[checkmk-commits] aws_ec2_security_groups: New check which monitors AWS/EC2 security groups

Module: check_mk Branch: master Commit: 8c8d530347c112505ca33c747a71e74bbf2f2275 URL: http://git.mathias-kettner.de/git/?p=check_mk.git;a=commit;h=8c8d530347c112… Author: Simon Betz &lt;si(a)mathias-kettner.de&gt; Date: Fri Feb 1 15:00:29 2019 +0100 aws_ec2_security_groups: New check which monitors AWS/EC2 security groups Change-Id: I4587c6634086ec9dee164196b3b6ea675f4ba3ad --- agents/special/agent_aws | 31 +++++++++++++++++++++++ checkman/aws_ec2_security_groups | 16 ++++++++++++ checks/aws_ec2_security_groups | 54 ++++++++++++++++++++++++++++++++++++++++ 3 files changed, 101 insertions(+) diff --git a/agents/special/agent_aws b/agents/special/agent_aws index 0bc1ccf..a1fedff 100755 --- a/agents/special/agent_aws +++ b/agents/special/agent_aws @@ -442,6 +442,34 @@ class EC2Summary(AWSSectionGeneric): return [AWSSectionResult("", [computed_content.content])] +class EC2SecurityGroups(AWSSectionGeneric): + @property + def name(self): + return "ec2_security_groups" + + @property + def interval(self): + return 300 + + def _get_colleague_contents(self): + colleague = self._received_results.get('ec2_summary') + if colleague and colleague.content: + return AWSColleagueContents(colleague.content, colleague.cache_timestamp) + return AWSColleagueContents({}, 0) + + def _fetch_raw_content(self, colleague_contents): + return colleague_contents.content + + def _compute_content(self, raw_content, colleague_contents): + return AWSComputedContent(raw_content.content, raw_content.cache_timestamp) + + def _create_results(self, computed_content): + return [ + AWSSectionResult(piggyback_hostname, rows.get('SecurityGroups', [])) + for piggyback_hostname, rows in computed_content.content.iteritems() + ] + + class EC2(AWSSectionCloudwatch): @property def name(self): @@ -1179,12 +1207,14 @@ class AWSSectionsGeneric(AWSSections): #---sections-------------------------------------------------------- elb_health = ELBHealth(elb_client, hostname, region) + ec2_security_groups = EC2SecurityGroups(None, hostname, region) ec2 = EC2(cloudwatch_client, hostname, region) ebs = EBS(cloudwatch_client, hostname, region) elb = ELB(cloudwatch_client, hostname, region) s3 = S3(cloudwatch_client, hostname, region) #---register sections to distributors------------------------------- + ec2_summary_distributor.add(ec2_security_groups) ec2_summary_distributor.add(ec2) ec2_summary_distributor.add(ebs_summary) ec2_summary_distributor.add(ebs) @@ -1212,6 +1242,7 @@ class AWSSectionsGeneric(AWSSections): # |-- elb if 'ec2' in services: self._sections.append(ec2_summary) + self._sections.append(ec2_security_groups) self._sections.append(ec2) if 'ebs' in services: diff --git a/checkman/aws_ec2_security_groups b/checkman/aws_ec2_security_groups new file mode 100644 index 0000000..0c4f757 --- /dev/null +++ b/checkman/aws_ec2_security_groups @@ -0,0 +1,16 @@ +title: AWS EC2 Security Groups +agents: aws +catalog: cloud/aws +license: GPL +distribution: check_mk +description: + This check monitors the security groups attached to AWS EC2 + instances. + To make this check work you have to configure the related + special agent {Amazon Web Services (AWS)}. + + During discovery the security groups are remembered and if + one changes the check state will be CRIT. + +inventory: + One service is created. diff --git a/checks/aws_ec2_security_groups b/checks/aws_ec2_security_groups new file mode 100644 index 0000000..81d4519 --- /dev/null +++ b/checks/aws_ec2_security_groups @@ -0,0 +1,54 @@ +#!/usr/bin/python +# -*- encoding: utf-8; py-indent-offset: 4 -*- +# +------------------------------------------------------------------+ +# | ____ _ _ __ __ _ __ | +# | / ___| |__ ___ ___| | __ | \/ | |/ / | +# | | | | '_ \ / _ \/ __| |/ / | |\/| | ' / | +# | | |___| | | | __/ (__| < | | | | . \ | +# | \____|_| |_|\___|\___|_|\_\___|_| |_|_|\_\ | +# | | +# | Copyright Mathias Kettner 2018 mk(a)mathias-kettner.de | +# +------------------------------------------------------------------+ +# +# This file is part of Check_MK. +# The official homepage is at http://mathias-kettner.de/check_mk. +# +# check_mk is free software; you can redistribute it and/or modify it +# under the terms of the GNU General Public License as published by +# the Free Software Foundation in version 2. check_mk is distributed +# in the hope that it will be useful, but WITHOUT ANY WARRANTY; with- +# out even the implied warranty of MERCHANTABILITY or FITNESS FOR A +# PARTICULAR PURPOSE. See the GNU General Public License for more de- +# tails. You should have received a copy of the GNU General Public +# License along with GNU Make; see the file COPYING. If not, write +# to the Free Software Foundation, Inc., 51 Franklin St, Fifth Floor, +# Boston, MA 02110-1301 USA. + + +def inventory_aws_ec2_security_groups(parsed): + if parsed: + return [(None, "%r" % [group['GroupId'] for group in parsed])] + + +def check_aws_ec2_security_groups(item, params, parsed): + for group in parsed: + state = 0 + descr = group.get('Description') + if descr: + prefix = "[%s] " % descr + else: + prefix = "" + infotext = "%s%s: %s" % (prefix, group['GroupName'], group['GroupId']) + if group['GroupId'] not in params: + infotext += " (has changed)" + state = 2 + yield state, infotext + + +check_info['aws_ec2_security_groups'] = { + 'parse_function': parse_aws, + 'inventory_function': inventory_aws_ec2_security_groups, + 'check_function': check_aws_ec2_security_groups, + 'service_description': 'AWS/EC2 Security Groups', + 'includes': ['aws.include'], +}