From 0796b9eaff530cdfa7e72a85a1f21b4ff84f122e Mon Sep 17 00:00:00 2001 From: molly-moen Date: Tue, 23 May 2023 13:29:36 -0700 Subject: [PATCH 01/18] update limit and change alert description --- cicd/3-app/javabuilder/config/production-demo.config.json | 2 +- cicd/3-app/javabuilder/template.yml.erb | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cicd/3-app/javabuilder/config/production-demo.config.json b/cicd/3-app/javabuilder/config/production-demo.config.json index d37b21cf..e8671ffe 100644 --- a/cicd/3-app/javabuilder/config/production-demo.config.json +++ b/cicd/3-app/javabuilder/config/production-demo.config.json @@ -4,7 +4,7 @@ "SubdomainName": "javabuilder-demo", "BaseDomainNameHostedZonedID": "Z2LCOI49SCXUGU", "ProvisionedConcurrentExecutions": "1", - "ReservedConcurrentExecutions": "5", + "ReservedConcurrentExecutions": "50", "LimitPerHour": "-1", "LimitPerDay": "50", "SilenceAlerts": "false" diff --git a/cicd/3-app/javabuilder/template.yml.erb b/cicd/3-app/javabuilder/template.yml.erb index 3a54d82e..53830ab0 100644 --- a/cicd/3-app/javabuilder/template.yml.erb +++ b/cicd/3-app/javabuilder/template.yml.erb @@ -857,7 +857,7 @@ Resources: Properties: AlarmName: !Sub "${SubdomainName}_<%=name.downcase%>_high_concurrent_executions" AlarmDescription: !Sub | - Alarm if javabuilder usage exceeds 400 concurrent + Alarm if javabuilder usage exceeds 80% of the maximum concurrent executions for 10 minutes. Occasional spikes are expected, but long-running high usage is an indication of an attack. Page the student learning team for further investigation. See this doc for investigation steps From 635e9d31dcd5f982a976fc482722042d38fc0e6e Mon Sep 17 00:00:00 2001 From: molly-moen Date: Tue, 23 May 2023 13:58:48 -0700 Subject: [PATCH 02/18] try using version 2.7.5 --- .ruby-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ruby-version b/.ruby-version index 1f7da99d..a603bb50 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.7.7 +2.7.5 From d2ac1f8e760975fbb63e5e45be5decde2f5189f2 Mon Sep 17 00:00:00 2001 From: molly-moen Date: Tue, 23 May 2023 14:07:44 -0700 Subject: [PATCH 03/18] try using version 2.7.8 --- .ruby-version | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.ruby-version b/.ruby-version index a603bb50..6a81b4c8 100644 --- a/.ruby-version +++ b/.ruby-version @@ -1 +1 @@ -2.7.5 +2.7.8 From 5274aafa8882c961d5bdaac90e813bd29cdcda78 Mon Sep 17 00:00:00 2001 From: molly-moen Date: Tue, 23 May 2023 14:15:21 -0700 Subject: [PATCH 04/18] add dev config --- cicd/3-app/javabuilder/template.yml.erb | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/cicd/3-app/javabuilder/template.yml.erb b/cicd/3-app/javabuilder/template.yml.erb index 53830ab0..327b3394 100644 --- a/cicd/3-app/javabuilder/template.yml.erb +++ b/cicd/3-app/javabuilder/template.yml.erb @@ -480,6 +480,11 @@ Resources: - Id: ExpirationRule Status: Enabled ExpirationInDays: 1 + PublicAccessBlockConfiguration: + BlockPublicAcls: false + BlockPublicPolicy: false + IgnorePublicAcls: false + RestrictPublicBuckets: false ContentBucketPolicy: Type: AWS::S3::BucketPolicy From 1a8f5b10cd197458d3123aaaf3fbf8df422e9bca Mon Sep 17 00:00:00 2001 From: molly-moen Date: Tue, 23 May 2023 14:53:07 -0700 Subject: [PATCH 05/18] update alarm config --- cicd/3-app/javabuilder/template.yml.erb | 28 +++++++++++++++++-------- 