From 1974783585ebd84a9cf7027dc4322a990d3b9dc0 Mon Sep 17 00:00:00 2001 From: Zachary Winnerman <98712682+zwinnerman-fleetdm@users.noreply.github.com> Date: Tue, 30 May 2023 20:10:14 -0400 Subject: [PATCH] Add AWS spending alerts (#12050) Closes https://github.com/fleetdm/confidential/issues/2700 # Checklist for submitter If some of the following don't apply, delete the relevant line. - [ ] Changes file added for user-visible changes in `changes/` or `orbit/changes/`. See [Changes files](https://fleetdm.com/docs/contributing/committing-changes#changes-files) for more information. - [ ] Documented any API changes (docs/Using-Fleet/REST-API.md or docs/Contributing/API-for-contributors.md) - [ ] Documented any permissions changes - [ ] Input data is properly validated, `SELECT *` is avoided, SQL injection is prevented (using placeholders for values in statements) - [ ] Added support on fleet's osquery simulator `cmd/osquery-perf` for new osquery data ingestion features. - [ ] Added/updated tests - [ ] Manual QA for all new/changed functionality - For Orbit and Fleet Desktop changes: - [ ] Manual QA must be performed in the three main OSs, macOS, Windows and Linux. - [ ] Auto-update manual QA, from released version of component to new version (see [tools/tuf/test](../tools/tuf/test/README.md)). --- .../infrastructure/spend_alerts/main.tf | 86 +++++++++++++++++++ 1 file changed, 86 insertions(+) create mode 100644 infrastructure/infrastructure/spend_alerts/main.tf diff --git a/infrastructure/infrastructure/spend_alerts/main.tf b/infrastructure/infrastructure/spend_alerts/main.tf new file mode 100644 index 0000000000..7a2f30deee --- /dev/null +++ b/infrastructure/infrastructure/spend_alerts/main.tf @@ -0,0 +1,86 @@ +terraform { + required_providers { + aws = { + source = "hashicorp/aws" + version = "~> 4.59.0" + } + } + backend "s3" { + bucket = "fleet-terraform-state20220408141538466600000002" + key = "root/spend-alerts/terraform.tfstate" # This should be set to account_alias/unique_key/terraform.tfstate + workspace_key_prefix = "root" # This should be set to the account alias + region = "us-east-2" + encrypt = true + kms_key_id = "9f98a443-ffd7-4dbe-a9c3-37df89b2e42a" + dynamodb_table = "tf-remote-state-lock" + role_arn = "arn:aws:iam::353365949058:role/terraform-root" + } +} + +provider "aws" { + default_tags { + tags = { + environment = "spend-alerts" + terraform = "https://github.com/fleetdm/fleet/tree/main/infrastructure/infrastructure/spend_alerts" + state = "s3://fleet-terraform-state20220408141538466600000002/root/spend-alerts/terraform.tfstate" + } + } +} + +variable "slack_webhook" { + type = string +} + +locals { + prefix = "aws-spend-alerts" +} + +module "notify_slack" { + source = "terraform-aws-modules/notify-slack/aws" + version = "5.5.0" + + sns_topic_name = local.prefix + + slack_webhook_url = var.slack_webhook + slack_channel = "#g-infra" + slack_username = "monitoring" +} + +output "slack_topic_arn" { + value = module.notify_slack.slack_topic_arn +} + +resource "aws_cloudwatch_metric_alarm" "total_charge" { + alarm_name = "total_charge" + alarm_description = "total estimated charge" + comparison_operator = "LessThanLowerOrGreaterThanUpperThreshold" + evaluation_periods = "1" + threshold_metric_id = "ad1" + alarm_actions = [module.notify_slack.slack_topic_arn] + ok_actions = [module.notify_slack.slack_topic_arn] + insufficient_data_actions = [] + + metric_query { + id = "m1" + period = 0 + return_data = true + + metric { + dimensions = { + "Currency" = "USD" + } + metric_name = "EstimatedCharges" + namespace = "AWS/Billing" + period = 86400 + stat = "Maximum" + } + } + + metric_query { + expression = "ANOMALY_DETECTION_BAND(m1, 2)" + id = "ad1" + label = "EstimatedCharges (expected)" + period = 0 + return_data = true + } +}