chore: ignore HTTP 403 errors (#1481)

Update the CloudWatch error alarm so that requests that generate an HTTP 403 response do not trigger the alarm. This is being done because fuzzing attacks will often generate 403 responses for requests that include at least one of the error alarm's filter words.
cds-snc · Oct 12, 2023 · 4fe5d9b · 4fe5d9b
1 parent 49d5a0a
commit 4fe5d9b
Showing 1 changed file with 1 addition and 0 deletions.
diff --git a/infrastructure/terragrunt/aws/alarms/locals.tf b/infrastructure/terragrunt/aws/alarms/locals.tf
@@ -17,6 +17,7 @@ locals {
     "action=lostpassword&error",
     "database error",
     "GET /notification-gc-notify/wp-json/wp/v2/pages",
+    "HTTP/1.1\\\" 403",
     "HTTP/1.1\\\" 404",
   ]
   wordpress_database_errors = [