feat: adding alarm that monitors %xx errors in IAM

infra/aws/index.ts

@@ -3,7 +3,7 @@ import * as aws from "@pulumi/aws";
 import * as op from "@1password/op-js";
 import * as cloudflare from "@pulumi/cloudflare";
 import { secretsManager, amplify } from "infra-libs";
-import {stack, defaultTags} from "../lib/tags";
+import { stack, defaultTags } from "../lib/tags";
 
 const current = aws.getCallerIdentity({});
 const regionData = aws.getRegion({});
@@ -40,8 +40,6 @@ const snsAlertsTopicArn = coreInfraStack.getOutput("snsAlertsTopicArn");
 const passportXyzDomainName = coreInfraStack.getOutput("passportXyzDomainName");
 const passportXyzHostedZoneId = coreInfraStack.getOutput("passportXyzHostedZoneId");
 
-
-
 const containerInsightsStatus = stack == "production" ? "enabled" : "disabled";
 
 // Manage secrets & envs for Passport XYZ
@@ -309,6 +307,30 @@ const albPassportXyzTargetGroup = new aws.lb.TargetGroup(`passport-xyz-iam`, {
   },
 });
 
+/*
+ * Alarm for monitoring target 5XX errors
+ */
+const httpsListenerAlbPrefix = albHttpsListenerArn.apply((arn) => arn.split(":").pop());
+const http5xxTargetAlarm = new aws.cloudwatch.MetricAlarm(`HTTP-Target-5XX-passport-xyz-iam`, {
+  tags: { ...defaultTags, Name: `HTTP-Target-5XX-passport-xyz-iam` },
+  name: `HTTP-Target-5XX-passport-xyz-iam`,
+  alarmActions: [snsAlertsTopicArn],
+  okActions: [snsAlertsTopicArn],
+
+  period: 60,
+  statistic: "Sum",
+
+  datapointsToAlarm: 3,
+  evaluationPeriods: 5,
+
+  metricName: "HTTPCode_Target_5XX_Count",
+  namespace: "AWS/ApplicationELB",
+
+  comparisonOperator: "GreaterThanThreshold",
+  threshold: 0,
+  treatMissingData: "notBreaching",
+});
+
 const albPassportXyzListenerRule = new aws.lb.ListenerRule(`passport-xyz-iam-https`, {
   listenerArn: albHttpsListenerArn,
   priority: 102, // This needs to be grater than the priority number for passport-scroll-badge-service
@@ -660,7 +682,7 @@ const ecsAutoScalingTargetXyz = new aws.appautoscaling.Target("autoscaling_targe
   tags: {
     ...defaultTags,
     Name: "autoscaling_target_xyz",
-  }
+  },
 });
 
 const ecsAutoScalingPolicyXyz = new aws.appautoscaling.Policy("passport-autoscaling-policy-xyz", {
@@ -793,7 +815,7 @@ const gitcoinEcsAutoScalingTarget = new aws.appautoscaling.Target("autoscaling_t
   tags: {
     ...defaultTags,
     Name: "autoscaling_target",
-  }
+  },
 });
 
 const gitcoinEcsAutoScalingPolicy = new aws.appautoscaling.Policy("passport-autoscaling-policy", {
@@ -852,7 +874,8 @@ const amplifyAppInfo = coreInfraStack.getOutput("newPassportDomain").apply((doma
     branchName: passportBranches[stack],
     environmentVariables: passportXyzAppEnvironment,
     tags: { ...defaultTags, Name: `${prefix}.${domainName}` },
-    buildCommand: "npm install --g [email protected] && lerna bootstrap && rm -rf ../node_modules/@tendermint && npm run build",
+    buildCommand:
+      "npm install --g [email protected] && lerna bootstrap && rm -rf ../node_modules/@tendermint && npm run build",
     preBuildCommand: "nvm use 20.9.0",
     artifactsBaseDirectory: "out",
     customRules: [

infra/yarn.lock

@@ -375,11 +375,11 @@
     resolve "^1.7.1"
 
