foundation-region-logging.yaml
---

Logging & Alerting CloudFormation Deployment

This CloudFormation template will setup and deploy a logging and alerting framework for this account.

AWSTemplateFormatVersion: '2010-09-09' Description: "UITS Account Foundation: Region Specific Logging & Monitoring Capabilities"

Parameters

These are the input parameters for this template. All of these parameters must be supplied for this template to be deployed.

Parameters:

Notification Email Address

This address gets subscribed to the notification SNS topic that is created.

pNotifyEmail: Description: Notification email for security events Type: String Default: ''

Tags

The following tags are applied to all resources created by this template.

ServiceTag: Type: String Description: Exact name of the Service as defined in the service catalog. EnvironmentTag: Type: String Description: Used to distinguish between development, test, production,etc. environment types. AllowedValues: [dev, tst, prd, trn, stg, cfg, sup, rpt] Default: dev ContactNetidTag: Type: String Description: Used to identify the netid of the person most familiar with the usage of the resource. AccountNumberTag: Type: String Description: Identifies the financial system account number. SubAccountTag: Type: String Description: Identifies the financial system's sub account, which contains a name that identifies a collection of services. TicketNumberTag: Type: String Description: Used to identify the Jira, Cherwell, or other ticketing system ticket number to link to more information about the need for the resource.

Resources

Resources:

SNS Topic For Notifications

This creates an SNS topic which will receive notifications for the various alerts and triggers set up in this template. An initial email address (passed in via parameters above) is set as a subscriber.

rSecurityAlarmTopic: Type: AWS::SNS::Topic Properties: Subscription: - Endpoint: !Ref pNotifyEmail Protocol: email

SNS Topic For Lambda Alarm Triggering

This creates an SNS topic which will receive notifications for the various alerts and triggers set up in this template. The lambda-alarm-logs lambda function will then subscribe to this topic, enrich the alarms with log details, and publish a new message to the SNS rSecurityAlarmTopic

rSecurityLambdaTopic: Type: AWS::SNS::Topic

Outputs

Outputs: rSecurityAlarmTopic: Value: !Ref rSecurityAlarmTopic Export: Name: !Sub "${AWS::StackName}-alarm-topic" rSecurityLambdaTopic: Value: !Ref rSecurityLambdaTopic Export: Name: !Sub "${AWS::StackName}-lambda-topic"