1 file changed, 19 insertions(+), 9 deletions(-) diff --git a/cicd/3-app/javabuilder/template.yml.erb b/cicd/3-app/javabuilder/template.yml.erb index 327b3394..3dd3f783 100644 --- a/cicd/3-app/javabuilder/template.yml.erb +++ b/cicd/3-app/javabuilder/template.yml.erb @@ -63,6 +63,7 @@ Globals: Tracing: Active Conditions: IsDevCondition: !Equals [!Ref BaseDomainName, "dev-code.org"] + IsDemoCondition: !Equals [!Ref SubdomainName "javabuilder-demo"] SilenceAlertsCondition: !Or [Condition: IsDevCondition, !Equals [!Ref SilenceAlerts, "true"]] Resources: # Note: We can't update the name of a DomainName resource once it has been created because the @@ -869,19 +870,28 @@ Resources: https://docs.google.com/document/d/1bHvV6pvUcwxgZpw0YWBmxFggQL5KqYx9zwolwkZhjU8/edit#bookmark=id.xs1gcuxrw6ze ActionsEnabled: true AlarmActions: - - !If [SilenceAlertsCondition, !Ref AWS::NoValue, !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:CDO-Urgent"] + - !If [SilenceAlertsCondition, !Ref AWS::NoValue, !If[IsDemoCondition !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:javabuilder-demo-high-concurrency", !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:CDO-Urgent"]] EvaluationPeriods: 10 DatapointsToAlarm: 10 - Period: 60 - Threshold: 400 + Threshold: 80 ComparisonOperator: GreaterThanThreshold TreatMissingData: notBreaching - MetricName: ConcurrentExecutions - Namespace: AWS/Lambda - Statistic: Maximum - Dimensions: - - Name: FunctionName - Value: !Ref BuildAndRunJava<%=name%>ProjectFunction + Metrics: + - Id: e1 + Label: Percentage + ReturnData: true + Expression: 100*(m1/ !Ref ReservedConcurrentExecutions) + - Id: m1 + ReturnData: false + MetricStat: + Metric: + Namespace: AWS/Lambda + MetricName: ConcurrentExecutions + Dimensions: + - Name: FunctionName + Value: !Ref BuildAndRunJava<%=name%>ProjectFunction + Period: 60 + Stat: Maximum <%end -%> # We use shortened versions of names for partition keys (eg, user_id), From 2fce11888070416e8c759e144df06cb56a39ab30 Mon Sep 17 00:00:00 2001 From: molly-moen Date: Tue, 23 May 2023 15:04:41 -0700 Subject: [PATCH 06/18] add whitespace --- cicd/3-app/javabuilder/template.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cicd/3-app/javabuilder/template.yml.erb b/cicd/3-app/javabuilder/template.yml.erb index 3dd3f783..33894e82 100644 --- a/cicd/3-app/javabuilder/template.yml.erb +++ b/cicd/3-app/javabuilder/template.yml.erb @@ -870,7 +870,7 @@ Resources: https://docs.google.com/document/d/1bHvV6pvUcwxgZpw0YWBmxFggQL5KqYx9zwolwkZhjU8/edit#bookmark=id.xs1gcuxrw6ze ActionsEnabled: true AlarmActions: - - !If [SilenceAlertsCondition, !Ref AWS::NoValue, !If[IsDemoCondition !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:javabuilder-demo-high-concurrency", !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:CDO-Urgent"]] + - !If [SilenceAlertsCondition, !Ref AWS::NoValue, !If [IsDemoCondition !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:javabuilder-demo-high-concurrency", !