Infrastructure as Code (IaC) repository for creating CloudWatch alarms based on data from the GitHub audit log. This repository is self-service, therefore you can raise a PR if you would like to create an alarm.
If your team doesn't already have a topic in sns_topics.tf, create one by adding the following to sns_topics.tf:
module "my_team_topic" {
source = "./modules/sns_topic"
team = "my-team"
subscribers = ["[email protected]"]
}
To create a new alarm, create a new Terraform file in the root directory called my_team.tf, if it doesn't already exist. Create a new alarm by adding the following to my_team.tf:
module "my_alarm" {
source = "./modules/alarm"
sns_topic_arn = module.my_team_topic.sns_topic_arn
lambda_arn = aws_lambda_function.alarm_handler_lambda.arn
alarm_description = "Describe the purpose of your alarm."
metric_name = "MyMetric"
metric_filter_pattern = {
usernames_equal_to = ["myuser"]
events = ["workflows.cancel_workflow_run"]
}
}
| Parameter | Description | Required | Default |
|---|---|---|---|
| sns_topic_arn | SNS topic linked to the CloudWatch alarm | true | N/A |
| alarm_description | Purpose of alarm | true | N/A |
| metric_name | Name of CloudWatch metric to be collected | true | N/A |
| metric_filter_pattern | A map, representing the metric filter, used to create your CloudWatch metric:metric_filter_pattern = {All parameters are optional. usernames_not_equal_to will match all usernames that differ from those specified. events is a list of GitHub audit log events that you would like to match |
true | N/A |
| period | Period over which CloudWatch will aggregate results, in seconds | false | 60 |
| threshold | Alerting threshold | false | 0 |