V0.2.0 (#1)

* add cloudwatch alarm cloudformation * add cloudwatch alarm terraform * fix CF alarm name and desc * Update README * allow cf deploy role to create metric alarms * fix CF alarm name and desc * setup variable for s3 backend location * reverse last commit * update architecture docs * give codebuild role access to create alarms * bucket name --------- Co-authored-by: Rob Sable <robsable@amazon.com>
robsable · Mar 18, 2024 · bd2e391 · bd2e391
1 parent 39dd6d9
commit bd2e391
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -15,16 +15,19 @@ Resources deployed include:
 
 ## Setup your GitHub.com repository
 
-1. Download the [latest release](https://github.com/robsable/aws-iac-pipeline/archive/refs/tags/v0.1.0.zip) of this project from GitHub.com and extract on your local drive.
+1. Download the [latest release](https://github.com/robsable/aws-iac-pipeline/archive/refs/tags/v0.2.0.zip) of this project from GitHub.com and extract it on your local drive.
+1. Go to the [S3 buckets](https://s3.console.aws.amazon.com/s3/buckets) list in the AWS Management Console.
+   - Create a new S3 Bucket that will be used to store the current Terraform state for your resources
+   - Or, note the name of an existing bucket to be used for this purpose
 1. Edit the `aws-iac-pipeline/terraform/providers.tf` file to set values for the S3 backend:
-   - **bucket** - the name of your S3 bucket
+   - **bucket** - the name of your S3 bucket from the previous step
    - **region** - the AWS Region you're working in
 1. Edit the `aws-iac-pipeline/terraform/variables.tf` file to set values for the following:
    - **aws_region** - the AWS Region you're working in
    - **app_name** - a unique name of your choice
    - **app_env** - the environment you're working in (`dev`, `test`, or `prod`)
 
-1. Create a new public or private GitHub repository using the contents of the `aws-iac-pipeline` directory.
+1. Create a new private GitHub repository using the contents of the `aws-iac-pipeline` directory.
 
 ## Connect AWS to GitHub.com
 

diff --git a/cloudformation/cf-resources.yml b/cloudformation/cf-resources.yml
@@ -61,3 +61,20 @@ Resources:
           Value: !Ref AWS::Region
         - Key: ManagedBy
           Value: "CloudFormation"
+
+  SQSAlarm:
+    Type: AWS::CloudWatch::Alarm
+    Properties:
+      AlarmName: SQS-Alarm-CF
+      AlarmDescription: NumberOfEmptyReceives alarm for CF SQS Queue
+      MetricName: NumberOfEmptyReceives
+      Namespace: AWS/SQS
+      Statistic: Sum
+      Period: '60'
+      EvaluationPeriods: '1'
+      Threshold: '10'
+      ComparisonOperator: GreaterThanThreshold
+      Dimensions:
+      - Name: QueueName
+        Value:
+          Ref: mainQueue
diff --git a/cloudformation/pipeline-setup.yml b/cloudformation/pipeline-setup.yml
@@ -93,6 +93,10 @@ Resources:
                 Resource: 
                   - !Sub 'arn:${AWS::Partition}:s3:::${BuildArtifactsBucket}'
                   - !Sub 'arn:${AWS::Partition}:s3:::${BuildArtifactsBucket}/*'
+              - Effect: Allow
+                Action: 
+                  - 'cloudwatch:*'
+                Resource: 'arn:aws:cloudwatch:*:*:alarm:*'
 
   CodePipelineServiceRole:
     Type: AWS::IAM::Role
@@ -237,3 +241,11 @@ Resources:
         - arn:aws:iam::aws:policy/AWSCloudFormationFullAccess
         - arn:aws:iam::aws:policy/AmazonS3FullAccess
         - arn:aws:iam::aws:policy/AmazonSQSFullAccess
+      Policies:
+        - PolicyName: !Sub 'CloudFormationDeployPolicy-${AppName}'
+          PolicyDocument:
+            Version: 2012-10-17
+            Statement:
+              - Effect: Allow
+                Action: 'cloudwatch:PutMetricAlarm'
+                Resource: 'arn:aws:cloudwatch:*:*:alarm:*'
diff --git a/docs/aws-cicd-arch.png b/docs/aws-cicd-arch.png
diff --git a/terraform/main.tf b/terraform/main.tf
@@ -30,3 +30,19 @@ resource "aws_sqs_queue_redrive_allow_policy" "my_redrive_allow_policy" {
     sourceQueueArns   = [aws_sqs_queue.main_queue.arn]
   })
 }
+
+### CloudWatch Alarm ###
+module "metric_alarm" {
+  source  = "terraform-aws-modules/cloudwatch/aws//modules/metric-alarm"
+  version = "~> 2.0"
+  alarm_name          = "SQS-Alarm-TF"
+  alarm_description   = "NumberOfEmptyReceives alarm for TF SQS Queue"
+  comparison_operator = "GreaterThanThreshold"
+  evaluation_periods  = 1
+  threshold           = 10
+  period              = 60
+  unit                = "Count"
+  namespace   = "AWS/SQS"
+  metric_name = "NumberOfEmptyReceives"
+  statistic   = "Sum"
+}