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:CDO-Urgent"]] EvaluationPeriods: 10 DatapointsToAlarm: 10 Threshold: 80 From afbef7100609fa0c41091a86b6e221d90c453775 Mon Sep 17 00:00:00 2001 From: molly-moen Date: Tue, 23 May 2023 15:13:17 -0700 Subject: [PATCH 07/18] commas --- cicd/3-app/javabuilder/template.yml.erb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/cicd/3-app/javabuilder/template.yml.erb b/cicd/3-app/javabuilder/template.yml.erb index 33894e82..f1b333e3 100644 --- a/cicd/3-app/javabuilder/template.yml.erb +++ b/cicd/3-app/javabuilder/template.yml.erb @@ -63,7 +63,7 @@ Globals: Tracing: Active Conditions: IsDevCondition: !Equals [!Ref BaseDomainName, "dev-code.org"] - IsDemoCondition: !Equals [!Ref SubdomainName "javabuilder-demo"] + IsDemoCondition: !Equals [!Ref SubdomainName, "javabuilder-demo"] SilenceAlertsCondition: !Or [Condition: IsDevCondition, !Equals [!Ref SilenceAlerts, "true"]] Resources: # Note: We can't update the name of a DomainName resource once it has been created because the @@ -870,7 +870,7 @@ Resources: https://docs.google.com/document/d/1bHvV6pvUcwxgZpw0YWBmxFggQL5KqYx9zwolwkZhjU8/edit#bookmark=id.xs1gcuxrw6ze ActionsEnabled: true AlarmActions: - - !If [SilenceAlertsCondition, !Ref AWS::NoValue, !If [IsDemoCondition !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:javabuilder-demo-high-concurrency", !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:CDO-Urgent"]] + - !If [SilenceAlertsCondition, !Ref AWS::NoValue, !If [IsDemoCondition, !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:javabuilder-demo-high-concurrency", !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:CDO-Urgent"]] EvaluationPeriods: 10 DatapointsToAlarm: 10 Threshold: 80 From be0803bc54fec9bd4daf7d9cff424d08cef891bf Mon Sep 17 00:00:00 2001 From: molly-moen Date: Tue, 23 May 2023 15:27:21 -0700 Subject: [PATCH 08/18] try parens --- cicd/3-app/javabuilder/template.yml.erb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cicd/3-app/javabuilder/template.yml.erb b/cicd/3-app/javabuilder/template.yml.erb index f1b333e3..14006648 100644 --- a/cicd/3-app/javabuilder/template.yml.erb +++ b/cicd/3-app/javabuilder/template.yml.erb @@ -880,7 +880,7 @@ Resources: - Id: e1 Label: Percentage ReturnData: true - Expression: 100*(m1/ !Ref ReservedConcurrentExecutions) + Expression: 100*(m1/(!Ref ReservedConcurrentExecutions)) - Id: m1 ReturnData: false MetricStat: From 00f8514f84307d3a63d50bc392ffbec0b4803ae1 Mon Sep 17 00:00:00 2001 From: molly-moen Date: Tue, 23 May 2023 16:08:49 -0700 Subject: [PATCH 09/18] hard-code limits --- cicd/3-app/javabuilder/template.yml.erb | 26 ++++++++----------------- 1 file changed, 8 insertions(+), 18 deletions(-) diff --git a/cicd/3-app/javabuilder/template.yml.erb b/cicd/3-app/javabuilder/template.yml.erb index 14006648..14d0672c 100644 --- a/cicd/3-app/javabuilder/template.yml.erb +++ b/cicd/3-app/javabuilder/template.yml.erb @@ -863,7 +863,7 @@ Resources: Properties: AlarmName: !Sub "${SubdomainName}_<%=name.downcase%>_high_concurrent_executions" AlarmDescription: !Sub | - Alarm if javabuilder usage exceeds 80% of the maximum concurrent + Alarm if javabuilder usage exceeds !If [IsDemoCondition, 40, 400] concurrent executions for 10 minutes. Occasional spikes are expected, but long-running high usage is an indication of an attack. Page the student learning team for further investigation. See this doc for investigation steps @@ -873,25 +873,15 @@ Resources: - !If [SilenceAlertsCondition, !Ref AWS::NoValue, !If [IsDemoCondition, !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:javabuilder-demo-high-concurrency", !