 "@pulumi/aws@^6.45.0":
-  version "6.46.0"
-  resolved "https://registry.npmjs.org/@pulumi/aws/-/aws-6.46.0.tgz"
-  integrity sha512-6epHo9bOFXLe3dScog10vF+nmoyLSGrs+D5m7ZRtty5dUgDfaBfc31GO1EqoeBwDqxaat5BkgveuoDPECgcwDg==
+  version "6.59.1"
+  resolved "https://registry.yarnpkg.com/@pulumi/aws/-/aws-6.59.1.tgz#b9ad23a720011f32d75dd4f7a6dbb227132d601f"
+  integrity sha512-JuMgE61wO8n0HgOCsx8XKn2JqwPRbFcxHvfWgfyCmQ2KZeMBhlkiHBfEWG80mUtztGX3jj3DmKUw4hP5vLL82A==
   dependencies:
-    "@pulumi/pulumi" "^3.0.0"
+    "@pulumi/pulumi" "^3.136.0"
     builtin-modules "3.0.0"
     mime "^2.0.0"
     resolve "^1.7.1"
@@ -392,9 +392,9 @@
     "@pulumi/pulumi" "^3.0.0"
 
 "@pulumi/cloudflare@^5.38.0":
-  version "5.41.0"
-  resolved "https://registry.yarnpkg.com/@pulumi/cloudflare/-/cloudflare-5.41.0.tgz#47b81b97032d9578d9aef74a8270a9faa8e55e17"
-  integrity sha512-tquPVxxYZTiMgOmAPu2AIs1ndrf+GlztdWECScNzrllr5LUMHmbd2ZpifGQWh3GXqBwxPsWO1WoRIasLxKXJ/Q==
+  version "5.43.0"
+  resolved "https://registry.yarnpkg.com/@pulumi/cloudflare/-/cloudflare-5.43.0.tgz#9be154ab371eab21dc16bef9e2bdc0d1fc54a57b"
+  integrity sha512-PSiPqcMwePm6vRnAj5EMRyf3C5v+2SR5Ew+lH4P2HXZkZMi6D21EG4+hqNm5eXXaBR94jDssi7FN0QldZYDqXg==
   dependencies:
     "@pulumi/pulumi" "^3.136.0"
 
@@ -405,7 +405,7 @@
   dependencies:
     "@pulumi/pulumi" "^3.0.0"
 
-"@pulumi/pulumi@^3.0.0", "@pulumi/pulumi@^3.126.0":
+"@pulumi/pulumi@^3.0.0":
   version "3.126.0"
   resolved "https://registry.npmjs.org/@pulumi/pulumi/-/pulumi-3.126.0.tgz"
   integrity sha512-NPYGHeavLh8Y2quOcx0KLMAM0WWES5RoJ9iywp953iL7hSqv1W77/GjvYuhj5jdm2O9Ty2AjYs74zpfeYzkOoQ==
@@ -441,10 +441,10 @@
     tmp "^0.2.1"
     upath "^1.1.0"
 
-"@pulumi/pulumi@^3.136.0":
-  version "3.137.0"
-  resolved "https://registry.yarnpkg.com/@pulumi/pulumi/-/pulumi-3.137.0.tgz#670636d20eb85880854a49623947d6ea23099742"
-  integrity sha512-YgvcPKxuE3X1Yi93W2qZuM43nELT1FEvz7J5IK1hAJPo+v9m2oAh5Vag1lNDPjM0+y7WDfFe0ODI+2way3quRw==
+"@pulumi/pulumi@^3.126.0", "@pulumi/pulumi@^3.136.0":
+  version "3.139.0"
+  resolved "https://registry.yarnpkg.com/@pulumi/pulumi/-/pulumi-3.139.0.tgz#ae58d9a478b04e2fe1d74de8636ec29f1985ab07"
+  integrity sha512-0LJnkxoObZuMyu1zi5RJYwYoeYTHhH8aCl+vlhr3rAnGVAI3PqdwvwFpnycGFw2YSS2I1lOPiQIT5yGZD3RVZQ==
   dependencies:
     "@grpc/grpc-js" "^1.10.1"
     "@logdna/tail-file" "^2.0.6"