Add Feature, that detects invalid CloudWatch Dimension names

cloud-custodian / cloud-custodian

Rules engine for cloud security, cost optimization, and governance, DSL in yaml for policies to query, filter, and take actions on resources

https://cloudcustodian.io

Apache License 2.0

5.47k stars 1.49k forks source link

Add Feature, that detects invalid CloudWatch Dimension names #2190

Open portert89 opened 6 years ago

kapilt commented 6 years ago

invalid dimension names on what?

portert89 commented 6 years ago

Working on a Boto script that paginates through CloudWatch alarms in the state:"INSUFFICIENT_DATA", collects the dimension's name and value variables. Runs those against a dictionary list of valid dimension names which are then filtered out, outputting the alarm names of incorrectly configured alarms mainly for autoscaling groups, however can work on just about any type of alarm.

For Example: Name=AutoScalingGroup

instead of the correct

Name=AutoScalingGroupName

thisisshi commented 6 years ago

@portert89 you should be able to do this with value filters currently, though you will need to list out all the invalid dimension names yourself:

policies:
  - name: bad-alarms
    resource: alarm
    filters:
      - "StateValue": "INSUFFICIENT_DATA"
      - not:
        - or:
          - type: value
            key: Dimensions[].Name
            value: AutoScalingGroupName
            value_type: swap
            op: in
          - type: value
            key: Dimensions[].Name
            value: LoadBalancerName
            value_type: swap
            op: in
# other dimensions go under here