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:CDO-Urgent"]] EvaluationPeriods: 10 DatapointsToAlarm: 10 - Threshold: 80 + Threshold: !If [IsDemoCondition, 40, 400] ComparisonOperator: GreaterThanThreshold TreatMissingData: notBreaching - Metrics: - - Id: e1 - Label: Percentage - ReturnData: true - Expression: 100*(m1/(!Ref ReservedConcurrentExecutions)) - - Id: m1 - ReturnData: false - MetricStat: - Metric: - Namespace: AWS/Lambda - MetricName: ConcurrentExecutions - Dimensions: - - Name: FunctionName - Value: !Ref BuildAndRunJava<%=name%>ProjectFunction - Period: 60 - Stat: Maximum + MetricName: ConcurrentExecutions + Namespace: AWS/Lambda + Statistic: Maximum + Dimensions: + - Name: FunctionName + Value: !Ref BuildAndRunJava<%=name%>ProjectFunction <%end -%> # We use shortened versions of names for partition keys (eg, user_id), From 1a6153454921cf59800d126ebecd8ac519291e01 Mon Sep 17 00:00:00 2001 From: molly-moen Date: Tue, 23 May 2023 16:17:47 -0700 Subject: [PATCH 10/18] add period --- cicd/3-app/javabuilder/template.yml.erb | 1 + 1 file changed, 1 insertion(+) diff --git a/cicd/3-app/javabuilder/template.yml.erb b/cicd/3-app/javabuilder/template.yml.erb index 14d0672c..c10780cd 100644 --- a/cicd/3-app/javabuilder/template.yml.erb +++ b/cicd/3-app/javabuilder/template.yml.erb @@ -873,6 +873,7 @@ Resources: - !If [SilenceAlertsCondition, !Ref AWS::NoValue, !If [IsDemoCondition, !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:javabuilder-demo-high-concurrency", !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:CDO-Urgent"]] EvaluationPeriods: 10 DatapointsToAlarm: 10 + Period: 60 Threshold: !If [IsDemoCondition, 40, 400] ComparisonOperator: GreaterThanThreshold TreatMissingData: notBreaching From c02c2b48ba94e1524cf4f33aedaea215aaefe989 Mon Sep 17 00:00:00 2001 From: molly-moen Date: Tue, 23 May 2023 16:31:33 -0700 Subject: [PATCH 11/18] temporarily change config for testing --- cicd/3-app/javabuilder/template.yml.erb | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/cicd/3-app/javabuilder/template.yml.erb b/cicd/3-app/javabuilder/template.yml.erb index c10780cd..5abce345 100644 --- a/cicd/3-app/javabuilder/template.yml.erb +++ b/cicd/3-app/javabuilder/template.yml.erb @@ -63,8 +63,9 @@ Globals: Tracing: Active Conditions: IsDevCondition: !Equals [!Ref BaseDomainName, "dev-code.org"] - IsDemoCondition: !Equals [!Ref SubdomainName, "javabuilder-demo"] + IsDemoCondition: !Equals [!Ref SubdomainName, "javabuilder-dev-molly-demo-alarm"] SilenceAlertsCondition: !Or [Condition: IsDevCondition, !Equals [!Ref SilenceAlerts, "true"]] + SilenceAlertsConditionTest: !Equals [!Ref SubdomainName, "javabuilder-demo"] Resources: # Note: We can't update the name of a DomainName resource once it has been created because the # domain name itself has already been provisioned. When we change from javabuilderbeta to @@ -863,14 +864,14 @@ Resources: Properties: AlarmName: !Sub "${SubdomainName}_<%=name.downcase%>_high_concurrent_executions" AlarmDescription: !Sub | - Alarm if javabuilder usage exceeds !If [IsDemoCondition, 40, 400] concurrent - executions for 10 minutes. Occasional spikes are expected, but - long-running high usage is an indication of an attack. Page the student learning + Alarm if javabuilder usage has high concurrent executions for 10 minutes. + Occasional spikes are expected, but long-running high usage is an indication + of an attack. Page the student learning team for further investigation. See this doc for investigation steps https://docs.google.com/document/d/1bHvV6pvUcwxgZpw0YWBmxFggQL5KqYx9zwolwkZhjU8/edit#bookmark=id.xs1gcuxrw6ze ActionsEnabled: true AlarmActions: - - !If [SilenceAlertsCondition, !Ref AWS::NoValue, !If [IsDemoCondition, !