Prettify URLs

- Make log URLs more readable
- Mask URLs to avoid displaying long raw hyperlinks
- Format commands as inline code
- Fix AWS CloudWatch links

Author: DTLP

capacity-experiments/capacity-experiments.yaml.tmpl

@@ -11,31 +11,31 @@ groups:
           team: infra
         annotations:
           summary: "AZ {{ $labels.zone}} is running out of memory for pods"
-          dashboard: "https://grafana.$ENVIRONMENT.$PROVIDER.uw.systems/d/Mig_eDNVz/kubernetes-cluster-utilization"
+          dashboard: <https://grafana.$ENVIRONMENT.$PROVIDER.uw.systems/d/Mig_eDNVz/kubernetes-cluster-utilization"|link>
       - alert: AvailabilityZoneRunningOutOfMemory99for10m
         expr: avg(node_memory_working_set_bytes/on(node)(kube_node_status_capacity{resource="memory"} - on (node) node_eviction_threshold) * on(node) group_left(zone) kube_node_labels{role="worker"}) by (zone) > 0.99
         for: 10m
         labels:
           team: infra
         annotations:
           summary: "AZ {{ $labels.zone}} is running out of memory for pods"
-          dashboard: "https://grafana.$ENVIRONMENT.$PROVIDER.uw.systems/d/Mig_eDNVz/kubernetes-cluster-utilization"
+          dashboard: <https://grafana.$ENVIRONMENT.$PROVIDER.uw.systems/d/Mig_eDNVz/kubernetes-cluster-utilization|link>
       - alert: AvailabilityZoneRunningOutOfMemory95for1h
         expr: avg(node_memory_working_set_bytes/on(node)(kube_node_status_capacity{resource="memory"} - on (node) node_eviction_threshold) * on(node) group_left(zone) kube_node_labels{role="worker"}) by (zone) > 0.95
         for: 1h
         labels:
           team: infra
         annotations:
           summary: "AZ {{ $labels.zone}} is running out of memory for pods"
-          dashboard: "https://grafana.$ENVIRONMENT.$PROVIDER.uw.systems/d/Mig_eDNVz/kubernetes-cluster-utilization"
+          dashboard: <https://grafana.$ENVIRONMENT.$PROVIDER.uw.systems/d/Mig_eDNVz/kubernetes-cluster-utilization|link>
       - alert: AvailabilityZoneRunningOutOfMemory99for1h
         expr: avg(node_memory_working_set_bytes/on(node)(kube_node_status_capacity{resource="memory"} - on (node) node_eviction_threshold) * on(node) group_left(zone) kube_node_labels{role="worker"}) by (zone) > 0.99
         for: 1h
         labels:
           team: infra
         annotations:
           summary: "AZ {{ $labels.zone}} is running out of memory for pods"
-          dashboard: "https://grafana.$ENVIRONMENT.$PROVIDER.uw.systems/d/Mig_eDNVz/kubernetes-cluster-utilization"
+          dashboard: <https://grafana.$ENVIRONMENT.$PROVIDER.uw.systems/d/Mig_eDNVz/kubernetes-cluster-utilization|link>
       - alert: NodeUnderMemoryPressure
         expr: kube_node_status_condition{condition="MemoryPressure",status="true"} == 1
         for: 5m

cis-aws/cis-aws.yaml.tmpl

@@ -15,7 +15,7 @@ groups:
           summary: AWS console login without MFA detected
           action: |
             Identify the users in question from the Cloudtrail logs, disable their account and notify the user.
-          logs: https://eu-west-1.console.aws.amazon.com/cloudwatch/home?region=eu-west-1#logEventViewer:group=cloudtrail-multi-region;filter=%257B%2520(%2524.eventName%2520%253D%2520%2522ConsoleLogin%2522)%2520%2526%2526%2520(%2524.additionalEventData.MFAUsed%2521%253D%2520%2522Yes%2522)%2520%2526%2526%2520(%2524.responseElements.ConsoleLogin%2520%253D%2520%2522Success%2522)%2520%2526%2526%2520(%2524.userIdentity.type%2521%253D%2520%2522AssumedRole%2522)%257D;start=PT1H
+          logs: <https://eu-west-1.console.aws.amazon.com/cloudwatch/home?region=eu-west-1#logsV2:log-groups/log-group/cloudtrail-multi-region/log-events/$3Fstart$3D-3600000$26filterPattern$3D$257B+$2528$2524.eventName+$253D+$2522ConsoleLogin$2522$2529+$2526$2526+$2528$2524.additionalEventData.MFAUsed$2521$253D+$2522Yes$2522$2529+$2526$2526+$2528$2524.responseElements.ConsoleLogin+$253D+$2522Success$2522$2529+$2526$2526+$2528$2524.userIdentity.type$2521$253D+$2522AssumedRole$2522$2529$257D$26+$2528$2524.additionalEventData.MFAUsed$2521$3D+$2522Yes$2522$2529+$26+$2528$2524.responseElements.ConsoleLogin+$3D+$2522Success$2522$2529+$26+$2528$2524.userIdentity.type$2521$3D+$2522AssumedRole$2522$2529$257D|link>
       - alert: AWSRootUsage
         expr: cisbenchmark_root_usage_sum >= 1
         for: 1m
@@ -29,4 +29,4 @@ groups:
             Identify the activity in the Cloudtrail logs. Verify if the activity is legitimate. If not, change
             the root user password, MFA and any access keys immediately. Contact
             AWS support in the case of complete lock out.
-          logs: https://eu-west-1.console.aws.amazon.com/cloudwatch/home?region=eu-west-1#logEventViewer:group=cloudtrail-multi-region;filter=%257B%2520%2524.userIdentity.type%2520%253D%2520%2522Root%2522%2520%2526%2526%2520%2524.userIdentity.invokedBy%2520NOT%2520EXISTS%2520%2526%2526%2520%2524.eventType%2521%253D%2520%2522AwsServiceEvent%2522%2520%257D;start=PT1H
+          logs: <https://eu-west-1.console.aws.amazon.com/cloudwatch/home?region=eu-west-1#logsV2:log-groups/log-group/cloudtrail-multi-region/log-events/$3Fstart$3D-3600000$26filterPattern$3D$257B+$2524.userIdentity.type+$253D+$2522Root$2522+$2526$2526+$2524.userIdentity.invokedBy+NOT+EXISTS+$2526$2526+$2524.eventType$2521$253D+$2522AwsServiceEvent$2522+$257D$26+$2528$2524.additionalEventData.MFAUsed$2521$3D+$2522Yes$2522$2529+$26+$2528$2524.responseElements.ConsoleLogin+$3D+$2522Success$2522$2529+$26+$2528$2524.userIdentity.type$2521$3D+$2522AssumedRole$2522$2529$257D|link>