An existing SNS topic can be used for metric alarms instead of always creating one
Queue retention periods are now configurable and the associated metric alarms will automatically adjust - alarms will trigger if the oldest message in the queue reaches 75% of the retention period
Existing S3 buckets and KMS keys can be listed in the BinaryAlert config to automatically grant permissions for scanning external resources
Set the TF_IN_AUTOMATION env variable to suppress some noisy Terraform output. In particular, the terraform init now only prints a single line instead of a whole paragraph
Testing
Deploy to a test account
Set metric_alarm_sns_topic_arn and redeploy
Set external_s3_bucket_resources and external_kms_key_resources and redeploy
Invoke the BinaryAlert analyzer directly with an encrypted object in an S3 bucket not owned by BinaryAlert
Set enable_negative_match_alerts = true and redeploy
Invoke analyzer directly again, verifying alerts are sent and not sent when expected
Coverage increased (+0.2%) to 92.353% when pulling 84705e6db87fe9d81e6e08b5af66a7434a014aaa on austin-alarm-config into 64807af6e6826d59ffc2549e0f2823e14c81f007 on master.
to: @chunyong-lin cc: @airbnb/binaryalert-maintainers size: medium
Background
A few additional configuration options and improved support for direct invocation and scanning external resources.
Changes
true/false
for all "boolean" Terraform values (instead of 0/1)safe_alert
to "negative" or "no-match" alert and consolidate some of the SNS logic (FYI @goochi1 )TF_IN_AUTOMATION
env variable to suppress some noisy Terraform output. In particular, theterraform init
now only prints a single line instead of a whole paragraphTesting
metric_alarm_sns_topic_arn
and redeployexternal_s3_bucket_resources
andexternal_kms_key_resources
and redeployenable_negative_match_alerts = true
and redeploy