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:javabuilder-demo-high-concurrency", !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:CDO-Urgent"]] + - !If [SilenceAlertsConditionTest, !Ref AWS::NoValue, !If [IsDemoCondition, !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:javabuilder-demo-high-concurrency", !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:CDO-Urgent"]] EvaluationPeriods: 10 DatapointsToAlarm: 10 Period: 60 From b831183dee4a31dc62f854030f61b457c6a66f6f Mon Sep 17 00:00:00 2001 From: molly-moen Date: Wed, 24 May 2023 09:03:47 -0700 Subject: [PATCH 12/18] change back to demo config --- cicd/3-app/javabuilder/template.yml.erb | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/cicd/3-app/javabuilder/template.yml.erb b/cicd/3-app/javabuilder/template.yml.erb index 5abce345..5da79ee9 100644 --- a/cicd/3-app/javabuilder/template.yml.erb +++ b/cicd/3-app/javabuilder/template.yml.erb @@ -63,9 +63,8 @@ Globals: Tracing: Active Conditions: IsDevCondition: !Equals [!Ref BaseDomainName, "dev-code.org"] - IsDemoCondition: !Equals [!Ref SubdomainName, "javabuilder-dev-molly-demo-alarm"] + IsDemoCondition: !Equals [!Ref SubdomainName, "javabuilder-demo"] SilenceAlertsCondition: !Or [Condition: IsDevCondition, !Equals [!Ref SilenceAlerts, "true"]] - SilenceAlertsConditionTest: !Equals [!Ref SubdomainName, "javabuilder-demo"] Resources: # Note: We can't update the name of a DomainName resource once it has been created because the # domain name itself has already been provisioned. When we change from javabuilderbeta to @@ -866,16 +865,17 @@ Resources: AlarmDescription: !Sub | Alarm if javabuilder usage has high concurrent executions for 10 minutes. Occasional spikes are expected, but long-running high usage is an indication - of an attack. Page the student learning - team for further investigation. See this doc for investigation steps + of an attack. If this is occuring on the demo environment, this is a non-urgent + issue as we expect occasional periods of high usage. If it is on production, + page the student learning team for further investigation. See this doc for investigation steps https://docs.google.com/document/d/1bHvV6pvUcwxgZpw0YWBmxFggQL5KqYx9zwolwkZhjU8/edit#bookmark=id.xs1gcuxrw6ze ActionsEnabled: true AlarmActions: - - !If [SilenceAlertsConditionTest, !Ref AWS::NoValue, !If [IsDemoCondition, !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:javabuilder-demo-high-concurrency", !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:CDO-Urgent"]] + - !If [SilenceAlertsCondition, !Ref AWS::NoValue, !If [IsDemoCondition, !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:javabuilder-demo-high-concurrency", !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:CDO-Urgent"]] EvaluationPeriods: 10 DatapointsToAlarm: 10 Period: 60 - Threshold: !If [IsDemoCondition, 40, 400] + Threshold: !If [IsDemoCondition, 45, 400] ComparisonOperator: GreaterThanThreshold TreatMissingData: notBreaching MetricName: ConcurrentExecutions From 8f27db7ae98191475b12dde43e17717a72668d0e Mon Sep 17 00:00:00 2001 From: molly-moen Date: Wed, 24 May 2023 09:17:49 -0700 Subject: [PATCH 13/18] increase provisioned executions --- cicd/3-app/javabuilder/config/production-demo.config.