in workmail-stop-mail-storm/src/app.js [36:78]
async function createMissingAlarms(alarms, protectedRecipients) {
// find the protected addresses for which there is already an alarm
const protectedAddressesWithAlarm = alarms.MetricAlarms
.map(metricAlarm => metricAlarm.Dimensions[0].Value);
// remove those from all alarms. the remaining addresses are missing alarms
const protectedAddressesMissingAlarm = protectedRecipients
.filter(protectedAddress => !protectedAddressesWithAlarm.includes(protectedAddress));
// create the alarm for those
for (let protectedAddress of protectedAddressesMissingAlarm) {
// this will create an alarm that will fire if we receive in 3 different minutes more than THRESHOLD emails
// per minute, in a window of the last 5 minutes.
// see https://docs.aws.amazon.com/AmazonCloudWatch/latest/APIReference/API_PutMetricAlarm.html for detailed
// explanation of the parameters
const params = {
AlarmName: ALARM_PREFIX + protectedAddress,
ComparisonOperator: 'GreaterThanThreshold',
AlarmDescription: 'Mail storm in progress for group ' + protectedAddress,
Dimensions: [
{
Name: 'EmailAddress',
Value: protectedAddress
},
],
MetricName: 'EmailsReceived',
Namespace: 'WorkMail',
TreatMissingData: 'notBreaching',
// The parameters below control how sensitive the detection for mailstorm is.
DatapointsToAlarm: 3, // alarm if 3 of the last 5 datapoints are above threshold
EvaluationPeriods: 5,
Period: 60, // each data point for evaluation is a sum of emails received in the last 60 s.
Statistic: 'Sum',
// configure using the THRESHOLD lambda environment variable
Threshold: parseInt(process.env.THRESHOLD || DEFAULT_THRESHOLD),
};
console.log('Creating alarm for address ' + protectedAddress);
const alarm = await cloudwatch.putMetricAlarm(params).promise();
console.log(alarm);
}
}