lib/cfnguardian/stacks/main.rb in cfn-guardian-0.6.13 vs lib/cfnguardian/stacks/main.rb in cfn-guardian-0.7.0

@@ -2,10 +2,11 @@
 
 module CfnGuardian
   module Stacks
     class Main
       include CfnDsl::CloudFormation
+      include Logging
       
       attr_reader :parameters, :template
       
       def initialize()
         @parameters = []
@@ -20,16 +21,14 @@
           parameter.Type 'String'
           parameter.Description "SNS topic ARN for #{name} notifications"
           parameter.Default sns
           parameters[name] = Ref(name)
         end
-        
-        maintenance_groups.each do |group|
-          topic = @template.SNS_Topic(group)
-          topic.TopicName group
-          topic.Tags([{ Key: 'Environment', Value: 'guardian' }])
-          parameters[group] = Ref(group)
+
+        if maintenance_groups.any?
+          add_lambda(CfnGuardian::Models::MaintenanceGroupCheck.new(maintenance_groups))
+          maintenance_groups.each {|group,config| add_maintenance_group(group,config,parameters)}
         end
         
         add_iam_role(ssm_parameters)
                 
         checks.each {|check| parameters["#{check.name}Function#{check.environment}"] = add_lambda(check)}
@@ -71,10 +70,21 @@
               Action: [ 'ec2:CreateNetworkInterface', 'ec2:DescribeNetworkInterfaces', 'ec2:DeleteNetworkInterface' ],
               Resource: '*'
             }]
           }
         }
+        policies << {
+          PolicyName: 'maintenance-group-actions',
+          PolicyDocument: {
+            Version: '2012-10-17',
+            Statement: [{
+              Effect: 'Allow',
+              Action: [ 'cloudwatch:DescribeAlarms', 'cloudwatch:DisableAlarmActions', 'cloudwatch:EnableAlarmActions', 'cloudwatch:SetAlarmState' ],
+              Resource: FnSub("arn:aws:cloudwatch:${AWS::Region}:${AWS::AccountId}:alarm:*")
+            }]
+          }
+        }
         if ssm_parameters.any?
           policies << {
             PolicyName: 'ssm-parameters',
             PolicyDocument: {
               Version: '2012-10-17',
@@ -163,9 +173,39 @@
               { Key: 'guardian:stack-id', Value: "stk#{stack_id}"}
             ])
           end
         end
       end
-      
+
+      def add_maintenance_group(group,config,parameters)
+        group_name = "#{group}MaintenanceGroup"
+        schedules = config.fetch('Schedules', {})
+        logging = config.dig('Schedules', 'Debug').to_s
+
+        topic = @template.SNS_Topic(group_name)
+        topic.TopicName group_name
+        topic.Tags([{ Key: 'Environment', Value: 'guardian' }])
+        parameters[group_name] = Ref(group_name)
+
+        if schedules.any?
+          event = @template.Events_Rule("#{group_name}EnableEvent")
+          event.Name "#{group_name}EnableEvent"
+          event.ScheduleExpression "cron(#{schedules['Enable']})"
+          event.Targets([{ 
+            Arn: FnGetAtt('MaintenanceGroupCheckFunction', 'Arn'), 
+            Id: "#{group_name}EnableTarget", 
+            Input: {action:"enable_alarms", maintenance_group: group_name, logging: logging}.to_json
+          }])
+
+          event = @template.Events_Rule("#{group_name}DisableEvent")
+          event.Name "#{group_name}DisableEvent"
+          event.ScheduleExpression "cron(#{schedules['Disable']})"            
+          event.Targets([{ 
+            Arn: FnGetAtt('MaintenanceGroupCheckFunction', 'Arn'), 
+            Id: "#{group_name}DisableTarget", 
+            Input: {action:"disable_alarms", maintenance_group: group_name, logging: logging}.to_json
+          }])
+        end
+      end
     end
   end
 end