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cicd/3-app/javabuilder/config/production-demo.config.json b/cicd/3-app/javabuilder/config/production-demo.config.json index e8671ffe..8e4c80d7 100644 --- a/cicd/3-app/javabuilder/config/production-demo.config.json +++ b/cicd/3-app/javabuilder/config/production-demo.config.json @@ -3,7 +3,7 @@ "BaseDomainName": "code.org", "SubdomainName": "javabuilder-demo", "BaseDomainNameHostedZonedID": "Z2LCOI49SCXUGU", - "ProvisionedConcurrentExecutions": "1", + "ProvisionedConcurrentExecutions": "5", "ReservedConcurrentExecutions": "50", "LimitPerHour": "-1", "LimitPerDay": "50", From ecc280b50ea808c031e7ceea9fb81ce54fb8a846 Mon Sep 17 00:00:00 2001 From: molly-moen Date: Wed, 24 May 2023 09:35:22 -0700 Subject: [PATCH 14/18] remove dev config --- cicd/3-app/javabuilder/template.yml.erb | 5 ----- 1 file changed, 5 deletions(-) diff --git a/cicd/3-app/javabuilder/template.yml.erb b/cicd/3-app/javabuilder/template.yml.erb index 5da79ee9..56fc85ff 100644 --- a/cicd/3-app/javabuilder/template.yml.erb +++ b/cicd/3-app/javabuilder/template.yml.erb @@ -481,11 +481,6 @@ Resources: - Id: ExpirationRule Status: Enabled ExpirationInDays: 1 - PublicAccessBlockConfiguration: - BlockPublicAcls: false - BlockPublicPolicy: false - IgnorePublicAcls: false - RestrictPublicBuckets: false ContentBucketPolicy: Type: AWS::S3::BucketPolicy From d1f6bec779f0cbe41582047e75f0247bc596f6a8 Mon Sep 17 00:00:00 2001 From: molly-moen Date: Wed, 24 May 2023 11:00:47 -0700 Subject: [PATCH 15/18] switch to parameters --- cicd/3-app/javabuilder/config/dev.config.json | 4 +++- .../javabuilder/config/production-demo.config.json | 5 ++++- cicd/3-app/javabuilder/config/production.config.json | 4 +++- cicd/3-app/javabuilder/config/test.config.json | 4 +++- cicd/3-app/javabuilder/template.yml.erb | 12 ++++++++++-- 5 files changed, 23 insertions(+), 6 deletions(-) diff --git a/cicd/3-app/javabuilder/config/dev.config.json b/cicd/3-app/javabuilder/config/dev.config.json index 51b52d4b..2089c9b5 100644 --- a/cicd/3-app/javabuilder/config/dev.config.json +++ b/cicd/3-app/javabuilder/config/dev.config.json @@ -6,7 +6,9 @@ "ReservedConcurrentExecutions": "3", "LimitPerHour": "50", "LimitPerDay": "150", - "SilenceAlerts": "true" + "SilenceAlerts": "false", + "HighConcurrentExecutionsTopic": "javabuilder-low-urgency", + "HighConcurrentExecutionsAlarmThreshold": 40 }, "Tags" : { "EnvType" : "development" diff --git a/cicd/3-app/javabuilder/config/production-demo.config.json b/cicd/3-app/javabuilder/config/production-demo.config.json index 8e4c80d7..3379bb50 100644 --- a/cicd/3-app/javabuilder/config/production-demo.config.json +++ b/cicd/3-app/javabuilder/config/production-demo.config.json @@ -7,7 +7,10 @@ "ReservedConcurrentExecutions": "50", "LimitPerHour": "-1", "LimitPerDay": "50", - "SilenceAlerts": "false" + "SilenceAlerts": "false", + "HighConcurrentExecutionsTopic": "javabuilder-low-urgency", + "HighConcurrentExecutionsAlarmThreshold": 45 + }, "Tags": { "EnvType": "production" diff --git a/cicd/3-app/javabuilder/config/production.config.json