From 877ac0d5af5fa9fb2f19453385ad7714f4697079 Mon Sep 17 00:00:00 2001
From: Daniel Sotirhos <dsotirho@ucsc.edu>
Date: Thu, 8 Feb 2024 09:22:35 -0800
Subject: [PATCH] [u] Setup CloudWatch alarm for ClamAV notifications (#3895)

---
 UPGRADING.rst                               |  4 ++--
 terraform/shared/shared.tf.json.template.py | 26 +++++++++++++++++----
 2 files changed, 23 insertions(+), 7 deletions(-)

diff --git a/UPGRADING.rst b/UPGRADING.rst
index cead7a628a..4054ac1ccb 100644
--- a/UPGRADING.rst
+++ b/UPGRADING.rst
@@ -26,8 +26,8 @@ have too many entries in this file.
 Operator
 ~~~~~~~~
 
-Manually deploy the ``gitlab`` component of any main deployment just before
-pushing the merge commit to the GitLab instance in that deployment.
+Manually deploy the ``shared`` and ``gitlab`` components of any main deployment
+just before pushing the merge commit to the GitLab instance in that deployment.
 
 
 #5728 Many stale images in gitlab-dind and GitLab registry
diff --git a/terraform/shared/shared.tf.json.template.py b/terraform/shared/shared.tf.json.template.py
index 12109bdfbe..5dbcc41b81 100644
--- a/terraform/shared/shared.tf.json.template.py
+++ b/terraform/shared/shared.tf.json.template.py
@@ -524,6 +524,19 @@ def paren(s: str) -> str:
                     'value': 1,
                     'default_value': 0,
                 }
+            },
+            'clamscan': {
+                'name': config.qualified_resource_name('clamscan', suffix='.filter'),
+                # Patterns that include non-alphanumeric characters must be
+                # wrapped in double quotation marks ("")
+                'pattern': '"docker: clamscan"',
+                'log_group_name': '/aws/cwagent/azul-gitlab',
+                'metric_transformation': {
+                    'name': config.qualified_resource_name('clamscan'),
+                    'namespace': 'LogMetrics',
+                    'value': 1,
+                    'default_value': 0,
+                }
             }
         },
         'aws_cloudwatch_metric_alarm': {
@@ -546,8 +559,8 @@ def paren(s: str) -> str:
                 for a in cis_alarms
             },
             **{
-                'trail_logs': {
-                    'alarm_name': config.qualified_resource_name('trail_logs', suffix='.alarm'),
+                resource_name: {
+                    'alarm_name': config.qualified_resource_name(resource_name, suffix='.alarm'),
                     'comparison_operator': 'LessThanThreshold',
                     'threshold': 1,
                     'datapoints_to_alarm': 1,
@@ -570,14 +583,17 @@ def paren(s: str) -> str:
                         {
                             'id': 'log_count_raw',
                             'metric': {
-                                'metric_name': config.qualified_resource_name('trail_logs'),
+                                'metric_name': config.qualified_resource_name(resource_name),
                                 'namespace': 'LogMetrics',
-                                'period': 10 * 60,
+                                'period': period,
                                 'stat': 'Sum',
                             }
                         }
                     ]
-                }
+                } for resource_name, period in [
+                    ('trail_logs', 10 * 60),
+                    ('clamscan', 18 * 60 * 60)
+                ]
             }
         },
         'aws_iam_role': {