# Copyright 2020 Amazon.com, Inc. or its affiliates. All Rights Reserved. # # Licensed under the Apache License, Version 2.0 (the "License"). # You may not use this file except in compliance with the License. # A copy of the License is located at # # http://www.apache.org/licenses/LICENSE-2.0 # # or in the "license" file accompanying this file. This file is distributed # on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either # express or implied. See the License for the specific language governing # permissions and limitations under the License. AWSTemplateFormatVersion: 2010-09-09 Description: >- 'Cloudformation template for CloudWatch Contributor Insights' Parameters: LogGroupName: Type: String Default: xxx Resources: ContributorInsightTop10TerminatingRules: Type: AWS::CloudWatch::InsightRule Properties: RuleBody: !Sub | { "AggregateOn": "Count", "Contribution": { "Filters": [], "Keys": [ "$.terminatingRuleId" ] }, "LogFormat": "JSON", "LogGroupNames": [ "${LogGroupName}" ], "Schema": { "Name": "CloudWatchLogRule", "Version": 1 } } RuleName: Top10TerminatingRules RuleState: ENABLED ContributorInsightTop10IPbyRateBasedRules: Type: AWS::CloudWatch::InsightRule Properties: RuleBody: !Sub | { "Schema": { "Name": "CloudWatchLogRule", "Version": 1 }, "AggregateOn": "Count", "Contribution": { "Filters": [ { "In": [ "RATE_BASED" ], "Match": "$.terminatingRuleType" } ], "Keys": [ "$.httpRequest.clientIp" ] }, "LogFormat": "JSON", "LogGroupNames": [ "${LogGroupName}" ] } RuleName: Top10IPsBlockedbyRateBasedRules RuleState: ENABLED ContributorInsightTop10IPURIforBlockedRequests: Type: AWS::CloudWatch::InsightRule Properties: RuleBody: !Sub | { "Schema": { "Name": "CloudWatchLogRule", "Version": 1 }, "AggregateOn": "Count", "Contribution": { "Filters": [ { "Match": "$.action", "In": [ "BLOCK" ] } ], "Keys": [ "$.httpRequest.clientIp", "$.httpRequest.uri" ] }, "LogFormat": "JSON", "LogGroupNames": [ "${LogGroupName}" ] } RuleName: Top10IPURIforBlockedRequests RuleState: ENABLED ContributorInsightTop10RulesWithonRuleGroup1: Type: AWS::CloudWatch::InsightRule Properties: RuleBody: !Sub | { "Schema": { "Name": "CloudWatchLogRule", "Version": 1 }, "AggregateOn": "Count", "Contribution": { "Filters": [], "Keys": [ "$.ruleGroupList[1].terminatingRule.ruleId", "$.ruleGroupList[1].terminatingRule.action" ] }, "LogFormat": "JSON", "LogGroupNames": [ "${LogGroupName}" ] } RuleName: Top10RulesWithonRuleGroup1 RuleState: ENABLED ContributorInsightTop10RulesWithonRuleGroup2: Type: AWS::CloudWatch::InsightRule Properties: RuleBody: !Sub | { "Schema": { "Name": "CloudWatchLogRule", "Version": 1 }, "AggregateOn": "Count", "Contribution": { "Filters": [], "Keys": [ "$.ruleGroupList[2].terminatingRule.ruleId", "$.ruleGroupList[2].terminatingRule.action" ] }, "LogFormat": "JSON", "LogGroupNames": [ "${LogGroupName}" ] } RuleName: Top10RulesWithonRuleGroup2 RuleState: ENABLED