b/cicd/3-app/javabuilder/config/production.config.json index 50bcfde5..73eb2e32 100644 --- a/cicd/3-app/javabuilder/config/production.config.json +++ b/cicd/3-app/javabuilder/config/production.config.json @@ -7,7 +7,9 @@ "LimitPerHour": "1000", "LimitPerDay": "-1", "SilenceAlerts": "false", - "TeacherLimitPerHour": "25000" + "TeacherLimitPerHour": "25000", + "HighConcurrentExecutionsTopic": "CDO-Urgent", + "HighConcurrentExecutionsAlarmThreshold": 400 }, "Tags" : { "EnvType" : "production" diff --git a/cicd/3-app/javabuilder/config/test.config.json b/cicd/3-app/javabuilder/config/test.config.json index 79055fa7..58964c8f 100644 --- a/cicd/3-app/javabuilder/config/test.config.json +++ b/cicd/3-app/javabuilder/config/test.config.json @@ -6,7 +6,9 @@ "ReservedConcurrentExecutions": "25", "LimitPerHour": "50", "LimitPerDay": "150", - "SilenceAlerts": "false" + "SilenceAlerts": "false", + "HighConcurrentExecutionsTopic": "javabuilder-low-urgency", + "HighConcurrentExecutionsAlarmThreshold": "20" }, "Tags" : { "EnvType" : "test" diff --git a/cicd/3-app/javabuilder/template.yml.erb b/cicd/3-app/javabuilder/template.yml.erb index 56fc85ff..a4603916 100644 --- a/cicd/3-app/javabuilder/template.yml.erb +++ b/cicd/3-app/javabuilder/template.yml.erb @@ -48,6 +48,14 @@ Parameters: AllowedValues: [true, false] Description: If alerts should be silenced on this instance Default: false + HighConcurrentExecutionsTopic: + Type: String + Description: The name of the SNS topic to publish to for a high concurrent executions alarm. + Default: CDO-Urgent + HighConcurrentExecutionsAlarmThreshold: + Type: Number + Description: The threshold for the high concurrent executions alarm. + Default: 400 <% JAVALAB_APP_TYPES = %w( Theater @@ -866,11 +874,11 @@ Resources: https://docs.google.com/document/d/1bHvV6pvUcwxgZpw0YWBmxFggQL5KqYx9zwolwkZhjU8/edit#bookmark=id.xs1gcuxrw6ze ActionsEnabled: true AlarmActions: - - !If [SilenceAlertsCondition, !Ref AWS::NoValue, !If [IsDemoCondition, !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:javabuilder-demo-high-concurrency", !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:CDO-Urgent"]] + - !If [SilenceAlertsCondition, !Ref AWS::NoValue, !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:{HighConcurrentExecutionsTopic}"]] EvaluationPeriods: 10 DatapointsToAlarm: 10 Period: 60 - Threshold: !If [IsDemoCondition, 45, 400] + Threshold: !Ref HighConcurrentExecutionsAlarmThreshold ComparisonOperator: GreaterThanThreshold TreatMissingData: notBreaching MetricName: ConcurrentExecutions From 90215f0844bf9e1a1590b1d5390b08c179dd5270 Mon Sep 17 00:00:00 2001 From: molly-moen Date: Wed, 24 May 2023 11:09:24 -0700 Subject: [PATCH 16/18] fix linting errors --- cicd/3-app/javabuilder/template.yml.erb | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/cicd/3-app/javabuilder/template.yml.erb b/cicd/3-app/javabuilder/template.yml.erb index a4603916..9cb765df 100644 --- a/cicd/3-app/javabuilder/template.yml.erb +++ b/cicd/3-app/javabuilder/template.yml.erb @@ -71,7 +71,6 @@ Globals: Tracing: Active Conditions: IsDevCondition: !Equals [!Ref BaseDomainName, "dev-code.org"] - IsDemoCondition: !Equals [!Ref SubdomainName, "javabuilder-demo"] SilenceAlertsCondition: !Or [Condition: IsDevCondition, !Equals [!Ref SilenceAlerts, "true"]] Resources: # Note: We can't update the name of a DomainName resource once it has been created because the @@ -874,7 +873,7 @@ Resources: https://docs.google.com/document/d/1bHvV6pvUcwxgZpw0YWBmxFggQL5KqYx9zwolwkZhjU8/edit#bookmark=id.xs1gcuxrw6ze ActionsEnabled: true AlarmActions: - - !If [SilenceAlertsCondition, !Ref AWS::NoValue, !