snemir2
commented
10 months ago https://github.com/awslabs/landing-zone-accelerator-on-aws/blob/1614a01824c5a43f97fadfb8ec0c3627a0f343dd/reference/sample-configurations/aws-best-practices-cccs-medium/config/security-config.yaml#L2129 <-- This is example i reference
{
"eventVersion": "1.08",
"userIdentity": {
"type": "AssumedRole",
"principalId": "AROAZQUXECJHPLP3U6GDM:snemir2@mail.no",
"arn": "arn:aws:sts::MaskedAccountID:assumed-role/AWSReservedSSO_AWSAdministratorAccess_6cb29b3b61ef9620/snemir2@mail.no",
"accountId": "MaskedAccountID",
"sessionContext": {
"sessionIssuer": {
"type": "Role",
"principalId": "AROAZQUXECJHPLP3U6GDM",
"arn": "arn:aws:iam::MaskedAccountID:role/aws-reserved/sso.amazonaws.com/us-east-2/AWSReservedSSO_AWSAdministratorAccess_6cb29b3b61ef9620",
"accountId": "MaskedAccountID",
"userName": "AWSReservedSSO_AWSAdministratorAccess_6cb29b3b61ef9620"
},
"webIdFederationData": {},
"attributes": {
"creationDate": "2023-09-10T23:49:31Z",
"mfaAuthenticated": "false"
}
},
"invokedBy": "cloudformation.amazonaws.com"
},
"eventTime": "2023-09-10T23:55:54Z",
"eventSource": "ec2.amazonaws.com",
"eventName": "RunInstances",
"awsRegion": "us-east-2",
"sourceIPAddress": "cloudformation.amazonaws.com",
"userAgent": "cloudformation.amazonaws.com",
"requestParameters": {
"instancesSet": {
"items": [
{
"minCount": 1,
"maxCount": 1
}
]
},
"blockDeviceMapping": {},
"monitoring": {
"enabled": false
},
"disableApiTermination": false,
"disableApiStop": false,
"clientToken": "hermi-HeadN-HL6FIV9ER0X2",
"ebsOptimized": false,
"tagSpecificationSet": {
"items": [
{
"resourceType": "instance",
"tags": [
{
"key": "parallelcluster:version",
"value": "3.5.1"
},
{
"key": "parallelcluster:cluster-name",
"value": "hermione2-dev"
},
{
"key": "parallelcluster:node-type",
"value": "HeadNode"
},
{
"key": "parallelcluster:attributes",
"value": "ubuntu2004, slurm, 3.5.1, x86_64"
},
{
"key": "parallelcluster:networking",
"value": "EFA=NONE"
},
{
"key": "Name",
"value": "HeadNode"
},
{
"key": "parallelcluster:filesystem",
"value": "efs=0, multiebs=1, raid=0, fsx=1"
}
]
}
]
},
"launchTemplate": {
"launchTemplateId": "lt-03e57cf7602462fc6",
"version": "1"
}
},
"responseElements": {
"requestId": "ad33f72e-f151-4088-8b2d-2b003c2345a1",
"reservationId": "r-0da2f98c668dcbe07",
"ownerId": "MaskedAccountID",
"groupSet": {},
"instancesSet": {
"items": [
{
"instanceId": "i-03d008bac7cfcc386",
"imageId": "ami-087e04c58b724968b",
"currentInstanceBootMode": "legacy-bios",
"instanceState": {
"code": 0,
"name": "pending"
},
"privateDnsName": "ip-10-2-45-204.us-east-2.compute.internal",
"keyName": "snemir2",
"amiLaunchIndex": 0,
"productCodes": {},
"instanceType": "t3.medium",
"launchTime": 1694390154000,
"placement": {
"availabilityZone": "us-east-2a",
"tenancy": "default"
},
"monitoring": {
"state": "disabled"
},
"subnetId": "subnet-00c65375744fb5ea5",
"vpcId": "vpc-0e63f61a0e841d41a",
"privateIpAddress": "10.2.45.204",
"stateReason": {
"code": "pending",
"message": "pending"
},
"architecture": "x86_64",
"rootDeviceType": "ebs",
"rootDeviceName": "/dev/sda1",
"blockDeviceMapping": {},
"virtualizationType": "hvm",
"hypervisor": "xen",
"tagSet": {
"items": [
{
"key": "Name",
"value": "HeadNode"
},
{
"key": "parallelcluster:attributes",
"value": "ubuntu2004, slurm, 3.5.1, x86_64"
},
{
"key": "parallelcluster:cluster-name",
"value": "hermione2-dev"
},
{
"key": "aws:ec2launchtemplate:version",
