Move the cloudwatch alarm to api-lambda errors and put the pattern ma…

…tching in jsonencode (#1019) * try * try * fix
cds-snc · Nov 9, 2023 · c65ae0c · c65ae0c
1 parent e4c3b29
commit c65ae0c
Show file tree

Hide file tree

Showing 4 changed files with 29 additions and 29 deletions.
diff --git a/aws/eks/cloudwatch_alarms.tf b/aws/eks/cloudwatch_alarms.tf
@@ -715,17 +715,3 @@ resource "aws_cloudwatch_metric_alarm" "documentation-evicted-pods" {
   ok_actions                = [var.sns_alert_warning_arn]
   insufficient_data_actions = [var.sns_alert_warning_arn]
 }
-
-resource "aws_cloudwatch_metric_alarm" "failed-login-count-5-minute-warning" {
-  alarm_name          = "failed-login-count-5-minute-warning"
-  alarm_description   = "One user had a failed login count of more than 10 times in 5 minutes"
-  comparison_operator = "GreaterThanOrEqualToThreshold"
-  evaluation_periods  = "5"
-  metric_name         = aws_cloudwatch_log_metric_filter.failed-login-count-more-than-10[0].name
-  namespace           = aws_cloudwatch_log_metric_filter.failed-login-count-more-than-10[0].metric_transformation[0].namespace
-  period              = 60
-  statistic           = "Sum"
-  threshold           = 1
-  treat_missing_data  = "notBreaching"
-  alarm_actions       = [var.sns_alert_warning_arn]
-}
diff --git a/aws/eks/cloudwatch_log.tf b/aws/eks/cloudwatch_log.tf
@@ -153,16 +153,3 @@ resource "aws_cloudwatch_log_metric_filter" "documentation-evicted-pods" {
     value     = "1"
   }
 }
-
-resource "aws_cloudwatch_log_metric_filter" "failed-login-count-more-than-10" {
-  count          = var.cloudwatch_enabled ? 1 : 0
-  name           = "failed-login-count-more-than-10"
-  pattern        = "\"Failed login: Incorrect password for\""
-  log_group_name = aws_cloudwatch_log_group.notification-canada-ca-eks-application-logs[0].name
-
-  metric_transformation {
-    name      = "failed-login-count"
-    namespace = "LogMetrics"
-    value     = "1"
-  }
-}
diff --git a/aws/lambda-api/cloudwatch_alarms.tf b/aws/lambda-api/cloudwatch_alarms.tf
@@ -63,4 +63,18 @@ module "lambda_no_log_detection" {
   time_period_minutes   = 10
   use_anomaly_detection = false
   billing_tag_value     = "notification-canada-ca-${var.env}"
-}
+}
+
+resource "aws_cloudwatch_metric_alarm" "failed-login-count-5-minute-warning" {
+  alarm_name          = "failed-login-count-5-minute-warning"
+  alarm_description   = "One user had a failed login count of more than 10 times in 5 minutes"
+  comparison_operator = "GreaterThanOrEqualToThreshold"
+  evaluation_periods  = "5"
+  metric_name         = aws_cloudwatch_log_metric_filter.failed-login-count-more-than-10[0].name
+  namespace           = aws_cloudwatch_log_metric_filter.failed-login-count-more-than-10[0].metric_transformation[0].namespace
+  period              = 60
+  statistic           = "Sum"
+  threshold           = 1
+  treat_missing_data  = "notBreaching"
+  alarm_actions       = [var.sns_alert_warning_arn]
+}
diff --git a/aws/lambda-api/cloudwatch_logs.tf b/aws/lambda-api/cloudwatch_logs.tf
@@ -80,4 +80,17 @@ resource "aws_cloudwatch_log_metric_filter" "errors-salesforce-api" {
     namespace = "LogMetrics"
     value     = "1"
   }
-}
+}
+
+resource "aws_cloudwatch_log_metric_filter" "failed-login-count-more-than-10" {
+  count          = var.cloudwatch_enabled ? 1 : 0
+  name           = "failed-login-count-more-than-10"
+  pattern        = jsonencode("Failed login: Incorrect password for")
+  log_group_name = aws_cloudwatch_log_group.api_lambda_log_group[0].name
+
+  metric_transformation {
+    name      = "failed-login-count"
+    namespace = "LogMetrics"
+    value     = "1"
+  }
+}