added elastiche alarms to actions.py and added policy to exec role

alarm_creator/actions.py

@@ -8,6 +8,7 @@
 rds = boto3.client("rds")
 ec2client = boto3.client("ec2")
 ecsclient = boto3.client("ecs")
+elasticlient = boto3.client("elasticache")
 
 # Load json file containing the alarms
 with open('./alarms.json') as alarms_file:
@@ -24,6 +25,8 @@ def AWS_Alarms():
             instances = GetRunningDBInstances()
         elif service == "ECS":
             instances = GetRunningClusters()
+        elif service == "ElastiCache":
+            instances = GetRunningCacheClusters()
         for alarm in alarms[service]:
 
             # Query the namespaces in CloudWatch Metrics
@@ -109,17 +112,27 @@ def GetRunningClusters():
 
     return RunningClusterNames
 
+def GetRunningCacheClusters():
+    get_running_cacheclusters = elasticlient.describe_cache_clusters()
+    RunningCacheClusters = []
+    for cachecluster in get_running_cacheclusters["CacheClusters"]:
+        RunningCacheClusters.append(cachecluster['CacheClusterId'])
+
+    return RunningCacheClusters
+
 def DeleteAlarms():
     get_alarm_info = CWclient.describe_alarms()
     RunningInstances = GetRunningInstances()
     RunningRDSInstances = GetRunningDBInstances()
     RunningClusters = GetRunningClusters()
+    RunningCacheClusters = GetRunningCacheClusters()
 
     # collect alarm metrics and compare alarm metric instanceId with instance id's in array. if the state reason is breaching and instance does not exist delete alarm.
     for metricalarm in get_alarm_info["MetricAlarms"]:
         instance_id = list(filter(lambda x: x["Name"] == "InstanceId", metricalarm["Dimensions"]))
         rds_instance_name = list(filter(lambda x: x["Name"] == "DBInstanceIdentifier", metricalarm["Dimensions"]))
         cluster_name = list(filter(lambda x: x["Name"] == "ClusterName", metricalarm["Dimensions"]))
+        cache_cluster_name = list(filter(lambda x: x["Name"] == "CacheClusterId", metricalarm["Dimensions"]))
 
         if len(instance_id) == 1:
             if instance_id[0]["Value"] not in RunningInstances:
@@ -130,3 +143,6 @@ def DeleteAlarms():
         elif len(cluster_name) == 1:
             if cluster_name[0]["Value"] not in RunningClusters:
                 CWclient.delete_alarms(AlarmNames=[metricalarm["AlarmName"]])
+        elif len(cache_cluster_name) == 1:
+            if cache_cluster_name[0]["Value"] not in RunningCacheClusters:
+                CWclient.delete_alarms(AlarmNames=[metricalarm["AlarmName"]])

lambda_cw_alarm_creator_role.tf

@@ -14,6 +14,7 @@ module "iam_role_lambda_cw_alarm_creator" {
     "lambda_ec2_read_access" : jsondecode(data.aws_iam_policy_document.lambda_ec2_read_access.json)
     "lambda_rds_read_access" : jsondecode(data.aws_iam_policy_document.lambda_rds_read_access.json)
     "lambda_ecs_read_access" : jsondecode(data.aws_iam_policy_document.lambda_ecs_read_access.json)
+    "lambda_elasticache_read_access" : jsondecode(data.aws_iam_policy_document.lambda_elasticache_read_access.json)
   }
 
   trust_relationship = {
@@ -93,6 +94,16 @@ data "aws_iam_policy_document" "lambda_ecs_read_access" {
   }
 }
 
+data "aws_iam_policy_document" "lambda_elasticache_read_access" {
+  statement {
+    sid = "AllowLambdaElasticacheAccess"
+
+    actions = ["elasticache:Describe*"]
+
+    resources = ["*"]
+  }
+}
+
 # The Lambda role needs to access KMS key in order to access SNS topic.
 resource "aws_kms_grant" "give_lambda_role_access" {
   name              = "lambda-role-kms-grant-access"