This repository has been archived by the owner on Jan 12, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 7
/
example.properties
47 lines (41 loc) · 2.74 KB
/
example.properties
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
#
# Copyright (c) 2017 Nike Inc.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE_2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# Admin arn for executing admin endpoints from lambda
cerberus.lambda.admin_arn=[the admin arn made by ./cerberus-admin-iam-rol/admin-iam-role.yaml]
# General Cerberus config
cerberus.url=[The Cerberus base url]
cerberus.admin_principal_arn=[Arn for admin user or role for administrating KMS keys and allowing assumption of roles]
cerberus.primary_region=[The primary cerberus region]
cerberus.metric_topic_regions=[The regions in which to create an SNS topic to publish Cerberus Metrics/KPIs to]
cerberus.lambda_vpc_region=[The region you want the lambdas to run in]
cerberus.lambda_uploads_region_buckets=us-west-2:bucketname,us-east-1:bucketname
health_check.regions=[comma deliminated list of regions to deploy the health check lambda to]
cleanup.kms_expiration_period_in_days=[Clean up KMS keys that have been inactive for n days]
# Log processor properties
log_processor.region=[The region in which to deploy the log processor Lambda. Note: Deploy the Lambda in the same region as where the S3 logs are sent]
log_processor.violation_blacklist_duration_in_mins=[The number of minutes to blacklist an IP address for after it has violated the rate limit]
log_processor.request_per_interval_limit=[The number of requests per minute allowed per IP address]
log_processor.interval_in_mins=[The interval in minutes of requests per interval allowed per IP address]
log_processor.slack_web_hook_url=[The Slack HTTP endpoint to which the Lambda will post rate limit notifications. This property is nullable]
log_processor.slack_cerberus_icon=[URL of an icon image file to be used in Slack. This property is nullable]
log_processor.athena_query_result_bucket_name=[The name of Athena query result's S3 bucket]
## Environment specific
log_processor.alb_log_bucket=[The S3 bucket where ALB logs are stored for Cerberus]
log_processor.manual_blacklist_ip_set_id=[ID of the AWS WAF manual blacklist IP set]
log_processor.manual_whitelist_ip_set_id=[ID of the AWS WAF manual whitelist IP set]
log_processor.auto_blacklist_ip_set_id=[ID of the AWS WAF auto blacklist (greylist) IP set]
log_processor.athena_database_name=[The name of ALB log's Athena database]
log_processor.athena_table_name=[The name of ALB log's Athena table]