Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support Alert Processor in VPC, Various Bug Fixes #168

Merged
merged 5 commits into from
Jun 12, 2017

Conversation

jacknagz
Copy link
Contributor

@jacknagz jacknagz commented Jun 8, 2017

to: @austinbyers @ryandeivert
cc: @airbnb/streamalert-maintainers
size: medium

Background

The primary purpose of this PR is to support the Alert Processor running from within an AWS VPC (Virtual Private Cloud). The benefit of this change is that alerting logic will be able to reach into private services/resources behind a firewall or security groups in AWS cloud. An example of this is an alert with Phantom as an output, or any other orchestration trigger as a result of a StreamAlert.

Along the way, I identified other small bugs with the CLI that I have also fixed.

Changes

  • Modify the tf_stream_alert Terraform module to support running the Alert Processor from within a VPC.
  • Fix the stream_alert_cli.py terraform status command.
  • Added an option to stream_alert_cli.py terraform destroy to allow destruction of selective modules.
  • Fix the handler import path for the alert_processor

Usage

Important! To enable thealert_processor from within a VPC, you must first add the following to your cluster config:

Example:

# terraform/prod.tf

        "stream_alert_prod": {
             ...
            "alert_processor_vpc_subnet_ids": [
              "subnet-55566a3f"
            ],
            "alert_processor_vpc_security_group_ids": [
              "sg-e777f9ab"
            ],
            "alert_processor_vpc_enabled": true,
            ...
        }

You will have to destroy the existing alert processor, you can do it with the following command:

$ cd terraform
$ terraform destroy -target=module.stream_alert_<cluster-name>.aws_lambda_function.streamalert_alert_processor

Then, run:

$ python stream_alert_cli.py terraform build

Jack Naglieri and others added 5 commits June 7, 2017 17:43
* Add input variables for enabling/disabling the Lambda inside a VPC
* Accept SG and Subnet IDs as inputs

Note: I have to create duplicate resources because Terraform ternary cannot evaluate resources with count 0
Copy link
Contributor

@chunyong-lin chunyong-lin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Terraform code lgtm.

@jacknagz jacknagz merged commit 1eb811d into master Jun 12, 2017
@jacknagz jacknagz deleted the jacknaglieri-add-vpc-config-to-stream-alert branch June 12, 2017 17:27
@jacknagz jacknagz modified the milestone: 1.4.0 Jul 6, 2017
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants