-
Notifications
You must be signed in to change notification settings - Fork 3
/
cloudwatch_ddos.tf
64 lines (54 loc) · 1.84 KB
/
cloudwatch_ddos.tf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
#
# DDoS: ALB, CloudFront and Route53
#
resource "aws_cloudwatch_metric_alarm" "alb_ddos" {
alarm_name = "ALBDDoS"
comparison_operator = "GreaterThanThreshold"
evaluation_periods = "1"
metric_name = "DDoSDetected"
namespace = "AWS/DDoSProtection"
period = "60"
statistic = "Sum"
threshold = "0"
treat_missing_data = "notBreaching"
alarm_description = "DDoS detection for ALB"
alarm_actions = [aws_sns_topic.alert_warning.arn]
ok_actions = [aws_sns_topic.alert_warning.arn]
dimensions = {
ResourceArn = var.alb_arn
}
}
resource "aws_cloudwatch_metric_alarm" "cloudfront_ddos" {
provider = aws.us-east-1
alarm_name = "CloudFrontDDoS"
comparison_operator = "GreaterThanThreshold"
evaluation_periods = "1"
metric_name = "DDoSDetected"
namespace = "AWS/DDoSProtection"
period = "60"
statistic = "Sum"
threshold = "0"
alarm_description = "DDoS detection for CloudFront"
alarm_actions = [aws_sns_topic.alert_warning_us_east.arn]
ok_actions = [aws_sns_topic.alert_warning_us_east.arn]
dimensions = {
ResourceArn = var.cloudfront_arn
}
}
resource "aws_cloudwatch_metric_alarm" "route53_ddos" {
provider = aws.us-east-1
alarm_name = "Route53DDoS"
comparison_operator = "GreaterThanThreshold"
evaluation_periods = "1"
metric_name = "DDoSDetected"
namespace = "AWS/DDoSProtection"
period = "60"
statistic = "Sum"
threshold = "0"
alarm_description = "DDoS detection for Route53"
alarm_actions = [aws_sns_topic.alert_warning_us_east.arn]
ok_actions = [aws_sns_topic.alert_warning_us_east.arn]
dimensions = {
ResourceArn = "arn:aws:route53:::hostedzone/${var.hosted_zone_id}"
}
}