feat: make up-to-date with current monitoring

src/ApiStage.ts

@@ -22,7 +22,7 @@ export class ApiStage extends Stage {
 
     const secretsStack = new SecretsStack(this, 'secrets-stack', {
       env: props.configuration.deployToEnvironment,
-      description: 'Secret for yivi-issue-server (including private key alarms)',
+      description: 'Secret for yivi-issue-server',
     });
 
     const dnsStack = new DnsStack(this, 'dns-stack', {

src/Configuration.ts

@@ -1,4 +1,5 @@
 import { Environment } from 'aws-cdk-lib';
+import { Criticality } from './Criticality';
 import { Statics } from './Statics';
 
 export interface Configurable {
@@ -64,6 +65,11 @@ export interface Configuration {
    */
   alpineLinuxVersion: string;
 
+  /**
+   * The base level of severity for this project.
+   */
+  criticality: Criticality;
+
 }
 
 export const configurations: { [key: string]: Configuration } = {
@@ -81,6 +87,7 @@ export const configurations: { [key: string]: Configuration } = {
     ],
     sessionEndpointIamUser: true,
     useSpotInstances: true,
+    criticality: new Criticality('medium'),
   },
   main: {
     branchName: 'main',
@@ -94,6 +101,7 @@ export const configurations: { [key: string]: Configuration } = {
       // This cannot be used currently (webapp does not offer support yet)
     ],
     sessionEndpointIamUser: true,
+    criticality: new Criticality('high'),
   },
 };
 

src/ContainerCluster.ts

@@ -329,6 +329,7 @@ export class ContainerClusterStack extends Stack {
         IRMA_TOKEN: ecs.Secret.fromSecretsManager(apiKey),
         IRMA_GEMEENTE_PRIVKEY: ecs.Secret.fromSecretsManager(privateKey),
       },
+      criticality: props.configuration.criticality,
       environment: {
         IRMA_GW_URL: this.hostedzone.zoneName, // protocol prefix is added in the container
       },

src/Criticality.ts

@@ -0,0 +1,42 @@
+export type CriticalityLevel = 'low' | 'medium' | 'high' | 'critical';
+
+export class Criticality {
+  private lvl: CriticalityLevel;
+  constructor(lvl: CriticalityLevel) {
+    this.lvl = lvl;
+  }
+
+  getAlarmSuffix() {
+    return `-${this.lvl}-lvl`;
+  }
+
+  toString() {
+    return this.lvl;
+  }
+
+  increase() {
+    if (this.lvl == 'low') {
+      return new Criticality('medium');
+    }
+    if (this.lvl == 'medium') {
+      return new Criticality('high');
+    }
+    if (this.lvl == 'high') {
+      return new Criticality('critical');
+    }
+    return this;
+  }
+
+  decrease() {
+    if (this.lvl == 'critical') {
+      return new Criticality('high');
+    }
+    if (this.lvl == 'high') {
+      return new Criticality('medium');
+    }
+    if (this.lvl == 'medium') {
+      return new Criticality('low');
+    }
+    return this;
+  }
+}

src/constructs/EcsFargateService.ts

@@ -1,3 +1,4 @@
+import { ErrorMonitoringAlarm } from '@gemeentenijmegen/aws-constructs';
 import {
   aws_logs as logs,
   aws_ecs as ecs,
@@ -7,6 +8,7 @@ import {
 } from 'aws-cdk-lib';
 import { SecurityGroup, SubnetType } from 'aws-cdk-lib/aws-ec2';
 import { Construct } from 'constructs';
+import { Criticality } from '../Criticality';
 import { Statics } from '../Statics';
 
 const ALARM_THRESHOLD = 70;
@@ -74,6 +76,10 @@ export interface EcsFargateServiceProps {
     mem: '512' | '1024'| '2048' | '4096';
   };
 
+  /**
+   * Provide a criticality for the service
+   */
+  criticality: Criticality;
 }
 
 /**
@@ -129,6 +135,11 @@ export class EcsFargateService extends Construct {
     const logGroup = new logs.LogGroup(this, `${props.serviceName}-logs`, {
       retention: logs.RetentionDays.ONE_MONTH,
     });
+
+    new ErrorMonitoringAlarm(this, 'error-monitoring', {
+      criticality: props.criticality.toString(),
+      logGroup: logGroup,
+    });
     return logGroup;
   }
 
@@ -251,7 +262,9 @@ export class EcsFargateService extends Construct {
    * @param props
    */
   private setupContainerMonitoring(props: EcsFargateServiceProps) {
+    const medium = new Criticality('medium');
     new cloudwatch.Alarm(this, `${props.serviceName}-cpu-util-alarm`, {
+      alarmName: `cpu-utilization-yivi-container${medium.getAlarmSuffix()}`,
       metric: this.service.metricCpuUtilization(),
       alarmDescription: `Alarm on CPU utilization for ${props.serviceName}`,
       threshold: ALARM_THRESHOLD,
@@ -261,6 +274,7 @@ export class EcsFargateService extends Construct {
     });
 
     new cloudwatch.Alarm(this, `${props.serviceName}-memory-util-alarm`, {
+      alarmName: `memory-utilization-yivi-container${medium.getAlarmSuffix()}`,
       metric: this.service.metricMemoryUtilization(),
       alarmDescription: `Alarm on memory utilization for ${props.serviceName}`,
       threshold: ALARM_THRESHOLD,

test/nag.test.ts

@@ -3,6 +3,7 @@ import { Annotations, Match } from 'aws-cdk-lib/assertions';
 import { SynthesisMessage } from 'aws-cdk-lib/cx-api';
 import { AwsSolutionsChecks } from 'cdk-nag';
 import { ApiStage } from '../src/ApiStage';
+import { Criticality } from '../src/Criticality';
 import { Statics } from '../src/Statics';
 
 const dummyEnv = {
@@ -26,6 +27,7 @@ test('ApiStage cdk-nag', () => {
       yiviVersionChecksum: 'weiweojgwoei23',
       yiviVersionNumber: 'v0.1.2',
       alpineLinuxVersion: 'v0.1.2',
+      criticality: new Criticality('high'),
     },
   });
 

test/security.test.ts

@@ -3,6 +3,7 @@ import { App } from 'aws-cdk-lib';
 import { Template } from 'aws-cdk-lib/assertions';
 import { ApiStage } from '../src/ApiStage';
 import { Configuration } from '../src/Configuration';
+import { Criticality } from '../src/Criticality';
 import { Statics } from '../src/Statics';
 
 const dummyEnv = {
@@ -20,6 +21,7 @@ const testConfiguration: Configuration = {
   yiviVersionChecksum: 'weugiwegweh',
   yiviVersionNumber: 'v0.1.13.0',
   alpineLinuxVersion: 'v0.1.13.0',
+  criticality: new Criticality('high'),
 };