
|
|
|
"quota-usage",
|
2022-05-18 15:49:36 +01:00
|
|
|
)
|
2022-06-22 16:34:18 +01:00
|
|
|
if deployed_count > max_count * 0.9:
|
2022-05-18 15:49:36 +01:00
|
|
|
alarm.update_state(AlarmState.CRITICAL, message)
|
2022-06-22 16:34:18 +01:00
|
|
|
elif deployed_count > max_count * 0.75:
|
2022-05-18 15:49:36 +01:00
|
|
|
alarm.update_state(AlarmState.WARNING, message)
|
|
|
|
|
else:
|
|
|
|
|
alarm.update_state(AlarmState.OK, message)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
def _proxy_alarms() -> None:
|
2024-12-06 18:15:47 +00:00
|
|
|
cloudwatch = boto3.client(
|
|
|
|
|
"cloudwatch",
|
|
|
|
|
aws_access_key_id=app.config["AWS_ACCESS_KEY"],
|
|
|
|
|
aws_secret_access_key=app.config["AWS_SECRET_KEY"],
|
|
|
|
|
region_name="us-east-2",
|
|
|
|
|
)
|
|
|
|
|
dist_paginator = cloudwatch.get_paginator("describe_alarms")
|
2022-05-18 15:49:36 +01:00
|
|
|
page_iterator = dist_paginator.paginate(AlarmNamePrefix="bandwidth-out-high-")
|
|
|
|
|
for page in page_iterator:
|
2024-12-06 18:15:47 +00:00
|
|
|
for cw_alarm in page["MetricAlarms"]:
|
|
|
|
|
dist_id = cw_alarm["AlarmName"][len("bandwidth-out-high-") :]
|
2022-05-18 15:49:36 +01:00
|
|
|
proxy = Proxy.query.filter(Proxy.slug == dist_id).first()
|
|
|
|
|
if proxy is None:
|
|
|
|
|
print("Skipping unknown proxy " + dist_id)
|
|
|
|
|
continue
|
|
|
|
|
alarm = get_or_create_alarm(proxy.brn, "bandwidth-out-high")
|
2024-12-06 18:15:47 +00:00
|
|
|
if cw_alarm["StateValue"] == "OK":
|
2022-05-18 15:49:36 +01:00
|
|
|
alarm.update_state(AlarmState.OK, "CloudWatch alarm OK")
|
2024-12-06 18:15:47 +00:00
|
|
|
elif cw_alarm["StateValue"] == "ALARM":
|
2022-05-18 15:49:36 +01:00
|
|
|
alarm.update_state(AlarmState.CRITICAL, "CloudWatch alarm ALARM")
|
|
|
|
|
else:
|
2024-12-06 18:15:47 +00:00
|
|
|
alarm.update_state(
|
|
|
|
|
AlarmState.UNKNOWN, f"CloudWatch alarm {cw_alarm['StateValue']}"
|
|
|
|
|
)
|
2022-05-18 15:49:36 +01:00
|
|
|
|
|
|
|
|
|
2022-05-08 17:20:04 +01:00
|
|
|
class AlarmProxyCloudfrontAutomation(BaseAutomation):
|
|
|
|
|
short_name = "monitor_proxy_cloudfront"
|
|
|
|
|
description = "Import alarms for AWS CloudFront proxies"
|
|
|
|
|
|
2022-05-16 11:44:03 +01:00
|
|
|
def automate(self, full: bool = False) -> Tuple[bool, str]:
|
2022-05-18 15:49:36 +01:00
|
|
|
_proxy_alarms()
|
|
|
|
|
_cloudfront_quota()
|
2022-05-08 17:20:04 +01:00
|
|
|
db.session.commit()
|
2022-05-16 11:44:03 +01:00
|
|
|
return True, ""
|