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:{HighConcurrentExecutionsTopic}"]] + - !If [SilenceAlertsCondition, !Ref AWS::NoValue, !Sub "arn:aws:sns:${AWS::Region}:${AWS::AccountId}:${HighConcurrentExecutionsTopic}"] EvaluationPeriods: 10 DatapointsToAlarm: 10 Period: 60 From a51416449349538417533297afef6932e9fa6afa Mon Sep 17 00:00:00 2001 From: molly-moen Date: Wed, 24 May 2023 11:17:43 -0700 Subject: [PATCH 17/18] add quotes --- cicd/3-app/javabuilder/config/dev.config.json | 2 +- cicd/3-app/javabuilder/config/production-demo.config.json | 2 +- cicd/3-app/javabuilder/config/production.config.json | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/cicd/3-app/javabuilder/config/dev.config.json b/cicd/3-app/javabuilder/config/dev.config.json index 2089c9b5..54775e7e 100644 --- a/cicd/3-app/javabuilder/config/dev.config.json +++ b/cicd/3-app/javabuilder/config/dev.config.json @@ -8,7 +8,7 @@ "LimitPerDay": "150", "SilenceAlerts": "false", "HighConcurrentExecutionsTopic": "javabuilder-low-urgency", - "HighConcurrentExecutionsAlarmThreshold": 40 + "HighConcurrentExecutionsAlarmThreshold": "40" }, "Tags" : { "EnvType" : "development" diff --git a/cicd/3-app/javabuilder/config/production-demo.config.json b/cicd/3-app/javabuilder/config/production-demo.config.json index 3379bb50..c5f46bd6 100644 --- a/cicd/3-app/javabuilder/config/production-demo.config.json +++ b/cicd/3-app/javabuilder/config/production-demo.config.json @@ -9,7 +9,7 @@ "LimitPerDay": "50", "SilenceAlerts": "false", "HighConcurrentExecutionsTopic": "javabuilder-low-urgency", - "HighConcurrentExecutionsAlarmThreshold": 45 + "HighConcurrentExecutionsAlarmThreshold": "45" }, "Tags": { diff --git a/cicd/3-app/javabuilder/config/production.config.json b/cicd/3-app/javabuilder/config/production.config.json index 73eb2e32..dd723318 100644 --- a/cicd/3-app/javabuilder/config/production.config.json +++ b/cicd/3-app/javabuilder/config/production.config.json @@ -9,7 +9,7 @@ "SilenceAlerts": "false", "TeacherLimitPerHour": "25000", "HighConcurrentExecutionsTopic": "CDO-Urgent", - "HighConcurrentExecutionsAlarmThreshold": 400 + "HighConcurrentExecutionsAlarmThreshold": "400" }, "Tags" : { "EnvType" : "production" From a7be0d909361d1eabb01c09777f224a6d120a9fd Mon Sep 17 00:00:00 2001 From: molly-moen Date: Wed, 24 May 2023 11:30:52 -0700 Subject: [PATCH 18/18] revert dev config change --- cicd/3-app/javabuilder/config/dev.config.json | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/cicd/3-app/javabuilder/config/dev.config.json b/cicd/3-app/javabuilder/config/dev.config.json index 54775e7e..51b52d4b 100644 --- a/cicd/3-app/javabuilder/config/dev.config.json +++ b/cicd/3-app/javabuilder/config/dev.config.json @@ -6,9 +6,7 @@ "ReservedConcurrentExecutions": "3", "LimitPerHour": "50", "LimitPerDay": "150", - "SilenceAlerts": "false", - "HighConcurrentExecutionsTopic": "javabuilder-low-urgency", - "HighConcurrentExecutionsAlarmThreshold": "40" + "SilenceAlerts": "true" }, "Tags" : { "EnvType" : "development"