-
-
Save fernandohonig/cfdb5970586a3555860cb2df7a1a485c to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
{ | |
"AWSTemplateFormatVersion": "2010-09-09", | |
"Description": "Sets up a Lambda Role and SNS topics in order to monitor VPN Tunnels status", | |
"Metadata": { | |
"Version": "v0.1.0" | |
}, | |
"Parameters": { | |
"S3Bucket": { | |
"Description": "S3Bucket where to find the Scripts to run as Lambda Functions", | |
"Type": "String", | |
"Default": "s3bucket-lambda" | |
}, | |
"SNSTopic": { | |
"Description": "Name of the SNS Topic where to send the Alert", | |
"Type": "String", | |
"Default": "mysnstopic" | |
} | |
}, | |
"Resources": { | |
"CreateAlarm": { | |
"Type": "AWS::CloudWatch::Alarm", | |
"Properties": { | |
"AlarmDescription": "Alarm for VPN Tunnel DOWN", | |
"AlarmActions": [{ | |
"Fn::Join" : [":", | |
[ | |
"arn", | |
"aws", | |
"sns", | |
{ "Ref" : "AWS::Region" }, | |
{ "Ref": "AWS::AccountId" }, | |
{ "Ref": "SNSTopic" } | |
]] | |
}], | |
"MetricName": "Errors", | |
"Namespace": "AWS/Lambda", | |
"ComparisonOperator": "GreaterThanOrEqualToThreshold", | |
"EvaluationPeriods": "1", | |
"Period": "60", | |
"Statistic": "Sum", | |
"Threshold": "1", | |
"Dimensions": [{ | |
"Name": "FunctionName", | |
"Value": {"Ref": "VPNCheck"} | |
}] | |
} | |
}, | |
"VPNCheck": { | |
"Type": "AWS::Lambda::Function", | |
"Properties": { | |
"Code": { | |
"S3Bucket": {"Fn::Join" : ["-", | |
[ | |
{ "Ref" : "S3Bucket" }, | |
{ "Ref" : "AWS::Region" } | |
]] | |
}, | |
"S3Key": "vpnChecker.py.zip" | |
}, | |
"Description": "Checks VPN Tunnels", | |
"Handler": "vpnChecker.lambda_handler", | |
"MemorySize": 128, | |
"Role": { | |
"Fn::GetAtt": ["LambdaExecutionRole", | |
"Arn"] | |
}, | |
"Runtime": "python2.7", | |
"Timeout": "300" | |
} | |
}, | |
"LambdaExecutionRole": { | |
"Type": "AWS::IAM::Role", | |
"Properties": { | |
"AssumeRolePolicyDocument": { | |
"Version": "2012-10-17", | |
"Statement": [{ | |
"Effect": "Allow", | |
"Principal": { | |
"Service": ["lambda.amazonaws.com"] | |
}, | |
"Action": ["sts:AssumeRole"] | |
}] | |
}, | |
"Path": "/", | |
"Policies": [{ | |
"PolicyName": "lambda_role", | |
"PolicyDocument": { | |
"Version": "2012-10-17", | |
"Statement": [{ | |
"Effect": "Allow", | |
"Action": ["logs:CreateLogGroup", | |
"logs:CreateLogStream", | |
"logs:PutLogEvents"], | |
"Resource": "arn:aws:logs:*:*:*" | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": [ | |
"cloudformation:DescribeStacks", | |
"ec2:Describe*"], | |
"Resource": "*" | |
}, | |
{ | |
"Effect": "Allow", | |
"Action": ["SNS:Publish", | |
"SNS:ListTopics"], | |
"Resource": "arn:aws:sns:*" | |
}] | |
} | |
}] | |
} | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment