More configuration options and support direct invocation

[austinbyers]

to: @chunyong-lin cc: @airbnb/binaryalert-maintainers size: medium

Background

A few additional configuration options and improved support for direct invocation and scanning external resources.

Changes

• Use true/false for all "boolean" Terraform values (instead of 0/1)
• Rename safe_alert to "negative" or "no-match" alert and consolidate some of the SNS logic (FYI @goochi1 )
• Add support for direct invocation of the BinaryAlert analyzer with an extremely simple event:

{
    "BucketName": "bucket-name",
    "ObjectKeys": ["key1", "key2"]
}

• An existing SNS topic can be used for metric alarms instead of always creating one
• Queue retention periods are now configurable and the associated metric alarms will automatically adjust - alarms will trigger if the oldest message in the queue reaches 75% of the retention period
• Existing S3 buckets and KMS keys can be listed in the BinaryAlert config to automatically grant permissions for scanning external resources
• Set the TF_IN_AUTOMATION env variable to suppress some noisy Terraform output. In particular, the terraform init now only prints a single line instead of a whole paragraph

Testing

• Deploy to a test account
• Set metric_alarm_sns_topic_arn and redeploy
• Set external_s3_bucket_resources and external_kms_key_resources and redeploy
• Invoke the BinaryAlert analyzer directly with an encrypted object in an S3 bucket not owned by BinaryAlert
• Set enable_negative_match_alerts = true and redeploy
• Invoke analyzer directly again, verifying alerts are sent and not sent when expected
• Destroy

[coveralls]

Coverage increased (+0.2%) to 92.353% when pulling 84705e6db87fe9d81e6e08b5af66a7434a014aaa on austin-alarm-config into 64807af6e6826d59ffc2549e0f2823e14c81f007 on master.