"value": "1"
},
{
"key": "parallelcluster:version",
"value": "3.5.1"
},
{
"key": "aws:ec2launchtemplate:id",
"value": "lt-03e57cf7602462fc6"
},
{
"key": "parallelcluster:filesystem",
"value": "efs=0, multiebs=1, raid=0, fsx=1"
},
{
"key": "parallelcluster:node-type",
"value": "HeadNode"
},
{
"key": "parallelcluster:networking",
"value": "EFA=NONE"
}
]
},
"clientToken": "hermi-HeadN-HL6FIV9ER0X2",
"groupSet": {
"items": [
{
"groupId": "sg-0e3cf05f5dc1a59da"
},
{
"groupId": "sg-0f76d20f2551f8cce"
}
]
},
"sourceDestCheck": false,
"networkInterfaceSet": {
"items": [
{
"networkInterfaceId": "eni-02c5e2763a9bc2381",
"subnetId": "subnet-00c65375744fb5ea5",
"vpcId": "vpc-0e63f61a0e841d41a",
"description": "AWS ParallelCluster head node interface",
"ownerId": "MaskedAccountID",
"status": "in-use",
"macAddress": "02:17:f5:ba:ec:69",
"privateIpAddress": "10.2.45.204",
"privateDnsName": "ip-10-2-45-204.us-east-2.compute.internal",
"sourceDestCheck": false,
"interfaceType": "interface",
"groupSet": {
"items": [
{
"groupId": "sg-0e3cf05f5dc1a59da"
},
{
"groupId": "sg-0f76d20f2551f8cce"
}
]
},
"attachment": {
"attachmentId": "eni-attach-0182e4a2e8ddca48c",
"deviceIndex": 0,
"networkCardIndex": 0,
"status": "attaching",
"attachTime": 1694390154000,
"deleteOnTermination": false
},
"privateIpAddressesSet": {
"item": [
{
"privateIpAddress": "10.2.45.204",
"privateDnsName": "ip-10-2-45-204.us-east-2.compute.internal",
"primary": true
}
]
},
"ipv6AddressesSet": {},
"tagSet": {}
}
]
},
"iamInstanceProfile": {
"arn": "arn:aws:iam::MaskedAccountID:instance-profile/parallelcluster/hermione2-dev/hermione2-dev-InstanceProfileHeadNode-HbUONjqIWb8g",
"id": "AIPAZQUXECJHHWMBWUSPN"
},
"ebsOptimized": false,
"enaSupport": true,
"cpuOptions": {
"coreCount": 1,
"threadsPerCore": 2
},
"capacityReservationSpecification": {
"capacityReservationPreference": "open"
},
"enclaveOptions": {
"enabled": false
},
"metadataOptions": {
"state": "pending",
"httpTokens": "optional",
"httpPutResponseHopLimit": 1,
"httpEndpoint": "enabled",
"httpProtocolIpv4": "enabled",
"httpProtocolIpv6": "disabled",
"instanceMetadataTags": "disabled"
},
"mailtenanceOptions": {
"autoRecovery": "default"
},
"privateDnsNameOptions": {
"hostnameType": "ip-name",
"enableResourceNameDnsARecord": false,
"enableResourceNameDnsAAAARecord": false
}
}
]
},
"requesterId": "043320173835"
},
"requestID": "ad33f72e-f151-4088-8b2d-2b003c2345a1",
"eventID": "39676331-096a-44e2-89ba-837c073da17a",
"readOnly": false,
"eventType": "AwsApiCall",
"managementEvent": true,
"recipientAccountId": "MaskedAccountID",
"eventCategory": "Management"
}
Describe the bug The included example alarm reports false positives. It supposed to alarm only for defined instance types -- instead, it seemingly alarms for ALL. instance types
To Reproduce Steps to reproduce the behavior.
Please complete the following information about the solution:
[ ] Version: [e.g. 1.4.2]
[ ] Region: us-east-2
[ ] Was the solution modified from the version published on this repository? Not in any meaningful way.
[ ] If the answer to the previous question was yes, are the changes available on GitHub?
[ ] Have you checked your service quotas for the sevices this solution uses?
[ ] Were there any errors in the CloudWatch Logs?
Screenshots If applicable, add screenshots to help explain your problem (please DO NOT include sensitive information).
Additional context